github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 01:27:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd3758af436fde36f2d7292567f1183a8712ebb9
DependencyCheck/dependency-check-core/src/test/resources/nvdcve-modified.xml
Jeremy Long 443ab02788 added local copies of the NVD CVE data to speed up some of the test cases 
Former-commit-id: 54a264872bf151034706f6ed52de3a99ed961b04
2014-05-03 11:02:23 -04:00

12297 lines
504 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<nvd xmlns="http://nvd.nist.gov/feeds/cve/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" nvd_xml_version="1.2" pub_date="2014-05-03" xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2 http://nvd.nist.gov/schema/nvdcve.xsd">
<entry type="CVE" severity="Low" seq="2001-1593" published="2014-04-05" name="CVE-2001-1593" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
<desc>
<descript source="cve">The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1060630" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1060630</ref>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385</ref>
<ref url="http://www.debian.org/security/2014/dsa-2892" source="DEBIAN">DSA-2892</ref>
<ref url="http://seclists.org/oss-sec/2014/q1/257" source="MLIST">[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use</ref>
<ref url="http://seclists.org/oss-sec/2014/q1/253" source="MLIST">[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use</ref>
<ref url="http://seclists.org/oss-sec/2014/q1/237" source="MLIST">[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use</ref>
<ref url="http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch" source="CONFIRM">http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch</ref>
</refs>
<vuln_soft>
<prod vendor="gnu" name="a2ps">
<vers num="4.10.3"/>
<vers num="4.10.4"/>
<vers num="4.12"/>
<vers num="4.13"/>
<vers num="4.13b"/>
<vers prev="1" num="4.14"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2010-5105" published="2014-04-27" name="CVE-2010-5105" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
<desc>
<descript source="cve">The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.</descript>
</desc>
<loss_types>
<avail/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://developer.blender.org/T22509" source="MISC">https://developer.blender.org/T22509</ref>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621" source="MISC">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621</ref>
<ref url="http://www.openwall.com/lists/oss-security/2012/09/07/13" source="MLIST">[oss-security] 20120907 Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)</ref>
<ref url="http://www.openwall.com/lists/oss-security/2012/09/06/3" source="MLIST">[oss-security] 20120906 CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)</ref>
</refs>
<vuln_soft>
<prod vendor="blender" name="blender">
<vers prev="1" num="2.63a"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2011-3152" published="2014-04-27" name="CVE-2011-3152" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
<desc>
<descript source="cve">DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548" source="CONFIRM">https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548</ref>
<ref url="http://xforce.iss.net/xforce/xfdb/71494" source="XF">ubuntu-update-gpg-sec-bypass(71494)</ref>
<ref url="http://www.ubuntu.com/usn/USN-1284-1" source="UBUNTU" adv="1">USN-1284-1</ref>
<ref url="http://www.securityfocus.com/bid/50833" source="BID">50833</ref>
<ref url="http://www.osvdb.org/77642" source="OSVDB">77642</ref>
<ref url="http://secunia.com/advisories/47024" source="SECUNIA">47024</ref>
</refs>
<vuln_soft>
<prod vendor="canonical" name="update-manager">
<vers num="1:0.134.7"/>
<vers num="1:0.142.19"/>
<vers num="1:0.150"/>
<vers num="1:0.152.25"/>
<vers prev="1" num="1:0.87.24"/>
</prod>
<prod vendor="canonical" name="ubuntu_linux">
<vers num="10.04" edition="-:lts"/>
<vers num="10.10"/>
<vers num="11.04"/>
<vers num="11.10"/>
<vers num="8.04" edition="-:lts"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2011-3602" published="2014-04-27" name="CVE-2011-3602" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
<desc>
<descript source="cve">Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.</descript>
</desc>
<loss_types>
<avail/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc" source="CONFIRM">https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc</ref>
<ref url="http://www.ubuntu.com/usn/USN-1257-1" source="UBUNTU" adv="1">USN-1257-1</ref>
<ref url="http://www.openwall.com/lists/oss-security/2011/10/06/3" source="MLIST">[oss-security] 20111007 radvd 1.8.2 released with security fixes</ref>
<ref url="http://www.litech.org/radvd/CHANGES" source="CONFIRM">http://www.litech.org/radvd/CHANGES</ref>
<ref url="http://www.debian.org/security/2011/dsa-2323" source="DEBIAN">DSA-2323</ref>
</refs>
<vuln_soft>
<prod vendor="litech" name="router_advertisement_daemon">
<vers prev="1" num="1.8.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2011-3603" published="2014-04-27" name="CVE-2011-3603" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
<desc>
<descript source="cve">The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.</descript>
<descript source="nvd">Per http://thread.gmane.org/gmane.comp.security.oss.general/5973/focus=6015, this vulnerablity is being assigned a CVSS base metric of AV:L/AC:M/Au:N/C:P/I:P/A:P = 4.4</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://access.redhat.com/security/cve/CVE-2011-3603" source="MISC">https://access.redhat.com/security/cve/CVE-2011-3603</ref>
<ref url="http://www.openwall.com/lists/oss-security/2011/10/06/3" source="MLIST">[oss-security] 20111007 radvd 1.8.2 released with security fixes</ref>
<ref url="http://www.litech.org/radvd/CHANGES" source="CONFIRM">http://www.litech.org/radvd/CHANGES</ref>
</refs>
<vuln_soft>
<prod vendor="litech" name="router_advertisement_daemon">
<vers prev="1" num="1.8.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2012-3415" reject="1" published="2014-04-27" name="CVE-2012-3415" modified="2014-04-27">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2401. Reason: This candidate is a duplicate of CVE-2012-2401. Notes: All CVE users should reference CVE-2012-2401 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" severity="Medium" seq="2012-4230" published="2014-04-25" name="CVE-2012-4230" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/82744" source="XF">tinymce-htmlentities-xss(82744)</ref>
<ref url="http://www.securityfocus.com/bid/58424" source="BID">58424</ref>
<ref url="http://www.madirish.net/554" source="MISC">http://www.madirish.net/554</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Mar/114" source="FULLDISC">20130311 XSS Vulnerability in TinyMCE</ref>
<ref url="http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html</ref>
<ref url="http://osvdb.org/91130" source="OSVDB">91130</ref>
</refs>
<vuln_soft>
<prod vendor="tinymce" name="tinymce">
<vers num="3.5.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2012-4410" reject="1" published="2014-04-26" name="CVE-2012-4410" modified="2014-04-26">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" severity="Medium" seq="2013-0296" published="2014-04-27" name="CVE-2013-0296" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
<desc>
<descript source="cve">Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/02/16/3" source="MLIST">[oss-security] 20130215 Re: CVE# request: pigz creates temp file with insecure permissions</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/02/15/4" source="MLIST">[oss-security] 20130215 CVE# request: pigz creates temp file with insecure permissions</ref>
<ref url="http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html" source="MLIST">[pigz-announce] 20120728 pigz version 2.2.5 released</ref>
<ref url="http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html" source="SUSE">openSUSE-SU-2013:0540</ref>
</refs>
<vuln_soft>
<prod vendor="zlib" name="pigz">
<vers prev="1" num="2.2.4-1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-1804" published="2014-04-29" name="CVE-2013-1804" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) "__BBCODE__" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.waraxe.us/advisory-97.html" source="MISC">http://www.waraxe.us/advisory-97.html</ref>
<ref url="http://www.php-fusion.co.uk/news.php?readmore=569" source="CONFIRM" adv="1">http://www.php-fusion.co.uk/news.php?readmore=569</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/03/03/2" source="MLIST">[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/03/03/1" source="MLIST">[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097</ref>
<ref url="http://secunia.com/advisories/52403" source="SECUNIA" adv="1">52403</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Feb/154" source="FULLDISC">20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05</ref>
<ref url="http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" source="MISC">http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html</ref>
<ref url="http://osvdb.org/90708" source="OSVDB">90708</ref>
<ref url="http://osvdb.org/90707" source="OSVDB">90707</ref>
</refs>
<vuln_soft>
<prod vendor="php-fusion" name="php-fusion">
<vers num="7.02.01"/>
<vers num="7.02.02"/>
<vers num="7.02.03"/>
<vers num="7.02.04"/>
<vers prev="1" num="7.02.05"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2013-1805" reject="1" published="2014-04-30" name="CVE-2013-1805" modified="2014-04-30">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1806. Reason: This issue was MERGED into CVE-2013-1806 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-1806 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" severity="Medium" seq="2013-1806" published="2014-04-30" name="CVE-2013-1806" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
<desc>
<descript source="cve">Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.php-fusion.co.uk/news.php?readmore=569" source="CONFIRM" patch="1" adv="1">http://www.php-fusion.co.uk/news.php?readmore=569</ref>
<ref url="http://www.waraxe.us/advisory-97.html" source="MISC">http://www.waraxe.us/advisory-97.html</ref>
<ref url="http://www.osvdb.org/90696" source="OSVDB">90696</ref>
<ref url="http://www.osvdb.org/90694" source="OSVDB">90694</ref>
<ref url="http://www.osvdb.org/90692" source="OSVDB">90692</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/03/03/2" source="MLIST">[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/03/03/1" source="MLIST">[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Feb/154" source="FULLDISC">20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05</ref>
<ref url="http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" source="MISC">http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html</ref>
</refs>
<vuln_soft>
<prod vendor="php-fusion" name="php-fusion">
<vers num="7.02.01"/>
<vers num="7.02.02"/>
<vers num="7.02.03"/>
<vers num="7.02.04"/>
<vers prev="1" num="7.02.05"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-1807" published="2014-04-30" name="CVE-2013-1807" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.php-fusion.co.uk/news.php?readmore=569" source="CONFIRM" patch="1" adv="1">http://www.php-fusion.co.uk/news.php?readmore=569</ref>
<ref url="http://www.waraxe.us/advisory-97.html" source="MISC">http://www.waraxe.us/advisory-97.html</ref>
<ref url="http://www.osvdb.org/90691" source="OSVDB">90691</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/03/03/2" source="MLIST">[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/03/03/1" source="MLIST">[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Feb/154" source="FULLDISC">20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05</ref>
<ref url="http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" source="MISC">http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html</ref>
</refs>
<vuln_soft>
<prod vendor="php-fusion" name="php-fusion">
<vers num="7.02.01"/>
<vers num="7.02.02"/>
<vers num="7.02.03"/>
<vers num="7.02.04"/>
<vers prev="1" num="7.02.05"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-2025" published="2014-04-25" name="CVE-2013-2025" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025" source="CONFIRM" patch="1" adv="1">https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025</ref>
<ref url="https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56" source="MISC" patch="1">https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56</ref>
<ref url="https://github.com/ushahidi/Ushahidi_Web/pull/1056" source="CONFIRM">https://github.com/ushahidi/Ushahidi_Web/pull/1056</ref>
<ref url="https://github.com/ushahidi/Ushahidi_Web/issues/1009" source="CONFIRM">https://github.com/ushahidi/Ushahidi_Web/issues/1009</ref>
<ref url="http://www.securityfocus.com/bid/59410" source="BID">59410</ref>
</refs>
<vuln_soft>
<prod vendor="ushahidi" name="ushahidi_platform">
<vers num="2.5"/>
<vers num="2.6"/>
<vers num="2.6.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-2073" published="2014-05-01" name="CVE-2013-2073" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.openwall.com/lists/oss-security/2013/05/22/14" source="MLIST" patch="1">[oss-security] 20130522 CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)</ref>
<ref url="http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-has-been-released" source="CONFIRM" patch="1">http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-has-been-released</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=952194" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=952194</ref>
</refs>
<vuln_soft>
<prod vendor="transifex" name="transifex">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers prev="1" num="0.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2013-3069" published="2014-04-25" name="CVE-2013-3069" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" source="MISC">http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf</ref>
<ref url="http://osvdb.org/92557" source="OSVDB">92557</ref>
</refs>
<vuln_soft>
<prod vendor="netgear" name="wndr4700">
<vers num="-"/>
</prod>
<prod vendor="netgear" name="wndr4700_firmware">
<vers num="1.0.0.34"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2013-4121" reject="1" published="2014-05-01" name="CVE-2013-4121" modified="2014-05-01">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was a site-specific issue. Notes: none.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" seq="2013-4145" reject="1" published="2014-04-27" name="CVE-2013-4145" modified="2014-04-27">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" severity="Low" seq="2013-4285" published="2014-04-28" name="CVE-2013-4285" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
<desc>
<descript source="cve">A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="http://security.gentoo.org/glsa/glsa-201402-12.xml" source="GENTOO">GLSA-201402-12</ref>
</refs>
<vuln_soft>
<prod vendor="dkorunic" name="pam_s/key">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-4336" published="2014-04-27" name="CVE-2013-4336" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in the admin page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag name.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://drupal.org/node/2076221" source="MISC" adv="1">https://drupal.org/node/2076221</ref>
<ref url="https://drupal.org/node/2075287" source="CONFIRM">https://drupal.org/node/2075287</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/09/11/9" source="MLIST">[oss-security] 20130911 Re: CVE request for Drupal contrib modules</ref>
</refs>
<vuln_soft>
<prod vendor="joachim_noreiko" name="flag_module">
<vers num="7.x-3.0" edition="beta1"/>
<vers num="7.x-3.0" edition="rc1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2013-4337" reject="1" published="2014-04-27" name="CVE-2013-4337" modified="2014-04-27">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5965. Reason: This candidate is a duplicate of CVE-2013-5965. Notes: All CVE users should reference CVE-2013-5965 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" severity="Medium" seq="2013-4565" published="2014-04-25" name="CVE-2013-4565" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
<desc>
<descript source="cve">Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279" source="MISC">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279</ref>
<ref url="http://xforce.iss.net/xforce/xfdb/88885" source="XF">ppthtml-cve20134565-bo(88885)</ref>
<ref url="http://seclists.org/oss-sec/2013/q4/279" source="MLIST">[oss-security] 20131113 Re: CVE request: ppthtml heap-based buffer overflow</ref>
</refs>
<vuln_soft>
<prod vendor="debian" name="ppthtml">
<vers prev="1" num="0.5.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-4722" published="2014-04-25" name="CVE-2013-4722" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" source="MISC">http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt</ref>
<ref url="http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html</ref>
<ref url="http://osvdb.org/96661" source="OSVDB">96661</ref>
</refs>
<vuln_soft>
<prod vendor="ddsn" name="cm3_acora_content_management_system">
<vers num="5.5.0/1b-p1"/>
<vers num="5.5.7/12b"/>
<vers num="6.0.2/1a"/>
<vers num="6.0.6/1a"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-4723" published="2014-04-25" name="CVE-2013-4723" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
<desc>
<descript source="cve">Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" source="MISC">http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt</ref>
<ref url="http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html</ref>
<ref url="http://osvdb.org/96662" source="OSVDB">96662</ref>
</refs>
<vuln_soft>
<prod vendor="ddsn" name="cm3_acora_content_management_system">
<vers num="5.5.0/1b-p1"/>
<vers num="5.5.7/12b"/>
<vers num="6.0.2/1a"/>
<vers num="6.0.6/1a"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-4726" published="2014-04-25" name="CVE-2013-4726" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
<desc>
<descript source="cve">Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" source="MISC">http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt</ref>
<ref url="http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html</ref>
<ref url="http://osvdb.org/96665" source="OSVDB">96665</ref>
</refs>
<vuln_soft>
<prod vendor="ddsn" name="cm3_acora_content_management_system">
<vers num="5.5.0/1b-p1"/>
<vers num="5.5.7/12b"/>
<vers num="6.0.2/1a"/>
<vers num="6.0.6/1a"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-5349" published="2014-01-08" name="CVE-2013-5349" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://support.google.com/picasa/answer/53209" source="CONFIRM" adv="1">https://support.google.com/picasa/answer/53209</ref>
<ref url="http://www.securitytracker.com/id/1029527" source="SECTRACK">1029527</ref>
<ref url="http://secunia.com/secunia_research/2013-14/" source="MISC" adv="1">http://secunia.com/secunia_research/2013-14/</ref>
<ref url="http://secunia.com/advisories/55555" source="SECUNIA" adv="1">55555</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="picasa">
<vers num="3.9.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-5357" published="2014-01-08" name="CVE-2013-5357" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://support.google.com/picasa/answer/53209" source="CONFIRM" adv="1">https://support.google.com/picasa/answer/53209</ref>
<ref url="http://www.securitytracker.com/id/1029527" source="SECTRACK">1029527</ref>
<ref url="http://secunia.com/secunia_research/2013-14/" source="MISC" adv="1">http://secunia.com/secunia_research/2013-14/</ref>
<ref url="http://secunia.com/advisories/55555" source="SECUNIA" adv="1">55555</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="picasa">
<vers num="3.9.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-5358" published="2014-01-08" name="CVE-2013-5358" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://support.google.com/picasa/answer/53209" source="CONFIRM" adv="1">https://support.google.com/picasa/answer/53209</ref>
<ref url="http://www.securitytracker.com/id/1029527" source="SECTRACK">1029527</ref>
<ref url="http://secunia.com/secunia_research/2013-14/" source="MISC" adv="1">http://secunia.com/secunia_research/2013-14/</ref>
<ref url="http://secunia.com/advisories/55555" source="SECUNIA" adv="1">55555</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="picasa">
<vers num="3.9.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-5359" published="2014-01-08" name="CVE-2013-5359" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://support.google.com/picasa/answer/53209" source="CONFIRM" adv="1">https://support.google.com/picasa/answer/53209</ref>
<ref url="http://www.securitytracker.com/id/1029527" source="SECTRACK">1029527</ref>
<ref url="http://secunia.com/secunia_research/2013-14/" source="MISC" adv="1">http://secunia.com/secunia_research/2013-14/</ref>
<ref url="http://secunia.com/advisories/55555" source="SECUNIA" adv="1">55555</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="picasa">
<vers num="3.9.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-5660" published="2014-04-25" name="CVE-2013-5660" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
<desc>
<descript source="cve">Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.securityfocus.com/bid/59626" source="BID">59626</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Sep/8" source="FULLDISC">20130902 list of vulnerabilities discovered by realpentesting</ref>
<ref url="http://realpentesting.blogspot.com.es/p/blog-page_3.html" source="MISC">http://realpentesting.blogspot.com.es/p/blog-page_3.html</ref>
<ref url="http://packetstormsecurity.com/files/121512/Winarchiver-3.2-Buffer-Overflow.html" source="MISC">http://packetstormsecurity.com/files/121512/Winarchiver-3.2-Buffer-Overflow.html</ref>
<ref url="http://osvdb.org/show/osvdb/92992" source="OSVDB">92992</ref>
<ref url="http://osvdb.org/ref/92/winarchiver-overflow.txt" source="MISC">http://osvdb.org/ref/92/winarchiver-overflow.txt</ref>
</refs>
<vuln_soft>
<prod vendor="powersoftware" name="winarchiver">
<vers num="3.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-5954" published="2014-04-25" name="CVE-2013-5954" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
<desc>
<descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/91889" source="XF">openx-cve20135954-csrf(91889)</ref>
<ref url="http://www.securityfocus.com/bid/66251" source="BID">66251</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Mar/270" source="FULLDISC">20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11</ref>
<ref url="http://packetstormsecurity.com/files/125735" source="MISC">http://packetstormsecurity.com/files/125735</ref>
</refs>
<vuln_soft>
<prod vendor="openx" name="openx">
<vers num="2.8"/>
<vers num="2.8.1"/>
<vers num="2.8.10"/>
<vers prev="1" num="2.8.11"/>
<vers num="2.8.2"/>
<vers num="2.8.3"/>
<vers num="2.8.4"/>
<vers num="2.8.5"/>
<vers num="2.8.6"/>
<vers num="2.8.7"/>
<vers num="2.8.8"/>
<vers num="2.8.9"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-5956" published="2014-04-25" name="CVE-2013-5956" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://seclists.org/fulldisclosure/2014/Mar/288" source="FULLDISC">20140315 Re: XSS Vulnerability in the Youtube Gallery 3.4.0 Component</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Mar/264" source="FULLDISC">20140315 XSS Vulnerability in the Youtube Gallery 3.4.0 Component</ref>
<ref url="http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html</ref>
</refs>
<vuln_soft>
<prod vendor="joomlaboat" name="com_youtubegallery">
<vers num="3.4.0" edition=":~~~joomla%21~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-6053" published="2014-04-27" name="CVE-2013-6053" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://code.google.com/p/openjpeg/issues/detail?id=297" source="CONFIRM">https://code.google.com/p/openjpeg/issues/detail?id=297</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1036493" source="MISC">https://bugzilla.redhat.com/show_bug.cgi?id=1036493</ref>
<ref url="http://www.securityfocus.com/bid/64121" source="BID">64121</ref>
<ref url="http://seclists.org/oss-sec/2013/q4/412" source="MLIST">[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg</ref>
<ref url="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS" source="CONFIRM" adv="1">http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</ref>
</refs>
<vuln_soft>
<prod vendor="openjpeg" name="openjpeg">
<vers num="1.5.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2013-6323" published="2014-05-01" name="CVE-2013-6323" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/88903" source="XF">ibm-was-cve20136323-xss(88903)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880" source="AIXAPAR">PI04880</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777" source="AIXAPAR">PI04777</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="websphere_application_server">
<vers num="7.0"/>
<vers num="7.0.0.1"/>
<vers num="7.0.0.10"/>
<vers num="7.0.0.11"/>
<vers num="7.0.0.12"/>
<vers num="7.0.0.13"/>
<vers num="7.0.0.14"/>
<vers num="7.0.0.15"/>
<vers num="7.0.0.16"/>
<vers num="7.0.0.17"/>
<vers num="7.0.0.18"/>
<vers num="7.0.0.19"/>
<vers num="7.0.0.2"/>
<vers num="7.0.0.21"/>
<vers num="7.0.0.22"/>
<vers num="7.0.0.23"/>
<vers num="7.0.0.24"/>
<vers num="7.0.0.25"/>
<vers num="7.0.0.27"/>
<vers num="7.0.0.29"/>
<vers num="7.0.0.3"/>
<vers num="7.0.0.31"/>
<vers num="7.0.0.4"/>
<vers num="7.0.0.5"/>
<vers num="7.0.0.6"/>
<vers num="7.0.0.7"/>
<vers num="7.0.0.8"/>
<vers num="7.0.0.9"/>
<vers num="8.0.0.0"/>
<vers num="8.0.0.1"/>
<vers num="8.0.0.2"/>
<vers num="8.0.0.3"/>
<vers num="8.0.0.4"/>
<vers num="8.0.0.5"/>
<vers num="8.0.0.6"/>
<vers num="8.0.0.7"/>
<vers num="8.0.0.8"/>
<vers num="8.5.0.0"/>
<vers num="8.5.0.1"/>
<vers num="8.5.0.2"/>
<vers num="8.5.5.0"/>
<vers num="8.5.5.1"/>
</prod>
<prod vendor="ibm" name="websphere_virtual_enterprise">
<vers num="7.0"/>
<vers num="7.0.0.1"/>
<vers num="7.0.0.2"/>
<vers num="7.0.0.3"/>
<vers num="7.0.0.4"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-6445" published="2014-04-30" name="CVE-2013-6445" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.securitytracker.com/id/1030158" source="SECTRACK">1030158</ref>
<ref url="http://rhn.redhat.com/errata/RHSA-2014-0441.html" source="REDHAT" adv="1">RHSA-2014:0441</ref>
<ref url="http://rhn.redhat.com/errata/RHSA-2014-0440.html" source="REDHAT">RHSA-2014:0440</ref>
</refs>
<vuln_soft>
<prod vendor="redhat" name="enterprise_mrg">
<vers num="2.5"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-6887" published="2014-04-27" name="CVE-2013-6887" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
<desc>
<descript source="cve">OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://secunia.com/advisories/57285" source="SECUNIA" adv="1">57285</ref>
<ref url="http://seclists.org/oss-sec/2013/q4/412" source="MLIST">[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg</ref>
<ref url="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS" source="CONFIRM" adv="1">http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</ref>
</refs>
<vuln_soft>
<prod vendor="openjpeg" name="openjpeg">
<vers num="1.5.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-6990" published="2014-04-30" name="CVE-2013-6990" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
<desc>
<descript source="cve">FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
<sec_prot admin="1"/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.fortiguard.com/advisory/FG-IR-13-016/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-016/</ref>
</refs>
<vuln_soft>
<prod vendor="fortinet" name="fortiauthenticator">
<vers prev="1" num="2.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2013-7060" published="2014-05-02" name="CVE-2013-7060" modified="2014-05-02">
<desc>
<descript source="cve">Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.</descript>
</desc>
<refs>
<ref url="https://plone.org/security/20131210/path-leak" source="CONFIRM">https://plone.org/security/20131210/path-leak</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/12/3" source="MLIST">[oss-security] 20131211 Re: CVE request for Plone</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/10/15" source="MLIST">[oss-security] 20131210 CVE request for Plone</ref>
</refs>
</entry>
<entry type="CVE" seq="2013-7061" published="2014-05-02" name="CVE-2013-7061" modified="2014-05-02">
<desc>
<descript source="cve">Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.</descript>
</desc>
<refs>
<ref url="https://plone.org/security/20131210/catalogue-exposure" source="CONFIRM">https://plone.org/security/20131210/catalogue-exposure</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/12/3" source="MLIST">[oss-security] 20131211 Re: CVE request for Plone</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/10/15" source="MLIST">[oss-security] 20131210 CVE request for Plone</ref>
</refs>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7063" published="2014-04-29" name="CVE-2013-7063" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://drupal.org/node/2140097" source="MISC" adv="1">https://drupal.org/node/2140097</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/12/1" source="MLIST">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/06/7" source="MLIST">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</ref>
</refs>
<vuln_soft>
<prod vendor="invitation_project" name="invitation">
<vers num="7.x-2.0" edition=":~~~drupal~~"/>
<vers num="7.x-2.1" edition=":~~~drupal~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2013-7064" published="2014-04-29" name="CVE-2013-7064" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://drupal.org/node/2140123" source="MISC" patch="1" adv="1">https://drupal.org/node/2140123</ref>
<ref url="https://drupal.org/node/2139875" source="CONFIRM" patch="1">https://drupal.org/node/2139875</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/12/1" source="MLIST">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/06/7" source="MLIST">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</ref>
</refs>
<vuln_soft>
<prod vendor="freelance-it-consultant" name="eu_cookie_compliance">
<vers num="7.x-1.0" edition=":~~~drupal~~"/>
<vers num="7.x-1.1" edition=":~~~drupal~~"/>
<vers num="7.x-1.10" edition=":~~~drupal~~"/>
<vers prev="1" num="7.x-1.11" edition=":~~~drupal~~"/>
<vers num="7.x-1.2" edition=":~~~drupal~~"/>
<vers num="7.x-1.6" edition=":~~~drupal~~"/>
<vers num="7.x-1.7" edition=":~~~drupal~~"/>
<vers num="7.x-1.8" edition=":~~~drupal~~"/>
<vers num="7.x-1.9" edition=":~~~drupal~~"/>
<vers num="7.x-1.x" edition="dev:~~~drupal~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7065" published="2014-04-29" name="CVE-2013-7065" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
<desc>
<descript source="cve">The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restriction and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://drupal.org/node/2140217" source="MISC" patch="1" adv="1">https://drupal.org/node/2140217</ref>
<ref url="https://drupal.org/node/2140209" source="CONFIRM" patch="1">https://drupal.org/node/2140209</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/12/1" source="MLIST">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/06/7" source="MLIST">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</ref>
</refs>
<vuln_soft>
<prod vendor="organic_groups_project" name="organic_groups">
<vers num="7.x-2.0" edition="-:~~~drupal~~"/>
<vers num="7.x-2.0" edition="alpha1:~~~drupal~~"/>
<vers num="7.x-2.0" edition="alpha2:~~~drupal~~"/>
<vers num="7.x-2.0" edition="alpha3:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta1:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta2:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta3:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta4:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc1:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc2:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc3:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc4:~~~drupal~~"/>
<vers num="7.x-2.1" edition=":~~~drupal~~"/>
<vers num="7.x-2.2" edition=":~~~drupal~~"/>
<vers num="7.x-2.x" edition="dev:~~~drupal~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7066" published="2014-04-29" name="CVE-2013-7066" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://drupal.org/node/2140237" source="MISC" patch="1" adv="1">https://drupal.org/node/2140237</ref>
<ref url="https://drupal.org/node/2140229" source="CONFIRM" patch="1">https://drupal.org/node/2140229</ref>
</refs>
<vuln_soft>
<prod vendor="entity_reference_project" name="entityreference">
<vers num="7.x-1.0" edition="-"/>
<vers num="7.x-1.0" edition="alpha1"/>
<vers num="7.x-1.0" edition="alpha2"/>
<vers num="7.x-1.0" edition="beta1"/>
<vers num="7.x-1.0" edition="beta2"/>
<vers num="7.x-1.0" edition="beta3"/>
<vers num="7.x-1.0" edition="beta4"/>
<vers num="7.x-1.0" edition="beta5"/>
<vers num="7.x-1.0" edition="rc1"/>
<vers num="7.x-1.0" edition="rc2"/>
<vers num="7.x-1.0" edition="rc3"/>
<vers num="7.x-1.0" edition="rc4"/>
<vers num="7.x-1.0" edition="rc5"/>
<vers num="7.x-1.x" edition="dev"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7068" published="2014-04-29" name="CVE-2013-7068" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
<desc>
<descript source="cve">The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://drupal.org/node/2140217" source="MISC" patch="1" adv="1">https://drupal.org/node/2140217</ref>
<ref url="https://drupal.org/node/2140209" source="CONFIRM" patch="1">https://drupal.org/node/2140209</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/12/1" source="MLIST">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/06/7" source="MLIST">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</ref>
</refs>
<vuln_soft>
<prod vendor="organic_groups_project" name="organic_groups">
<vers num="7.x-2.0" edition="-:~~~drupal~~"/>
<vers num="7.x-2.0" edition="alpha1:~~~drupal~~"/>
<vers num="7.x-2.0" edition="alpha2:~~~drupal~~"/>
<vers num="7.x-2.0" edition="alpha3:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta1:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta2:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta3:~~~drupal~~"/>
<vers num="7.x-2.0" edition="beta4:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc1:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc2:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc3:~~~drupal~~"/>
<vers num="7.x-2.0" edition="rc4:~~~drupal~~"/>
<vers num="7.x-2.1" edition=":~~~drupal~~"/>
<vers num="7.x-2.2" edition=":~~~drupal~~"/>
<vers num="7.x-2.x" edition="dev:~~~drupal~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7110" published="2014-05-01" name="CVE-2013-7110" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://github.com/transifex/transifex-client/issues/42" source="CONFIRM">https://github.com/transifex/transifex-client/issues/42</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/15/3" source="MLIST">[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/13/5" source="MLIST">[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)</ref>
</refs>
<vuln_soft>
<prod vendor="transifex" name="transifex">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.8"/>
<vers prev="1" num="0.9"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7111" published="2014-04-29" name="CVE-2013-7111" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html" source="MISC">http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/15/5" source="MLIST">[oss-security] 20131215 Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/14/2" source="MLIST">[oss-security] 20131214 Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line</ref>
</refs>
<vuln_soft>
<prod vendor="basespace_ruby_sdk_project" name="basespace_ruby_sdk">
<vers num="0.1.7" edition=":~~~ruby~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-7134" published="2014-04-29" name="CVE-2013-7134" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://github.com/phusion/juvia/issues/55" source="MISC">https://github.com/phusion/juvia/issues/55</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/18/1" source="MLIST">[oss-security] 20131217 Re: CVE request: Juvia secret token handling</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/16/3" source="MLIST">[oss-security] 20131216 CVE request: Juvia secret token handling</ref>
</refs>
<vuln_soft>
<prod vendor="phusion" name="juvia">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7220" published="2014-04-29" name="CVE-2013-7220" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
<desc>
<descript source="cve">js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.</descript>
<descript source="nvd">Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j" source="CONFIRM">https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1030431" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1030431</ref>
<ref url="https://bugzilla.gnome.org/show_bug.cgi?id=686740" source="CONFIRM">https://bugzilla.gnome.org/show_bug.cgi?id=686740</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/27/8" source="MLIST">[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/27/6" source="MLIST">[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/27/4" source="MLIST">[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues</ref>
</refs>
<vuln_soft>
<prod vendor="gnome" name="gnome-shell">
<vers num="3.0.0"/>
<vers num="3.0.0.1"/>
<vers num="3.0.0.2"/>
<vers num="3.0.1"/>
<vers num="3.0.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.90"/>
<vers num="3.1.90.1"/>
<vers num="3.1.91"/>
<vers num="3.1.91.1"/>
<vers num="3.1.92"/>
<vers num="3.2.0"/>
<vers num="3.2.1"/>
<vers num="3.2.2"/>
<vers num="3.2.2.1"/>
<vers num="3.3.2"/>
<vers num="3.3.3"/>
<vers num="3.3.5"/>
<vers num="3.3.90"/>
<vers num="3.3.91"/>
<vers num="3.3.92"/>
<vers num="3.4.0"/>
<vers num="3.4.1"/>
<vers num="3.4.2"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.90"/>
<vers num="3.5.91"/>
<vers num="3.5.92"/>
<vers num="3.6.0"/>
<vers num="3.6.1"/>
<vers num="3.6.2"/>
<vers num="3.6.3"/>
<vers num="3.6.3.1"/>
<vers num="3.7.1"/>
<vers num="3.7.2"/>
<vers num="3.7.2.1"/>
<vers num="3.7.3"/>
<vers num="3.7.3.1"/>
<vers num="3.7.4"/>
<vers num="3.7.4.1"/>
<vers num="3.7.5"/>
<vers num="3.7.91"/>
<vers prev="1" num="3.7.92"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7221" published="2014-04-29" name="CVE-2013-7221" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
<desc>
<descript source="cve">The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088" source="CONFIRM">https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088</ref>
<ref url="https://bugzilla.gnome.org/show_bug.cgi?id=708313" source="CONFIRM">https://bugzilla.gnome.org/show_bug.cgi?id=708313</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/27/8" source="MLIST">[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/27/4" source="MLIST">[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues</ref>
</refs>
<vuln_soft>
<prod vendor="gnome" name="gnome-shell">
<vers num="3.0.0"/>
<vers num="3.0.0.1"/>
<vers num="3.0.0.2"/>
<vers num="3.0.1"/>
<vers num="3.0.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.90"/>
<vers num="3.1.90.1"/>
<vers num="3.1.91"/>
<vers num="3.1.91.1"/>
<vers num="3.1.92"/>
<vers num="3.2.0"/>
<vers num="3.2.1"/>
<vers num="3.2.2"/>
<vers num="3.2.2.1"/>
<vers num="3.3.2"/>
<vers num="3.3.3"/>
<vers num="3.3.5"/>
<vers num="3.3.90"/>
<vers num="3.3.91"/>
<vers num="3.3.92"/>
<vers num="3.4.0"/>
<vers num="3.4.1"/>
<vers num="3.4.2"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.90"/>
<vers num="3.5.91"/>
<vers num="3.5.92"/>
<vers num="3.6.0"/>
<vers num="3.6.1"/>
<vers num="3.6.2"/>
<vers num="3.6.3"/>
<vers num="3.6.3.1"/>
<vers num="3.7.1"/>
<vers num="3.7.2"/>
<vers num="3.7.2.1"/>
<vers num="3.7.3"/>
<vers num="3.7.3.1"/>
<vers num="3.7.4"/>
<vers num="3.7.4.1"/>
<vers num="3.7.5"/>
<vers num="3.7.91"/>
<vers num="3.7.92"/>
<vers num="3.8.0"/>
<vers num="3.8.0.1"/>
<vers num="3.8.1"/>
<vers num="3.8.2"/>
<vers num="3.8.3"/>
<vers num="3.8.4"/>
<vers num="3.9.1"/>
<vers num="3.9.2"/>
<vers num="3.9.3"/>
<vers num="3.9.4"/>
<vers num="3.9.5"/>
<vers num="3.9.90"/>
<vers num="3.9.91"/>
<vers prev="1" num="3.9.92"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7234" published="2014-04-29" name="CVE-2013-7234" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/30/3" source="MLIST">[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/30/1" source="MLIST">[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6</ref>
<ref url="http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/" source="MISC">http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Dec/83" source="FULLDISC">20131213 Multiple vulnerabilities in SMF forum software</ref>
<ref url="http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt" source="CONFIRM">http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt</ref>
</refs>
<vuln_soft>
<prod vendor="simplemachines" name="simple_machines_forum">
<vers num="1.0" edition="beta4"/>
<vers num="1.0" edition="beta4.1"/>
<vers num="1.0" edition="beta5"/>
<vers num="1.0" edition="beta6"/>
<vers num="1.0" edition="rc1"/>
<vers num="1.0" edition="rc2"/>
<vers num="1.0.1"/>
<vers num="1.0.10"/>
<vers num="1.0.12"/>
<vers num="1.0.13"/>
<vers num="1.0.14"/>
<vers num="1.0.15"/>
<vers num="1.0.16"/>
<vers num="1.0.17"/>
<vers num="1.0.18"/>
<vers num="1.0.19"/>
<vers num="1.0.2"/>
<vers num="1.0.20"/>
<vers num="1.0.21"/>
<vers num="1.0.22"/>
<vers num="1.0.23"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.0.9"/>
<vers num="1.1" edition="beta1"/>
<vers num="1.1" edition="beta2"/>
<vers num="1.1" edition="beta3"/>
<vers num="1.1" edition="beta4"/>
<vers num="1.1" edition="rc1"/>
<vers num="1.1" edition="rc2"/>
<vers num="1.1" edition="rc3"/>
<vers num="1.1.1"/>
<vers num="1.1.10"/>
<vers num="1.1.11"/>
<vers num="1.1.12"/>
<vers num="1.1.13"/>
<vers num="1.1.14"/>
<vers num="1.1.15"/>
<vers num="1.1.16"/>
<vers num="1.1.17"/>
<vers num="1.1.2"/>
<vers num="1.1.3"/>
<vers num="1.1.4"/>
<vers num="1.1.5"/>
<vers num="1.1.6"/>
<vers num="1.1.7"/>
<vers num="1.1.8"/>
<vers prev="1" num="1.1.9"/>
<vers num="2.0" edition="beta1"/>
<vers num="2.0" edition="beta2"/>
<vers num="2.0" edition="beta2.1"/>
<vers num="2.0" edition="beta3"/>
<vers num="2.0" edition="beta3.1"/>
<vers num="2.0" edition="beta4"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0" edition="rc3"/>
<vers num="2.0" edition="rc4"/>
<vers num="2.0" edition="rc5"/>
<vers num="2.0.1"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-7235" published="2014-04-29" name="CVE-2013-7235" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/30/3" source="MLIST">[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/30/1" source="MLIST">[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6</ref>
<ref url="http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/" source="MISC">http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Dec/83" source="FULLDISC">20131213 Multiple vulnerabilities in SMF forum software</ref>
<ref url="http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt" source="CONFIRM">http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt</ref>
</refs>
<vuln_soft>
<prod vendor="simplemachines" name="simple_machines_forum">
<vers num="1.0" edition="beta4"/>
<vers num="1.0" edition="beta4.1"/>
<vers num="1.0" edition="beta5"/>
<vers num="1.0" edition="beta6"/>
<vers num="1.0" edition="rc1"/>
<vers num="1.0" edition="rc2"/>
<vers num="1.0.1"/>
<vers num="1.0.10"/>
<vers num="1.0.12"/>
<vers num="1.0.13"/>
<vers num="1.0.14"/>
<vers num="1.0.15"/>
<vers num="1.0.16"/>
<vers num="1.0.17"/>
<vers num="1.0.18"/>
<vers num="1.0.19"/>
<vers num="1.0.2"/>
<vers num="1.0.20"/>
<vers num="1.0.21"/>
<vers num="1.0.22"/>
<vers num="1.0.23"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.0.9"/>
<vers num="1.1" edition="beta1"/>
<vers num="1.1" edition="beta2"/>
<vers num="1.1" edition="beta3"/>
<vers num="1.1" edition="beta4"/>
<vers num="1.1" edition="rc1"/>
<vers num="1.1" edition="rc2"/>
<vers num="1.1" edition="rc3"/>
<vers num="1.1.1"/>
<vers num="1.1.10"/>
<vers num="1.1.11"/>
<vers num="1.1.12"/>
<vers num="1.1.13"/>
<vers num="1.1.14"/>
<vers num="1.1.15"/>
<vers num="1.1.16"/>
<vers num="1.1.17"/>
<vers num="1.1.2"/>
<vers num="1.1.3"/>
<vers num="1.1.4"/>
<vers num="1.1.5"/>
<vers num="1.1.6"/>
<vers num="1.1.7"/>
<vers num="1.1.8"/>
<vers prev="1" num="1.1.9"/>
<vers num="2.0" edition="beta1"/>
<vers num="2.0" edition="beta2"/>
<vers num="2.0" edition="beta2.1"/>
<vers num="2.0" edition="beta3"/>
<vers num="2.0" edition="beta3.1"/>
<vers num="2.0" edition="beta4"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0" edition="rc3"/>
<vers num="2.0" edition="rc4"/>
<vers num="2.0" edition="rc5"/>
<vers num="2.0.1"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-7236" published="2014-04-29" name="CVE-2013-7236" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/30/3" source="MLIST">[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6</ref>
<ref url="http://www.openwall.com/lists/oss-security/2013/12/30/1" source="MLIST">[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6</ref>
<ref url="http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/" source="MISC">http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/</ref>
<ref url="http://seclists.org/fulldisclosure/2013/Dec/83" source="FULLDISC">20131213 Multiple vulnerabilities in SMF forum software</ref>
</refs>
<vuln_soft>
<prod vendor="simplemachines" name="simple_machines_forum">
<vers num="1.0" edition="beta4"/>
<vers num="1.0" edition="beta4.1"/>
<vers num="1.0" edition="beta5"/>
<vers num="1.0" edition="beta6"/>
<vers num="1.0" edition="rc1"/>
<vers num="1.0" edition="rc2"/>
<vers num="1.0.1"/>
<vers num="1.0.10"/>
<vers num="1.0.12"/>
<vers num="1.0.13"/>
<vers num="1.0.14"/>
<vers num="1.0.15"/>
<vers num="1.0.16"/>
<vers num="1.0.17"/>
<vers num="1.0.18"/>
<vers num="1.0.19"/>
<vers num="1.0.2"/>
<vers num="1.0.20"/>
<vers num="1.0.21"/>
<vers num="1.0.22"/>
<vers num="1.0.23"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.0.9"/>
<vers num="1.1" edition="beta1"/>
<vers num="1.1" edition="beta2"/>
<vers num="1.1" edition="beta3"/>
<vers num="1.1" edition="beta4"/>
<vers num="1.1" edition="rc1"/>
<vers num="1.1" edition="rc2"/>
<vers num="1.1" edition="rc3"/>
<vers num="1.1.1"/>
<vers num="1.1.10"/>
<vers num="1.1.11"/>
<vers num="1.1.12"/>
<vers num="1.1.13"/>
<vers num="1.1.14"/>
<vers num="1.1.15"/>
<vers num="1.1.16"/>
<vers num="1.1.17"/>
<vers num="1.1.2"/>
<vers num="1.1.3"/>
<vers num="1.1.4"/>
<vers num="1.1.5"/>
<vers num="1.1.6"/>
<vers num="1.1.7"/>
<vers num="1.1.8"/>
<vers prev="1" num="1.1.9"/>
<vers num="2.0.6"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7259" published="2014-04-29" name="CVE-2013-7259" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j" source="MISC">https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/01/03/8" source="MLIST">[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/01/03/3" source="MLIST">[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate</ref>
<ref url="http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html" source="MISC">http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html</ref>
</refs>
<vuln_soft>
<prod vendor="neo4j" name="neo4j">
<vers num="1.9.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-7260" published="2014-01-03" name="CVE-2013-7260" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.kb.cert.org/vuls/id/698278" source="CERT-VN">VU#698278</ref>
<ref url="http://xforce.iss.net/xforce/xfdb/90160" source="XF">realplayer-cve20137260-bo(90160)</ref>
<ref url="http://www.exploit-db.com/exploits/30468/" source="EXPLOIT-DB">30468</ref>
<ref url="http://service.real.com/realplayer/security/12202013_player/en/" source="CONFIRM" adv="1">http://service.real.com/realplayer/security/12202013_player/en/</ref>
</refs>
<vuln_soft>
<prod vendor="realnetworks" name="realplayer">
<vers num="10.0" edition="10.0.0.305:mac"/>
<vers num="10.0" edition="10.0.0.331:mac"/>
<vers num="10.0" edition="10.0.0.352:mac"/>
<vers num="10.1" edition="10.0.0.396:mac"/>
<vers num="10.1" edition="10.0.0.412:mac"/>
<vers num="10.1" edition="10.0.0._481:mac"/>
<vers num="10.5"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="11.0.2"/>
<vers num="11.0.2.1744"/>
<vers num="11.0.2.2315"/>
<vers num="11.0.3"/>
<vers num="11.0.4"/>
<vers num="11.0.5"/>
<vers num="11.1"/>
<vers num="11.1.3"/>
<vers num="11_build_6.0.14.748"/>
<vers num="12.0.0.1444"/>
<vers num="12.0.0.1548"/>
<vers num="12.0.0.1701" edition=":mac"/>
<vers num="12.0.1.1737" edition="-:~-~-~mac_os_x~~"/>
<vers num="14.0.0"/>
<vers num="14.0.1"/>
<vers num="14.0.1.609"/>
<vers num="14.0.2"/>
<vers num="14.0.3"/>
<vers num="14.0.4"/>
<vers num="14.0.5"/>
<vers num="15.0.0"/>
<vers num="15.0.4"/>
<vers num="15.0.4.43"/>
<vers num="15.0.5.109"/>
<vers num="15.0.6.14"/>
<vers num="15.02.71"/>
<vers num="16.0.0"/>
<vers num="16.0.0.282"/>
<vers num="16.0.1.18"/>
<vers num="16.0.2.32"/>
<vers num="16.0.3.51"/>
<vers prev="1" num="17.0.4.60"/>
<vers num="2.1.2" edition=":enterprise"/>
<vers num="2.1.3" edition=":enterprise"/>
<vers num="2.1.4" edition=":enterprise"/>
<vers num="4"/>
<vers num="5"/>
<vers num="6"/>
<vers num="7"/>
<vers num="8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2013-7273" published="2014-04-29" name="CVE-2013-7273" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
<desc>
<descript source="cve">GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1050745" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1050745</ref>
<ref url="https://bugzilla.gnome.org/show_bug.cgi?id=704284" source="MISC">https://bugzilla.gnome.org/show_bug.cgi?id=704284</ref>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/01/07/16" source="MLIST">[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/01/07/10" source="MLIST">[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</ref>
</refs>
<vuln_soft>
<prod vendor="gnome" name="gnome_display_manager">
<vers num="3.0.0"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.1.2"/>
<vers num="3.1.90"/>
<vers num="3.1.91"/>
<vers num="3.1.92"/>
<vers num="3.2.0"/>
<vers num="3.2.1"/>
<vers num="3.2.1.1"/>
<vers num="3.3.92"/>
<vers num="3.3.92.1"/>
<vers num="3.4.0"/>
<vers num="3.4.0.1"/>
<vers prev="1" num="3.4.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7284" published="2014-04-29" name="CVE-2013-7284" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
<desc>
<descript source="cve">The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://rt.cpan.org/Public/Bug/Display.html?id=90474" source="MISC" patch="1">https://rt.cpan.org/Public/Bug/Display.html?id=90474</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051108" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051108</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1030572" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1030572</ref>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789</ref>
<ref url="http://seclists.org/oss-sec/2014/q1/62" source="MLIST">[oss-security] 20140109 Re: PlRPC Perl module: pre-auth remote code execution, weak crypto</ref>
<ref url="http://seclists.org/oss-sec/2014/q1/56" source="MLIST">[oss-security] 20140109 PlRPC Perl module: pre-auth remote code execution, weak crypto</ref>
</refs>
<vuln_soft>
<prod vendor="malcolm_nooning" name="pirpc">
<vers num="0.2000" edition=":~~~perl~~"/>
<vers num="0.2001" edition=":~~~perl~~"/>
<vers num="0.2002" edition=":~~~perl~~"/>
<vers num="0.2003" edition=":~~~perl~~"/>
<vers num="0.2010" edition=":~~~perl~~"/>
<vers num="0.2011" edition=":~~~perl~~"/>
<vers num="0.2012" edition=":~~~perl~~"/>
<vers num="0.2013" edition=":~~~perl~~"/>
<vers num="0.2014" edition=":~~~perl~~"/>
<vers num="0.2016" edition=":~~~perl~~"/>
<vers num="0.2017" edition=":~~~perl~~"/>
<vers num="0.2018" edition=":~~~perl~~"/>
<vers num="0.2019" edition=":~~~perl~~"/>
<vers prev="1" num="0.2020" edition=":~~~perl~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7302" published="2014-04-29" name="CVE-2013-7302" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
<desc>
<descript source="cve">Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://drupal.org/node/2158651" source="MISC" patch="1" adv="1">https://drupal.org/node/2158651</ref>
<ref url="https://drupal.org/node/2158567" source="CONFIRM" patch="1">https://drupal.org/node/2158567</ref>
<ref url="https://drupal.org/node/2158565" source="CONFIRM" patch="1">https://drupal.org/node/2158565</ref>
</refs>
<vuln_soft>
<prod vendor="ubercart" name="ubercart">
<vers num="6.x-2.0" edition="beta1"/>
<vers num="6.x-2.0" edition="beta2"/>
<vers num="6.x-2.0" edition="beta3"/>
<vers num="6.x-2.0" edition="beta4"/>
<vers num="6.x-2.0" edition="beta5"/>
<vers num="6.x-2.0" edition="beta6"/>
<vers num="6.x-2.0" edition="dev"/>
<vers num="6.x-2.0" edition="rc1"/>
<vers num="6.x-2.0" edition="rc2"/>
<vers num="6.x-2.0" edition="rc3"/>
<vers num="6.x-2.0" edition="rc4"/>
<vers num="6.x-2.0" edition="rc5"/>
<vers num="6.x-2.0" edition="rc6"/>
<vers num="6.x-2.0" edition="rc7"/>
<vers num="6.x-2.1"/>
<vers num="6.x-2.10"/>
<vers num="6.x-2.11"/>
<vers num="6.x-2.12"/>
<vers num="6.x-2.2"/>
<vers num="6.x-2.3"/>
<vers num="6.x-2.4"/>
<vers num="6.x-2.6"/>
<vers num="6.x-2.7"/>
<vers num="6.x-2.8"/>
<vers num="6.x-2.9"/>
<vers num="7.x-3.0" edition="alpha1"/>
<vers num="7.x-3.0" edition="alpha2"/>
<vers num="7.x-3.0" edition="alpha3"/>
<vers num="7.x-3.0" edition="beta1"/>
<vers num="7.x-3.0" edition="beta2"/>
<vers num="7.x-3.0" edition="beta3"/>
<vers num="7.x-3.0" edition="beta4"/>
<vers num="7.x-3.0" edition="dev"/>
<vers num="7.x-3.0" edition="rc1"/>
<vers num="7.x-3.0" edition="rc2"/>
<vers num="7.x-3.0" edition="rc3"/>
<vers num="7.x-3.0" edition="rc4"/>
<vers num="7.x-3.1"/>
<vers num="7.x-3.2"/>
<vers num="7.x-3.3"/>
<vers num="7.x-3.4"/>
<vers num="7.x-3.5"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7372" published="2014-04-29" name="CVE-2013-7372" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java" source="CONFIRM" patch="1">https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java</ref>
<ref url="http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html" source="CONFIRM" patch="1">http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html</ref>
<ref url="https://bitcoin.org/en/alert/2013-08-11-android" source="MISC">https://bitcoin.org/en/alert/2013-08-11-android</ref>
<ref url="http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf" source="MISC">http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf</ref>
</refs>
<vuln_soft>
<prod vendor="apache" name="harmony">
<vers prev="1" num="6.0" edition="m3"/>
</prod>
<prod vendor="google" name="android">
<vers num="4.0"/>
<vers num="4.0.1"/>
<vers num="4.0.2"/>
<vers num="4.0.3"/>
<vers num="4.0.4"/>
<vers num="4.1"/>
<vers num="4.1.2"/>
<vers num="4.2"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.3"/>
<vers prev="1" num="4.3.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2013-7373" published="2014-04-29" name="CVE-2013-7373" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5" source="MISC">http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5</ref>
<ref url="http://marc.info/?l=openssl-dev&amp;m=130298304903422&amp;w=2" source="MLIST">[openssl-dev] 20110416 Re: recycled pids causes PRNG to repeat</ref>
<ref url="http://marc.info/?l=openssl-dev&amp;m=130289811108150&amp;w=2" source="MLIST">[openssl-dev] 20110415 recycled pids causes PRNG to repeat</ref>
<ref url="http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/" source="MISC">http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/</ref>
<ref url="http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html" source="CONFIRM">http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="android">
<vers num="1.0"/>
<vers num="1.1"/>
<vers num="1.5"/>
<vers num="1.6"/>
<vers num="2.0"/>
<vers num="2.0.1"/>
<vers num="2.1"/>
<vers num="2.2" edition="rev1"/>
<vers num="2.2.1"/>
<vers num="2.2.2"/>
<vers num="2.2.3"/>
<vers num="2.3" edition="rev1"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.3.4"/>
<vers num="2.3.5"/>
<vers num="2.3.6"/>
<vers num="2.3.7"/>
<vers num="3.0"/>
<vers num="3.1"/>
<vers num="3.2"/>
<vers num="3.2.1"/>
<vers num="3.2.2"/>
<vers num="3.2.4"/>
<vers num="3.2.6"/>
<vers num="4.0"/>
<vers num="4.0.1"/>
<vers num="4.0.2"/>
<vers num="4.0.3"/>
<vers num="4.0.4"/>
<vers num="4.1"/>
<vers num="4.1.2"/>
<vers num="4.2"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.3"/>
<vers prev="1" num="4.3.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2013-7374" published="2014-05-01" name="CVE-2013-7374" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
<desc>
<descript source="cve">The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://bugs.launchpad.net/ubuntu/%2Bsource/indicator-datetime/%2Bbug/1246812" source="CONFIRM">https://bugs.launchpad.net/ubuntu/%2Bsource/indicator-datetime/%2Bbug/1246812</ref>
<ref url="http://www.ubuntu.com/usn/USN-2186-1" source="UBUNTU" adv="1">USN-2186-1</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/30/1" source="MLIST">[oss-security] 20140430 Re: CVE Request: indicator-datetime issue</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/29/3" source="MLIST">[oss-security] 20140429 CVE Request: indicator-datetime issue</ref>
<ref url="http://bazaar.launchpad.net/~indicator-applet-developers/indicator-datetime/trunk.13.10/revision/282" source="CONFIRM">http://bazaar.launchpad.net/~indicator-applet-developers/indicator-datetime/trunk.13.10/revision/282</ref>
</refs>
<vuln_soft>
<prod vendor="canonical" name="ubuntu_linux">
<vers num="13.10"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0037" published="2014-04-28" name="CVE-2014-0037" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1056767" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1056767</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/01/31/14" source="MLIST">[oss-security] 20140131 Security Flaw CVE-2014-0037</ref>
<ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" source="MANDRIVA">MDVSA-2014:044</ref>
</refs>
<vuln_soft>
<prod vendor="zarafa" name="zarafa">
<vers num="5.00"/>
<vers num="5.01"/>
<vers num="5.02"/>
<vers num="5.10"/>
<vers num="5.11"/>
<vers num="5.20"/>
<vers num="5.22"/>
<vers num="6.00"/>
<vers num="6.01"/>
<vers num="6.02"/>
<vers num="6.03"/>
<vers num="6.10"/>
<vers num="6.11"/>
<vers num="6.20"/>
<vers num="6.20.10"/>
<vers num="6.20.11"/>
<vers num="6.20.12"/>
<vers num="6.20.2"/>
<vers num="6.20.3"/>
<vers num="6.20.5"/>
<vers num="6.20.6"/>
<vers num="6.20.7"/>
<vers num="6.30.0"/>
<vers num="6.30.10"/>
<vers num="6.30.11"/>
<vers num="6.30.13"/>
<vers num="6.30.16"/>
<vers num="6.30.17"/>
<vers num="6.30.3"/>
<vers num="6.30.4"/>
<vers num="6.30.5"/>
<vers num="6.30.6"/>
<vers num="6.30.7"/>
<vers num="6.30.8"/>
<vers num="6.30.9"/>
<vers num="6.40.0"/>
<vers num="6.40.10"/>
<vers num="6.40.11"/>
<vers num="6.40.12"/>
<vers num="6.40.13"/>
<vers num="6.40.14"/>
<vers num="6.40.15"/>
<vers num="6.40.16"/>
<vers num="6.40.17"/>
<vers num="6.40.2"/>
<vers num="6.40.3"/>
<vers num="6.40.4"/>
<vers num="6.40.5"/>
<vers num="6.40.6"/>
<vers num="6.40.7"/>
<vers num="6.40.8"/>
<vers num="6.40.9"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="7.0.10"/>
<vers num="7.0.11"/>
<vers num="7.0.12"/>
<vers num="7.0.13"/>
<vers num="7.0.2"/>
<vers num="7.0.3"/>
<vers num="7.0.4"/>
<vers num="7.0.5"/>
<vers num="7.0.6"/>
<vers num="7.0.7"/>
<vers num="7.0.8"/>
<vers num="7.0.9"/>
<vers num="7.1.0"/>
<vers num="7.1.1"/>
<vers num="7.1.2"/>
<vers num="7.1.3"/>
<vers num="7.1.4"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0079" published="2014-04-28" name="CVE-2014-0079" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</ref>
<ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" source="MANDRIVA">MDVSA-2014:044</ref>
</refs>
<vuln_soft>
<prod vendor="zarafa" name="zarafa">
<vers num="5.00"/>
<vers num="5.01"/>
<vers num="5.02"/>
<vers num="5.10"/>
<vers num="5.11"/>
<vers num="5.20"/>
<vers num="5.22"/>
<vers num="6.00"/>
<vers num="6.01"/>
<vers num="6.02"/>
<vers num="6.03"/>
<vers num="6.10"/>
<vers num="6.11"/>
<vers prev="1" num="6.20"/>
<vers num="7.1.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0088" published="2014-04-29" name="CVE-2014-0088" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" source="MLIST" patch="1">[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)</ref>
<ref url="http://www.securitytracker.com/id/1030150" source="SECTRACK">1030150</ref>
</refs>
<vuln_soft>
<prod vendor="igor_sysoev" name="nginx">
<vers num="1.5.10"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0112" published="2014-04-29" name="CVE-2014-0112" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://cwiki.apache.org/confluence/display/WW/S2-021" source="CONFIRM" patch="1" adv="1">https://cwiki.apache.org/confluence/display/WW/S2-021</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1091939" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1091939</ref>
<ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" source="JVNDB">JVNDB-2014-000045</ref>
<ref url="http://jvn.jp/en/jp/JVN19294237/index.html" source="JVN">JVN#19294237</ref>
</refs>
<vuln_soft>
<prod vendor="apache" name="struts">
<vers num="2.0.0"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.11.1"/>
<vers num="2.0.11.2"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1.0"/>
<vers num="2.1.1"/>
<vers num="2.1.2"/>
<vers num="2.1.3"/>
<vers num="2.1.4"/>
<vers num="2.1.5"/>
<vers num="2.1.6"/>
<vers num="2.1.8"/>
<vers num="2.1.8.1"/>
<vers num="2.2.1"/>
<vers num="2.2.1.1"/>
<vers num="2.2.3"/>
<vers num="2.2.3.1"/>
<vers num="2.3.1"/>
<vers num="2.3.1.1"/>
<vers num="2.3.1.2"/>
<vers num="2.3.12"/>
<vers num="2.3.14"/>
<vers num="2.3.14.1"/>
<vers num="2.3.14.2"/>
<vers num="2.3.14.3"/>
<vers num="2.3.15"/>
<vers num="2.3.15.1"/>
<vers num="2.3.15.2"/>
<vers num="2.3.15.3"/>
<vers num="2.3.16"/>
<vers prev="1" num="2.3.16.1"/>
<vers num="2.3.3"/>
<vers num="2.3.4"/>
<vers num="2.3.4.1"/>
<vers num="2.3.7"/>
<vers num="2.3.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0113" published="2014-04-29" name="CVE-2014-0113" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://cwiki.apache.org/confluence/display/WW/S2-021" source="CONFIRM" patch="1" adv="1">https://cwiki.apache.org/confluence/display/WW/S2-021</ref>
</refs>
<vuln_soft>
<prod vendor="apache" name="struts">
<vers num="2.0.0"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.11.1"/>
<vers num="2.0.11.2"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1.0"/>
<vers num="2.1.1"/>
<vers num="2.1.2"/>
<vers num="2.1.3"/>
<vers num="2.1.4"/>
<vers num="2.1.5"/>
<vers num="2.1.6"/>
<vers num="2.1.8"/>
<vers num="2.1.8.1"/>
<vers num="2.2.1"/>
<vers num="2.2.1.1"/>
<vers num="2.2.3"/>
<vers num="2.2.3.1"/>
<vers num="2.3.1"/>
<vers num="2.3.1.1"/>
<vers num="2.3.1.2"/>
<vers num="2.3.12"/>
<vers num="2.3.14"/>
<vers num="2.3.14.1"/>
<vers num="2.3.14.2"/>
<vers num="2.3.14.3"/>
<vers num="2.3.15"/>
<vers num="2.3.15.1"/>
<vers num="2.3.15.2"/>
<vers num="2.3.15.3"/>
<vers num="2.3.16"/>
<vers prev="1" num="2.3.16.1"/>
<vers num="2.3.3"/>
<vers num="2.3.4"/>
<vers num="2.3.4.1"/>
<vers num="2.3.7"/>
<vers num="2.3.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0114" published="2014-04-30" name="CVE-2014-0114" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1091938" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1091938</ref>
</refs>
<vuln_soft>
<prod vendor="apache" name="struts">
<vers num="1.0"/>
<vers num="1.0.2"/>
<vers num="1.1" edition="b1"/>
<vers num="1.1" edition="b2"/>
<vers num="1.1" edition="b3"/>
<vers num="1.1" edition="rc1"/>
<vers num="1.1" edition="rc2"/>
<vers num="1.2.2"/>
<vers num="1.2.4"/>
<vers num="1.2.6"/>
<vers num="1.2.7"/>
<vers num="1.2.8"/>
<vers num="1.2.9"/>
<vers num="1.3.10"/>
<vers num="1.3.5"/>
<vers num="1.3.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0162" published="2014-04-27" name="CVE-2014-0162" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
<desc>
<descript source="cve">The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://launchpad.net/bugs/1298698" source="CONFIRM">https://launchpad.net/bugs/1298698</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/10/13" source="MLIST">[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)</ref>
</refs>
<vuln_soft>
<prod vendor="openstack" name="icehouse">
<vers num="rc-1"/>
</prod>
<prod vendor="openstack" name="image_registry_and_delivery_service_(glance)">
<vers num="2013.2"/>
<vers num="2013.2.1"/>
<vers num="2013.2.2"/>
<vers num="2013.2.3"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2014-0181" published="2014-04-26" name="CVE-2014-0181" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
<desc>
<descript source="cve">The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e" source="CONFIRM">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/23/6" source="MLIST">[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks</ref>
<ref url="http://marc.info/?l=linux-netdev&amp;m=139828832919748&amp;w=2" source="MLIST">[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors</ref>
</refs>
<vuln_soft>
<prod vendor="linux" name="linux_kernel">
<vers num="3.0" edition="rc1"/>
<vers num="3.0" edition="rc2"/>
<vers num="3.0" edition="rc3"/>
<vers num="3.0" edition="rc4"/>
<vers num="3.0" edition="rc5"/>
<vers num="3.0" edition="rc6"/>
<vers num="3.0" edition="rc7"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.20"/>
<vers num="3.0.21"/>
<vers num="3.0.22"/>
<vers num="3.0.23"/>
<vers num="3.0.24"/>
<vers num="3.0.25"/>
<vers num="3.0.26"/>
<vers num="3.0.27"/>
<vers num="3.0.28"/>
<vers num="3.0.29"/>
<vers num="3.0.3"/>
<vers num="3.0.30"/>
<vers num="3.0.31"/>
<vers num="3.0.32"/>
<vers num="3.0.33"/>
<vers num="3.0.34"/>
<vers num="3.0.35"/>
<vers num="3.0.36"/>
<vers num="3.0.37"/>
<vers num="3.0.38"/>
<vers num="3.0.39"/>
<vers num="3.0.4"/>
<vers num="3.0.40"/>
<vers num="3.0.41"/>
<vers num="3.0.42"/>
<vers num="3.0.43"/>
<vers num="3.0.44"/>
<vers num="3.0.45"/>
<vers num="3.0.46"/>
<vers num="3.0.47"/>
<vers num="3.0.48"/>
<vers num="3.0.49"/>
<vers num="3.0.5"/>
<vers num="3.0.50"/>
<vers num="3.0.51"/>
<vers num="3.0.52"/>
<vers num="3.0.53"/>
<vers num="3.0.54"/>
<vers num="3.0.55"/>
<vers num="3.0.56"/>
<vers num="3.0.57"/>
<vers num="3.0.58"/>
<vers num="3.0.59"/>
<vers num="3.0.6"/>
<vers num="3.0.60"/>
<vers num="3.0.61"/>
<vers num="3.0.62"/>
<vers num="3.0.63"/>
<vers num="3.0.64"/>
<vers num="3.0.65"/>
<vers num="3.0.66"/>
<vers num="3.0.67"/>
<vers num="3.0.68"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1" edition="rc1"/>
<vers num="3.1" edition="rc2"/>
<vers num="3.1" edition="rc3"/>
<vers num="3.1" edition="rc4"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="3.10"/>
<vers num="3.10.1"/>
<vers num="3.10.10"/>
<vers num="3.10.11"/>
<vers num="3.10.12"/>
<vers num="3.10.13"/>
<vers num="3.10.14"/>
<vers num="3.10.15"/>
<vers num="3.10.16"/>
<vers num="3.10.17"/>
<vers num="3.10.18"/>
<vers num="3.10.19"/>
<vers num="3.10.2"/>
<vers num="3.10.20"/>
<vers num="3.10.21"/>
<vers num="3.10.22"/>
<vers num="3.10.23"/>
<vers num="3.10.24"/>
<vers num="3.10.25"/>
<vers num="3.10.26"/>
<vers num="3.10.27"/>
<vers num="3.10.28"/>
<vers num="3.10.29"/>
<vers num="3.10.3"/>
<vers num="3.10.4"/>
<vers num="3.10.5"/>
<vers num="3.10.6"/>
<vers num="3.10.7"/>
<vers num="3.10.8"/>
<vers num="3.10.9"/>
<vers num="3.11"/>
<vers num="3.11.1"/>
<vers num="3.11.10"/>
<vers num="3.11.2"/>
<vers num="3.11.3"/>
<vers num="3.11.4"/>
<vers num="3.11.5"/>
<vers num="3.11.6"/>
<vers num="3.11.7"/>
<vers num="3.11.8"/>
<vers num="3.11.9"/>
<vers num="3.12"/>
<vers num="3.12.1"/>
<vers num="3.12.10"/>
<vers num="3.12.11"/>
<vers num="3.12.12"/>
<vers num="3.12.13"/>
<vers num="3.12.14"/>
<vers num="3.12.15"/>
<vers num="3.12.16"/>
<vers num="3.12.17"/>
<vers num="3.12.2"/>
<vers num="3.12.3"/>
<vers num="3.12.4"/>
<vers num="3.12.5"/>
<vers num="3.12.6"/>
<vers num="3.12.7"/>
<vers num="3.12.8"/>
<vers num="3.12.9"/>
<vers num="3.13"/>
<vers num="3.13.1"/>
<vers num="3.13.2"/>
<vers num="3.13.3"/>
<vers num="3.13.4"/>
<vers num="3.13.5"/>
<vers num="3.13.6"/>
<vers num="3.13.7"/>
<vers num="3.13.8"/>
<vers num="3.13.9"/>
<vers prev="1" num="3.14.1"/>
<vers num="3.2" edition="rc2"/>
<vers num="3.2" edition="rc3"/>
<vers num="3.2" edition="rc4"/>
<vers num="3.2" edition="rc5"/>
<vers num="3.2" edition="rc6"/>
<vers num="3.2" edition="rc7"/>
<vers num="3.2.1"/>
<vers num="3.2.10"/>
<vers num="3.2.11"/>
<vers num="3.2.12"/>
<vers num="3.2.13"/>
<vers num="3.2.14"/>
<vers num="3.2.15"/>
<vers num="3.2.16"/>
<vers num="3.2.17"/>
<vers num="3.2.18"/>
<vers num="3.2.19"/>
<vers num="3.2.2"/>
<vers num="3.2.20"/>
<vers num="3.2.21"/>
<vers num="3.2.22"/>
<vers num="3.2.23"/>
<vers num="3.2.24"/>
<vers num="3.2.25"/>
<vers num="3.2.26"/>
<vers num="3.2.27"/>
<vers num="3.2.28"/>
<vers num="3.2.29"/>
<vers num="3.2.3"/>
<vers num="3.2.30"/>
<vers num="3.2.4"/>
<vers num="3.2.5"/>
<vers num="3.2.6"/>
<vers num="3.2.7"/>
<vers num="3.2.8"/>
<vers num="3.2.9"/>
<vers num="3.3" edition="rc1"/>
<vers num="3.3" edition="rc2"/>
<vers num="3.3" edition="rc3"/>
<vers num="3.3" edition="rc4"/>
<vers num="3.3" edition="rc5"/>
<vers num="3.3" edition="rc6"/>
<vers num="3.3" edition="rc7"/>
<vers num="3.3.1"/>
<vers num="3.3.2"/>
<vers num="3.3.3"/>
<vers num="3.3.4"/>
<vers num="3.3.5"/>
<vers num="3.3.6"/>
<vers num="3.3.7"/>
<vers num="3.3.8"/>
<vers num="3.4" edition="rc1"/>
<vers num="3.4" edition="rc2"/>
<vers num="3.4" edition="rc3"/>
<vers num="3.4" edition="rc4"/>
<vers num="3.4" edition="rc5"/>
<vers num="3.4" edition="rc6"/>
<vers num="3.4" edition="rc7"/>
<vers num="3.4.1"/>
<vers num="3.4.10"/>
<vers num="3.4.11"/>
<vers num="3.4.12"/>
<vers num="3.4.13"/>
<vers num="3.4.14"/>
<vers num="3.4.15"/>
<vers num="3.4.16"/>
<vers num="3.4.17"/>
<vers num="3.4.18"/>
<vers num="3.4.19"/>
<vers num="3.4.2"/>
<vers num="3.4.20"/>
<vers num="3.4.21"/>
<vers num="3.4.22"/>
<vers num="3.4.23"/>
<vers num="3.4.24"/>
<vers num="3.4.25"/>
<vers num="3.4.26"/>
<vers num="3.4.27"/>
<vers num="3.4.28"/>
<vers num="3.4.29"/>
<vers num="3.4.3"/>
<vers num="3.4.30"/>
<vers num="3.4.31"/>
<vers num="3.4.32"/>
<vers num="3.4.33"/>
<vers num="3.4.34"/>
<vers num="3.4.35"/>
<vers num="3.4.36"/>
<vers num="3.4.37"/>
<vers num="3.4.38"/>
<vers num="3.4.39"/>
<vers num="3.4.4"/>
<vers num="3.4.40"/>
<vers num="3.4.41"/>
<vers num="3.4.42"/>
<vers num="3.4.43"/>
<vers num="3.4.44"/>
<vers num="3.4.45"/>
<vers num="3.4.46"/>
<vers num="3.4.47"/>
<vers num="3.4.48"/>
<vers num="3.4.49"/>
<vers num="3.4.5"/>
<vers num="3.4.50"/>
<vers num="3.4.51"/>
<vers num="3.4.52"/>
<vers num="3.4.53"/>
<vers num="3.4.54"/>
<vers num="3.4.55"/>
<vers num="3.4.56"/>
<vers num="3.4.57"/>
<vers num="3.4.58"/>
<vers num="3.4.59"/>
<vers num="3.4.6"/>
<vers num="3.4.60"/>
<vers num="3.4.61"/>
<vers num="3.4.62"/>
<vers num="3.4.63"/>
<vers num="3.4.64"/>
<vers num="3.4.65"/>
<vers num="3.4.66"/>
<vers num="3.4.67"/>
<vers num="3.4.68"/>
<vers num="3.4.69"/>
<vers num="3.4.7"/>
<vers num="3.4.70"/>
<vers num="3.4.71"/>
<vers num="3.4.72"/>
<vers num="3.4.73"/>
<vers num="3.4.74"/>
<vers num="3.4.75"/>
<vers num="3.4.76"/>
<vers num="3.4.77"/>
<vers num="3.4.78"/>
<vers num="3.4.79"/>
<vers num="3.4.8"/>
<vers num="3.4.9"/>
<vers num="3.5.1"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.6"/>
<vers num="3.6.1"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.2"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.5"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="3.7"/>
<vers num="3.7.1"/>
<vers num="3.7.10"/>
<vers num="3.7.2"/>
<vers num="3.7.3"/>
<vers num="3.7.4"/>
<vers num="3.7.5"/>
<vers num="3.7.6"/>
<vers num="3.7.7"/>
<vers num="3.7.8"/>
<vers num="3.7.9"/>
<vers num="3.8.0"/>
<vers num="3.8.1"/>
<vers num="3.8.10"/>
<vers num="3.8.11"/>
<vers num="3.8.12"/>
<vers num="3.8.13"/>
<vers num="3.8.2"/>
<vers num="3.8.3"/>
<vers num="3.8.4"/>
<vers num="3.8.5"/>
<vers num="3.8.6"/>
<vers num="3.8.7"/>
<vers num="3.8.8"/>
<vers num="3.8.9"/>
<vers num="3.9" edition="rc1"/>
<vers num="3.9" edition="rc2"/>
<vers num="3.9" edition="rc3"/>
<vers num="3.9" edition="rc4"/>
<vers num="3.9" edition="rc5"/>
<vers num="3.9" edition="rc6"/>
<vers num="3.9" edition="rc7"/>
<vers num="3.9.0"/>
<vers num="3.9.1"/>
<vers num="3.9.10"/>
<vers num="3.9.11"/>
<vers num="3.9.2"/>
<vers num="3.9.3"/>
<vers num="3.9.4"/>
<vers num="3.9.5"/>
<vers num="3.9.6"/>
<vers num="3.9.7"/>
<vers num="3.9.8"/>
<vers num="3.9.9"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0187" published="2014-04-28" name="CVE-2014-0187" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
<desc>
<descript source="cve">The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugs.launchpad.net/neutron/+bug/1300785" source="CONFIRM" adv="1">https://bugs.launchpad.net/neutron/+bug/1300785</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/22/8" source="MLIST">[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)</ref>
</refs>
<vuln_soft>
<prod vendor="openstack" name="neutron">
<vers num="2013.1"/>
<vers num="2013.1.1"/>
<vers num="2013.1.2"/>
<vers num="2013.1.3"/>
<vers num="2013.1.4"/>
<vers num="2013.1.5"/>
<vers num="2013.2"/>
<vers num="2013.2.1"/>
<vers num="2013.2.2"/>
<vers num="2013.2.3"/>
<vers num="2014.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-0189" published="2014-05-02" name="CVE-2014-0189" modified="2014-05-02">
<desc>
<descript source="cve">virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.</descript>
</desc>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1088732" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1088732</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1081286" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1081286</ref>
<ref url="http://www.securityfocus.com/bid/67089" source="BID">67089</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/28/2" source="MLIST">[oss-security] 20140428 CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords)</ref>
</refs>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0350" published="2014-04-25" name="CVE-2014-0350" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
<desc>
<descript source="cve">The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.kb.cert.org/vuls/id/118748" source="CERT-VN">VU#118748</ref>
<ref url="https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG" source="CONFIRM">https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG</ref>
</refs>
<vuln_soft>
<prod vendor="pocoproject" name="poco_c++_libraries">
<vers num="1.4.5"/>
<vers prev="1" num="1.4.6" edition="-"/>
<vers prev="1" num="1.4.6" edition="p1"/>
<vers prev="1" num="1.4.6" edition="p2"/>
<vers prev="1" num="1.4.6" edition="p3"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0363" published="2014-04-30" name="CVE-2014-0363" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
<desc>
<descript source="cve">The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.</descript>
<descript source="nvd">Per: http://cwe.mitre.org/data/definitions/358.html
"CWE-358: Improperly Implemented Security Check for Standard"</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.kb.cert.org/vuls/id/489228" source="CERT-VN">VU#489228</ref>
<ref url="http://issues.igniterealtime.org/browse/SMACK-410" source="CONFIRM">http://issues.igniterealtime.org/browse/SMACK-410</ref>
<ref url="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" source="CONFIRM">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</ref>
</refs>
<vuln_soft>
<prod vendor="igniterealtime" name="smack">
<vers num="2.2.0"/>
<vers num="2.2.1"/>
<vers num="3.0.0"/>
<vers num="3.0.1"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.1.0"/>
<vers num="3.2.0"/>
<vers num="3.2.1"/>
<vers num="3.2.2"/>
<vers num="3.3.0"/>
<vers num="3.3.1"/>
<vers num="3.4.0"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-16"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-18"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-19"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-20"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-21"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-23"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-02"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-03"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-10"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-11"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-12"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-13"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-16"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-18"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-21"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-25"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-26"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-29"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-06"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-09"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-13"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-15"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0364" published="2014-04-30" name="CVE-2014-0364" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.</descript>
<descript source="nvd">Per: http://cwe.mitre.org/data/definitions/345.html
"CWE-345: Insufficient Verification of Data Authenticity"</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.kb.cert.org/vuls/id/489228" source="CERT-VN">VU#489228</ref>
<ref url="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" source="CONFIRM">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</ref>
</refs>
<vuln_soft>
<prod vendor="igniterealtime" name="smack">
<vers num="2.2.0"/>
<vers num="2.2.1"/>
<vers num="3.0.0"/>
<vers num="3.0.1"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.1.0"/>
<vers num="3.2.0"/>
<vers num="3.2.1"/>
<vers num="3.2.2"/>
<vers num="3.3.0"/>
<vers num="3.3.1"/>
<vers num="3.4.0"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-16"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-18"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-19"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-20"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-21"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-02-23"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-02"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-03"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-10"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-11"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-12"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-13"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-16"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-18"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-21"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-25"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-26"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-03-29"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-06"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-09"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-13"/>
<vers prev="1" num="4.0.0" edition="snapshot-2014-04-15"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0470" published="2014-04-30" name="CVE-2014-0470" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
<desc>
<descript source="cve">super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
<sec_prot admin="1"/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/28/6" source="MLIST">[oss-security] 20140428 super unchecked setuid (CVE-2014-0470)</ref>
<ref url="http://www.debian.org/security/2014/dsa-2917" source="DEBIAN">DSA-2917</ref>
</refs>
<vuln_soft>
<prod vendor="super_project" name="super">
<vers num="3.30.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0471" published="2014-04-30" name="CVE-2014-0471" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
<desc>
<descript source="cve">Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.ubuntu.com/usn/USN-2183-1" source="UBUNTU" adv="1">USN-2183-1</ref>
<ref url="http://www.debian.org/security/2014/dsa-2915" source="DEBIAN" adv="1">DSA-2915</ref>
</refs>
<vuln_soft>
<prod vendor="debian" name="dpkg">
<vers num="1.10"/>
<vers num="1.10.1"/>
<vers num="1.10.11"/>
<vers num="1.10.12"/>
<vers num="1.10.13"/>
<vers num="1.10.14"/>
<vers num="1.10.15"/>
<vers num="1.10.16"/>
<vers num="1.10.17"/>
<vers num="1.10.18"/>
<vers num="1.10.18.1"/>
<vers num="1.10.19"/>
<vers num="1.10.2"/>
<vers num="1.10.20"/>
<vers num="1.10.21"/>
<vers num="1.10.22"/>
<vers num="1.10.23"/>
<vers num="1.10.24"/>
<vers num="1.10.25"/>
<vers num="1.10.26"/>
<vers num="1.10.27"/>
<vers num="1.10.28"/>
<vers num="1.10.3"/>
<vers num="1.10.4"/>
<vers num="1.10.5"/>
<vers num="1.10.6"/>
<vers num="1.10.7"/>
<vers num="1.10.8"/>
<vers num="1.10.9"/>
<vers num="1.13.0"/>
<vers num="1.13.1"/>
<vers num="1.13.10"/>
<vers num="1.13.11"/>
<vers num="1.13.11.1"/>
<vers num="1.13.12"/>
<vers num="1.13.13"/>
<vers num="1.13.14"/>
<vers num="1.13.15"/>
<vers num="1.13.16"/>
<vers num="1.13.17"/>
<vers num="1.13.18"/>
<vers num="1.13.19"/>
<vers num="1.13.2"/>
<vers num="1.13.20"/>
<vers num="1.13.21"/>
<vers num="1.13.22"/>
<vers num="1.13.23"/>
<vers num="1.13.24"/>
<vers num="1.13.25"/>
<vers num="1.13.3"/>
<vers num="1.13.4"/>
<vers num="1.13.5"/>
<vers num="1.13.6"/>
<vers num="1.13.7"/>
<vers num="1.13.8"/>
<vers num="1.13.9"/>
<vers num="1.14.0"/>
<vers num="1.14.1"/>
<vers num="1.14.10"/>
<vers num="1.14.11"/>
<vers num="1.14.12"/>
<vers num="1.14.13"/>
<vers num="1.14.14"/>
<vers num="1.14.15"/>
<vers num="1.14.16"/>
<vers num="1.14.16.1"/>
<vers num="1.14.16.2"/>
<vers num="1.14.16.3"/>
<vers num="1.14.16.4"/>
<vers num="1.14.16.5"/>
<vers num="1.14.16.6"/>
<vers num="1.14.17"/>
<vers num="1.14.18"/>
<vers num="1.14.19"/>
<vers num="1.14.2"/>
<vers num="1.14.20"/>
<vers num="1.14.21"/>
<vers num="1.14.22"/>
<vers num="1.14.23"/>
<vers num="1.14.24"/>
<vers num="1.14.25"/>
<vers num="1.14.26"/>
<vers num="1.14.27"/>
<vers num="1.14.28"/>
<vers num="1.14.29"/>
<vers num="1.14.3"/>
<vers num="1.14.30"/>
<vers num="1.14.4"/>
<vers num="1.14.5"/>
<vers num="1.14.6"/>
<vers num="1.14.7"/>
<vers num="1.14.8"/>
<vers num="1.14.9"/>
<vers num="1.15.0"/>
<vers num="1.15.1"/>
<vers num="1.15.2"/>
<vers num="1.15.3"/>
<vers num="1.15.3.1"/>
<vers num="1.15.4"/>
<vers num="1.15.4.1"/>
<vers num="1.15.5"/>
<vers num="1.15.5.1"/>
<vers num="1.15.5.2"/>
<vers num="1.15.5.3"/>
<vers num="1.15.5.4"/>
<vers num="1.15.5.5"/>
<vers num="1.15.5.6"/>
<vers num="1.15.6"/>
<vers num="1.15.6.1"/>
<vers num="1.15.7"/>
<vers num="1.15.7.1"/>
<vers num="1.15.7.2"/>
<vers num="1.15.8"/>
<vers num="1.15.8.1"/>
<vers num="1.15.8.2"/>
<vers num="1.15.8.3"/>
<vers num="1.15.8.4"/>
<vers num="1.15.8.5"/>
<vers num="1.15.8.6"/>
<vers num="1.15.8.7"/>
<vers prev="1" num="1.15.8.8"/>
<vers num="1.15.8.9"/>
<vers num="1.16.0"/>
<vers num="1.16.0.1"/>
<vers num="1.16.0.2"/>
<vers num="1.16.0.3"/>
<vers num="1.16.1"/>
<vers num="1.16.1.1"/>
<vers num="1.16.1.2"/>
<vers num="1.16.10"/>
<vers num="1.16.11"/>
<vers num="1.16.12"/>
<vers num="1.16.2"/>
<vers num="1.16.3"/>
<vers num="1.16.4"/>
<vers num="1.16.4.1"/>
<vers num="1.16.4.2"/>
<vers num="1.16.4.3"/>
<vers num="1.16.5"/>
<vers num="1.16.6"/>
<vers num="1.16.7"/>
<vers num="1.16.8"/>
<vers num="1.16.9"/>
<vers num="1.17.0"/>
<vers num="1.17.1"/>
<vers num="1.17.2"/>
<vers num="1.17.3"/>
<vers num="1.17.4"/>
<vers num="1.17.5"/>
<vers num="1.17.6"/>
<vers num="1.17.7"/>
<vers num="1.9.1"/>
<vers num="1.9.10"/>
<vers num="1.9.11"/>
<vers num="1.9.12"/>
<vers num="1.9.13"/>
<vers num="1.9.14"/>
<vers num="1.9.15"/>
<vers num="1.9.16"/>
<vers num="1.9.17"/>
<vers num="1.9.18"/>
<vers num="1.9.19"/>
<vers num="1.9.2"/>
<vers num="1.9.20"/>
<vers num="1.9.21"/>
<vers num="1.9.3"/>
<vers num="1.9.7"/>
<vers num="1.9.8"/>
<vers num="1.9.9"/>
</prod>
<prod vendor="canonical" name="ubuntu_linux">
<vers num="10.04" edition="-:lts"/>
<vers num="12.04" edition="-:lts"/>
<vers num="12.10"/>
<vers num="13.10"/>
<vers num="14.04" edition=":lts"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0515" published="2014-04-29" name="CVE-2014-0515" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.</descript>
</desc>
<impacts>
<impact source="nvd">Per: http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
"Affected software versions
Adobe Flash Player 13.0.0.182 and earlier versions for Windows
Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh
Adobe Flash Player 11.2.202.350 and earlier versions for Linux"</impact>
</impacts>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-13.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-13.html</ref>
</refs>
<vuln_soft>
<prod vendor="adobe" name="flash_player">
<vers num="11.2.202.223"/>
<vers num="11.2.202.228"/>
<vers num="11.2.202.233"/>
<vers num="11.2.202.235"/>
<vers num="11.2.202.236"/>
<vers num="11.2.202.238"/>
<vers num="11.2.202.243"/>
<vers num="11.2.202.251"/>
<vers num="11.2.202.258"/>
<vers num="11.2.202.261"/>
<vers num="11.2.202.262"/>
<vers num="11.2.202.270"/>
<vers num="11.2.202.273"/>
<vers num="11.2.202.275"/>
<vers num="11.2.202.280"/>
<vers num="11.2.202.285"/>
<vers num="11.2.202.291"/>
<vers num="11.2.202.297"/>
<vers num="11.2.202.310"/>
<vers num="11.2.202.332"/>
<vers num="11.2.202.335"/>
<vers num="11.2.202.336"/>
<vers num="11.2.202.341"/>
<vers num="11.2.202.346"/>
<vers prev="1" num="11.2.202.350"/>
<vers num="11.7.700.169"/>
<vers num="11.7.700.202"/>
<vers num="11.7.700.224"/>
<vers num="11.7.700.225"/>
<vers num="11.7.700.232"/>
<vers num="11.7.700.242"/>
<vers num="11.7.700.257"/>
<vers num="11.7.700.260"/>
<vers num="11.7.700.261"/>
<vers num="11.7.700.269"/>
<vers num="11.7.700.272"/>
<vers prev="1" num="11.7.700.275"/>
<vers num="11.8.800.168"/>
<vers num="11.8.800.94"/>
<vers num="11.8.800.97"/>
<vers prev="1" num="13.0.0.182"/>
<vers prev="1" num="13.0.0.201"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0646" published="2014-05-01" name="CVE-2014-0646" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
<desc>
<descript source="cve">The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html" source="BUGTRAQ">20140430 ESA-2014-029: RSA Access Manager Sensitive Information Disclosure Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="emc" name="rsa_access_manager">
<vers num="6.1" edition="sp3"/>
<vers num="6.1" edition="sp4"/>
<vers num="6.2" edition="-"/>
<vers num="6.2" edition="sp1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0760" published="2014-04-25" name="CVE-2014-0760" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
<desc>
<descript source="cve">The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</ref>
</refs>
<vuln_soft>
<prod vendor="3s-software" name="codesys_runtime_system">
<vers num="-"/>
</prod>
<prod vendor="softmotion3d" name="softmotion">
<vers num="-"/>
</prod>
<prod vendor="festo" name="cecx-x-c1_modular_master_controller">
<vers num="-"/>
</prod>
<prod vendor="festo" name="cecx-x-m1_modular_controller">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0769" published="2014-04-25" name="CVE-2014-0769" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
<desc>
<descript source="cve">The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</ref>
</refs>
<vuln_soft>
<prod vendor="3s-software" name="codesys_runtime_system">
<vers num="-"/>
</prod>
<prod vendor="softmotion3d" name="softmotion">
<vers num="-"/>
</prod>
<prod vendor="festo" name="cecx-x-c1_modular_master_controller">
<vers num="-"/>
</prod>
<prod vendor="festo" name="cecx-x-m1_modular_controller">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-0780" published="2014-04-25" name="CVE-2014-0780" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02" source="MISC" patch="1">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02</ref>
</refs>
<vuln_soft>
<prod vendor="indusoft" name="web_studio">
<vers prev="1" num="7.1" edition="-"/>
<vers prev="1" num="7.1" edition="sp1"/>
<vers prev="1" num="7.1" edition="sp2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0786" published="2014-04-30" name="CVE-2014-0786" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01" source="MISC" patch="1">http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01</ref>
<ref url="http://www.integraxor.com/blog/category/security/vulnerability-note/" source="CONFIRM" adv="1">http://www.integraxor.com/blog/category/security/vulnerability-note/</ref>
</refs>
<vuln_soft>
<prod vendor="ecava" name="integraxor">
<vers num="4.1"/>
<vers num="4.1.4340"/>
<vers num="4.1.4360"/>
<vers num="4.1.4369"/>
<vers num="4.1.4380"/>
<vers prev="1" num="4.1.4390"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0823" published="2014-05-01" name="CVE-2014-0823" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/90498" source="XF">ibm-was-cve20140823-viewfiles(90498)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324" source="AIXAPAR">PI05324</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="websphere_application_server">
<vers num="8.0.0.0"/>
<vers num="8.0.0.1"/>
<vers num="8.0.0.2"/>
<vers num="8.0.0.3"/>
<vers num="8.0.0.4"/>
<vers num="8.0.0.5"/>
<vers num="8.0.0.6"/>
<vers num="8.0.0.7"/>
<vers num="8.0.0.8"/>
<vers num="8.5.0.0"/>
<vers num="8.5.0.1"/>
<vers num="8.5.0.2"/>
<vers num="8.5.5.0"/>
<vers num="8.5.5.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0857" published="2014-05-01" name="CVE-2014-0857" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/90863" source="XF">ibm-was-cve20140857-info-disc(90863)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808" source="AIXAPAR">PI07808</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="websphere_application_server">
<vers num="8.0.0.0"/>
<vers num="8.0.0.1"/>
<vers num="8.0.0.2"/>
<vers num="8.0.0.3"/>
<vers num="8.0.0.4"/>
<vers num="8.0.0.5"/>
<vers num="8.0.0.6"/>
<vers num="8.0.0.7"/>
<vers num="8.0.0.8"/>
<vers num="8.5.0.0"/>
<vers num="8.5.0.1"/>
<vers num="8.5.0.2"/>
<vers num="8.5.5.0"/>
<vers num="8.5.5.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0859" published="2014-05-01" name="CVE-2014-0859" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/90879" source="XF">ibm-was-cve20140859-retry(90879)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892" source="AIXAPAR">PI08892</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="websphere_application_server">
<vers num="7.0"/>
<vers num="7.0.0.1"/>
<vers num="7.0.0.10"/>
<vers num="7.0.0.11"/>
<vers num="7.0.0.12"/>
<vers num="7.0.0.13"/>
<vers num="7.0.0.14"/>
<vers num="7.0.0.15"/>
<vers num="7.0.0.16"/>
<vers num="7.0.0.17"/>
<vers num="7.0.0.18"/>
<vers num="7.0.0.19"/>
<vers num="7.0.0.2"/>
<vers num="7.0.0.21"/>
<vers num="7.0.0.22"/>
<vers num="7.0.0.23"/>
<vers num="7.0.0.24"/>
<vers num="7.0.0.25"/>
<vers num="7.0.0.27"/>
<vers num="7.0.0.29"/>
<vers num="7.0.0.3"/>
<vers num="7.0.0.31"/>
<vers num="7.0.0.4"/>
<vers num="7.0.0.5"/>
<vers num="7.0.0.6"/>
<vers num="7.0.0.7"/>
<vers num="7.0.0.8"/>
<vers num="7.0.0.9"/>
<vers num="8.0.0.0"/>
<vers num="8.0.0.1"/>
<vers num="8.0.0.2"/>
<vers num="8.0.0.3"/>
<vers num="8.0.0.4"/>
<vers num="8.0.0.5"/>
<vers num="8.0.0.6"/>
<vers num="8.0.0.7"/>
<vers num="8.0.0.8"/>
<vers num="8.5.0.0"/>
<vers num="8.5.0.1"/>
<vers num="8.5.0.2"/>
<vers num="8.5.5.0"/>
<vers num="8.5.5.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-0896" published="2014-05-01" name="CVE-2014-0896" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/91326" source="XF">ibm-was-cve20140896-info-disc(91326)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134" source="AIXAPAR">PI10134</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="websphere_application_server">
<vers num="8.5.0.0" edition="-:liberty_profile"/>
<vers num="8.5.0.1" edition="-:liberty_profile"/>
<vers num="8.5.0.2" edition="-:liberty_profile"/>
<vers num="8.5.5.0" edition="-:liberty_profile"/>
<vers num="8.5.5.1" edition="-:liberty_profile"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2014-0941" published="2014-05-01" name="CVE-2014-0941" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/92400" source="XF">ibm-netcoolomnibus-cve20140941-xss(92400)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="tivoli_netcool/omnibus">
<vers num="7.4.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2014-0942" published="2014-05-01" name="CVE-2014-0942" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/92401" source="XF">ibm-netcoolomnibus-cve20140942-xss(92401)</ref>
<ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</ref>
</refs>
<vuln_soft>
<prod vendor="ibm" name="tivoli_netcool/omnibus">
<vers num="7.4.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1217" published="2014-04-28" name="CVE-2014-1217" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/</ref>
<ref url="http://www.securityfocus.com/bid/67043" source="BID">67043</ref>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531911/100/0/threaded" source="BUGTRAQ">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/259" source="FULLDISC">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</ref>
</refs>
<vuln_soft>
<prod vendor="livetecs" name="timeline">
<vers num="2.81"/>
<vers num="2.91"/>
<vers num="2.94"/>
<vers num="3.0.1"/>
<vers num="3.0.3"/>
<vers num="3.0.5"/>
<vers num="3.1.1"/>
<vers num="3.2.1"/>
<vers num="3.5.1"/>
<vers num="3.6.1"/>
<vers num="3.7.1"/>
<vers num="3.8.1"/>
<vers num="4.2.1"/>
<vers num="4.3.1"/>
<vers num="4.9.1"/>
<vers num="5.2.1"/>
<vers num="6.0.1"/>
<vers num="6.2.1"/>
<vers num="6.2.3"/>
<vers num="6.2.4"/>
<vers num="6.2.6"/>
<vers num="6.2.7"/>
<vers num="6.2.71"/>
<vers num="7.1.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1441" published="2014-05-01" name="CVE-2014-1441" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.osvdb.org/102966" source="OSVDB">102966</ref>
<ref url="http://secunia.com/advisories/56850" source="SECUNIA" adv="1">56850</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Feb/39" source="FULLDISC">20140205 Core FTP Server Vulnerabilities</ref>
<ref url="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</ref>
<ref url="http://coreftp.com/forums/viewtopic.php?t=2985707" source="CONFIRM" adv="1">http://coreftp.com/forums/viewtopic.php?t=2985707</ref>
</refs>
<vuln_soft>
<prod vendor="coreftp" name="core_ftp">
<vers num="1.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1442" published="2014-05-01" name="CVE-2014-1442" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.osvdb.org/102967" source="OSVDB">102967</ref>
<ref url="http://secunia.com/advisories/56850" source="SECUNIA" adv="1">56850</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Feb/39" source="FULLDISC">20140205 Core FTP Server Vulnerabilities</ref>
<ref url="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</ref>
<ref url="http://coreftp.com/forums/viewtopic.php?t=2985707" source="CONFIRM" adv="1">http://coreftp.com/forums/viewtopic.php?t=2985707</ref>
</refs>
<vuln_soft>
<prod vendor="coreftp" name="core_ftp">
<vers num="1.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1443" published="2014-05-01" name="CVE-2014-1443" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.osvdb.org/102968" source="OSVDB">102968</ref>
<ref url="http://secunia.com/advisories/56850" source="SECUNIA" adv="1">56850</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Feb/39" source="FULLDISC">20140205 Core FTP Server Vulnerabilities</ref>
<ref url="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</ref>
<ref url="http://coreftp.com/forums/viewtopic.php?t=2985707" source="CONFIRM" adv="1">http://coreftp.com/forums/viewtopic.php?t=2985707</ref>
</refs>
<vuln_soft>
<prod vendor="coreftp" name="core_ftp">
<vers num="1.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1518" published="2014-04-30" name="CVE-2014-1518" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=993546" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=993546</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=992968" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=992968</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=991471" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=991471</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=986843" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=986843</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=986678" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=986678</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=980537" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=980537</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=966630" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=966630</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=952022" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=952022</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=944353" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=944353</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1519" published="2014-04-30" name="CVE-2014-1519" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=996883" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=996883</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=995607" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=995607</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=990794" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=990794</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=986864" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=986864</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=977955" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=977955</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=953104" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=953104</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=946658" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=946658</ref>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=919592" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=919592</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1520" published="2014-04-30" name="CVE-2014-1520" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
<desc>
<descript source="cve">maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=961676" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=961676</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-35.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-35.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1522" published="2014-04-30" name="CVE-2014-1522" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=995289" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=995289</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-36.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-36.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1523" published="2014-04-30" name="CVE-2014-1523" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=969226" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=969226</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-37.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-37.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1524" published="2014-04-30" name="CVE-2014-1524" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=989183" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=989183</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-38.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1525" published="2014-04-30" name="CVE-2014-1525" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
<desc>
<descript source="cve">The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=989210" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=989210</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-39.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-39.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1526" published="2014-04-30" name="CVE-2014-1526" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
<desc>
<descript source="cve">The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=988106" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=988106</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-47.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-47.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1527" published="2014-04-30" name="CVE-2014-1527" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=960146" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=960146</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-40.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-40.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1528" published="2014-04-30" name="CVE-2014-1528" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=963962" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=963962</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-41.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-41.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="28.0"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.25" edition="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1529" published="2014-04-30" name="CVE-2014-1529" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
<desc>
<descript source="cve">The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=987003" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=987003</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-42.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-42.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1530" published="2014-04-30" name="CVE-2014-1530" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=895557" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=895557</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-43.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-43.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1531" published="2014-04-30" name="CVE-2014-1531" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=987140" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=987140</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-44.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-44.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1532" published="2014-04-30" name="CVE-2014-1532" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=966006" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=966006</ref>
<ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-46.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-46.html</ref>
</refs>
<vuln_soft>
<prod vendor="mozilla" name="firefox">
<vers num="0.1"/>
<vers num="0.10"/>
<vers num="0.10.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.6.1"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.8"/>
<vers num="0.9" edition="rc"/>
<vers num="0.9.1"/>
<vers num="0.9.2"/>
<vers num="0.9.3"/>
<vers num="1.0" edition="preview_release"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.10"/>
<vers num="10.0.11"/>
<vers num="10.0.12"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="10.0.5"/>
<vers num="10.0.6"/>
<vers num="10.0.7"/>
<vers num="10.0.8"/>
<vers num="10.0.9"/>
<vers num="11.0"/>
<vers num="12.0" edition="beta6"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="14.0.1"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0.10"/>
<vers num="17.0.11"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="17.0.9"/>
<vers num="18.0"/>
<vers num="18.0.1"/>
<vers num="18.0.2"/>
<vers num="19.0"/>
<vers num="19.0.1"/>
<vers num="19.0.2"/>
<vers num="2.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.10"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="20.0"/>
<vers num="20.0.1"/>
<vers num="21.0"/>
<vers num="23.0"/>
<vers num="23.0.1"/>
<vers num="24.0"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="25.0"/>
<vers num="25.0.1"/>
<vers num="26.0"/>
<vers num="27.0"/>
<vers num="27.0.1"/>
<vers prev="1" num="28.0"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.5"/>
<vers num="3.5.1"/>
<vers num="3.5.10"/>
<vers num="3.5.11"/>
<vers num="3.5.12"/>
<vers num="3.5.13"/>
<vers num="3.5.14"/>
<vers num="3.5.15"/>
<vers num="3.5.16"/>
<vers num="3.5.17"/>
<vers num="3.5.18"/>
<vers num="3.5.19"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.5.6"/>
<vers num="3.5.7"/>
<vers num="3.5.8"/>
<vers num="3.5.9"/>
<vers num="3.6"/>
<vers num="3.6.10"/>
<vers num="3.6.11"/>
<vers num="3.6.12"/>
<vers num="3.6.13"/>
<vers num="3.6.14"/>
<vers num="3.6.15"/>
<vers num="3.6.16"/>
<vers num="3.6.17"/>
<vers num="3.6.18"/>
<vers num="3.6.19"/>
<vers num="3.6.2"/>
<vers num="3.6.20"/>
<vers num="3.6.21"/>
<vers num="3.6.22"/>
<vers num="3.6.23"/>
<vers num="3.6.24"/>
<vers num="3.6.25"/>
<vers num="3.6.26"/>
<vers num="3.6.27"/>
<vers num="3.6.28"/>
<vers num="3.6.3"/>
<vers num="3.6.4"/>
<vers num="3.6.6"/>
<vers num="3.6.7"/>
<vers num="3.6.8"/>
<vers num="3.6.9"/>
<vers num="4.0" edition="beta1"/>
<vers num="4.0" edition="beta10"/>
<vers num="4.0" edition="beta11"/>
<vers num="4.0" edition="beta12"/>
<vers num="4.0" edition="beta2"/>
<vers num="4.0" edition="beta3"/>
<vers num="4.0" edition="beta4"/>
<vers num="4.0" edition="beta5"/>
<vers num="4.0" edition="beta6"/>
<vers num="4.0" edition="beta7"/>
<vers num="4.0" edition="beta8"/>
<vers num="4.0" edition="beta9"/>
<vers num="4.0.1"/>
<vers num="5.0"/>
<vers num="5.0.1"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="8.0.1"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
<prod vendor="mozilla" name="firefox_esr">
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.0.2"/>
<vers num="24.1.0"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers num="24.4"/>
</prod>
<prod vendor="mozilla" name="seamonkey">
<vers num="2.0" edition="alpha_1"/>
<vers num="2.0" edition="alpha_2"/>
<vers num="2.0" edition="alpha_3"/>
<vers num="2.0" edition="beta_1"/>
<vers num="2.0" edition="beta_2"/>
<vers num="2.0" edition="rc1"/>
<vers num="2.0" edition="rc2"/>
<vers num="2.0.1"/>
<vers num="2.0.10"/>
<vers num="2.0.11"/>
<vers num="2.0.12"/>
<vers num="2.0.13"/>
<vers num="2.0.14"/>
<vers num="2.0.2"/>
<vers num="2.0.3"/>
<vers num="2.0.4"/>
<vers num="2.0.5"/>
<vers num="2.0.6"/>
<vers num="2.0.7"/>
<vers num="2.0.8"/>
<vers num="2.0.9"/>
<vers num="2.1" edition="alpha1"/>
<vers num="2.1" edition="alpha2"/>
<vers num="2.1" edition="alpha3"/>
<vers num="2.1" edition="beta1"/>
<vers num="2.1" edition="beta2"/>
<vers num="2.1" edition="beta3"/>
<vers num="2.1" edition="rc1"/>
<vers num="2.1" edition="rc2"/>
<vers num="2.10" edition="beta1"/>
<vers num="2.10" edition="beta2"/>
<vers num="2.10" edition="beta3"/>
<vers num="2.10.1"/>
<vers num="2.11" edition="beta1"/>
<vers num="2.11" edition="beta2"/>
<vers num="2.11" edition="beta3"/>
<vers num="2.11" edition="beta4"/>
<vers num="2.11" edition="beta5"/>
<vers num="2.11" edition="beta6"/>
<vers num="2.12" edition="beta1"/>
<vers num="2.12" edition="beta2"/>
<vers num="2.12" edition="beta3"/>
<vers num="2.12" edition="beta4"/>
<vers num="2.12" edition="beta5"/>
<vers num="2.12" edition="beta6"/>
<vers num="2.12.1"/>
<vers num="2.13" edition="beta1"/>
<vers num="2.13" edition="beta2"/>
<vers num="2.13" edition="beta3"/>
<vers num="2.13" edition="beta4"/>
<vers num="2.13" edition="beta5"/>
<vers num="2.13" edition="beta6"/>
<vers num="2.13.1"/>
<vers num="2.13.2"/>
<vers num="2.14" edition="beta1"/>
<vers num="2.14" edition="beta2"/>
<vers num="2.14" edition="beta3"/>
<vers num="2.14" edition="beta4"/>
<vers num="2.14" edition="beta5"/>
<vers num="2.15" edition="beta1"/>
<vers num="2.15" edition="beta2"/>
<vers num="2.15" edition="beta3"/>
<vers num="2.15" edition="beta4"/>
<vers num="2.15" edition="beta5"/>
<vers num="2.15" edition="beta6"/>
<vers num="2.15.1"/>
<vers num="2.15.2"/>
<vers num="2.16" edition="beta1"/>
<vers num="2.16" edition="beta2"/>
<vers num="2.16" edition="beta3"/>
<vers num="2.16" edition="beta4"/>
<vers num="2.16" edition="beta5"/>
<vers num="2.16.1"/>
<vers num="2.16.2"/>
<vers num="2.17" edition="beta1"/>
<vers num="2.17" edition="beta2"/>
<vers num="2.17" edition="beta3"/>
<vers num="2.17" edition="beta4"/>
<vers num="2.17.1"/>
<vers num="2.18" edition="beta1"/>
<vers num="2.18" edition="beta2"/>
<vers num="2.18" edition="beta3"/>
<vers num="2.18" edition="beta4"/>
<vers num="2.19" edition="beta1"/>
<vers num="2.19" edition="beta2"/>
<vers num="2.2" edition="beta1"/>
<vers num="2.2" edition="beta2"/>
<vers num="2.2" edition="beta3"/>
<vers num="2.20" edition="beta1"/>
<vers num="2.20" edition="beta2"/>
<vers num="2.20" edition="beta3"/>
<vers num="2.21" edition="beta1"/>
<vers num="2.21" edition="beta2"/>
<vers num="2.22" edition="beta1"/>
<vers num="2.22" edition="beta2"/>
<vers num="2.22.1"/>
<vers num="2.23" edition="beta1"/>
<vers num="2.23" edition="beta2"/>
<vers num="2.24" edition="beta1"/>
<vers num="2.25" edition="-"/>
<vers num="2.25" edition="beta1"/>
<vers num="2.25" edition="beta2"/>
<vers num="2.25" edition="beta3"/>
<vers prev="1" num="2.26" edition="rc1"/>
<vers num="2.3" edition="beta1"/>
<vers num="2.3" edition="beta2"/>
<vers num="2.3" edition="beta3"/>
<vers num="2.3.1"/>
<vers num="2.3.2"/>
<vers num="2.3.3"/>
<vers num="2.4" edition="beta1"/>
<vers num="2.4" edition="beta2"/>
<vers num="2.4" edition="beta3"/>
<vers num="2.4.1"/>
<vers num="2.5" edition="beta1"/>
<vers num="2.5" edition="beta2"/>
<vers num="2.5" edition="beta3"/>
<vers num="2.5" edition="beta4"/>
<vers num="2.6" edition="beta1"/>
<vers num="2.6" edition="beta2"/>
<vers num="2.6" edition="beta3"/>
<vers num="2.6" edition="beta4"/>
<vers num="2.6.1"/>
<vers num="2.7" edition="beta1"/>
<vers num="2.7" edition="beta2"/>
<vers num="2.7" edition="beta3"/>
<vers num="2.7" edition="beta4"/>
<vers num="2.7" edition="beta5"/>
<vers num="2.7.1"/>
<vers num="2.7.2"/>
<vers num="2.8" edition="beta1"/>
<vers num="2.8" edition="beta2"/>
<vers num="2.8" edition="beta3"/>
<vers num="2.8" edition="beta4"/>
<vers num="2.8" edition="beta5"/>
<vers num="2.8" edition="beta6"/>
<vers num="2.9" edition="beta1"/>
<vers num="2.9" edition="beta2"/>
<vers num="2.9" edition="beta3"/>
<vers num="2.9" edition="beta4"/>
<vers num="2.9.1"/>
</prod>
<prod vendor="mozilla" name="thunderbird">
<vers num="0.1"/>
<vers num="0.2"/>
<vers num="0.3"/>
<vers num="0.4"/>
<vers num="0.5"/>
<vers num="0.6"/>
<vers num="0.7"/>
<vers num="0.7.1"/>
<vers num="0.7.2"/>
<vers num="0.7.3"/>
<vers num="0.8"/>
<vers num="0.9"/>
<vers num="1.0"/>
<vers num="1.0.1"/>
<vers num="1.0.2"/>
<vers num="1.0.3"/>
<vers num="1.0.4"/>
<vers num="1.0.5" edition="beta"/>
<vers num="1.0.6"/>
<vers num="1.0.7"/>
<vers num="1.0.8"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5.0.1"/>
<vers num="1.5.0.10"/>
<vers num="1.5.0.11"/>
<vers num="1.5.0.12"/>
<vers num="1.5.0.13"/>
<vers num="1.5.0.14"/>
<vers num="1.5.0.2"/>
<vers num="1.5.0.3"/>
<vers num="1.5.0.4"/>
<vers num="1.5.0.5"/>
<vers num="1.5.0.6"/>
<vers num="1.5.0.7"/>
<vers num="1.5.0.8"/>
<vers num="1.5.0.9"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.7.1"/>
<vers num="1.7.3"/>
<vers num="10.0"/>
<vers num="10.0.1"/>
<vers num="10.0.2"/>
<vers num="10.0.3"/>
<vers num="10.0.4"/>
<vers num="11.0"/>
<vers num="11.0.1"/>
<vers num="12.0"/>
<vers num="12.0.1"/>
<vers num="13.0"/>
<vers num="13.0.1"/>
<vers num="14.0"/>
<vers num="15.0"/>
<vers num="15.0.1"/>
<vers num="16.0"/>
<vers num="16.0.1"/>
<vers num="16.0.2"/>
<vers num="17.0"/>
<vers num="17.0.1"/>
<vers num="17.0.2"/>
<vers num="17.0.3"/>
<vers num="17.0.4"/>
<vers num="17.0.5"/>
<vers num="17.0.6"/>
<vers num="17.0.7"/>
<vers num="17.0.8"/>
<vers num="2.0"/>
<vers num="2.0.0.0"/>
<vers num="2.0.0.1"/>
<vers num="2.0.0.11"/>
<vers num="2.0.0.12"/>
<vers num="2.0.0.13"/>
<vers num="2.0.0.14"/>
<vers num="2.0.0.15"/>
<vers num="2.0.0.16"/>
<vers num="2.0.0.17"/>
<vers num="2.0.0.18"/>
<vers num="2.0.0.19"/>
<vers num="2.0.0.2"/>
<vers num="2.0.0.20"/>
<vers num="2.0.0.21"/>
<vers num="2.0.0.22"/>
<vers num="2.0.0.23"/>
<vers num="2.0.0.3"/>
<vers num="2.0.0.4"/>
<vers num="2.0.0.5"/>
<vers num="2.0.0.6"/>
<vers num="2.0.0.7"/>
<vers num="2.0.0.8"/>
<vers num="2.0.0.9"/>
<vers num="24.0"/>
<vers num="24.0.1"/>
<vers num="24.1"/>
<vers num="24.1.1"/>
<vers num="24.2"/>
<vers num="24.3"/>
<vers prev="1" num="24.4"/>
<vers num="3.0"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.0.4"/>
<vers num="3.0.5"/>
<vers num="3.0.6"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1"/>
<vers num="3.1.1"/>
<vers num="3.1.10"/>
<vers num="3.1.11"/>
<vers num="3.1.12"/>
<vers num="3.1.13"/>
<vers num="3.1.14"/>
<vers num="3.1.15"/>
<vers num="3.1.16"/>
<vers num="3.1.17"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers num="3.1.7"/>
<vers num="3.1.8"/>
<vers num="3.1.9"/>
<vers num="5.0"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
<vers num="6.0.2"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="8.0"/>
<vers num="9.0"/>
<vers num="9.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1730" published="2014-04-26" name="CVE-2014-1730" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://code.google.com/p/v8/source/detail?r=20595" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20595</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20593" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20593</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20388" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20388</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20377" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20377</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20375" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20375</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=354967" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=354967</ref>
<ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="chrome">
<vers prev="1" num="34.0.1847.130"/>
<vers prev="1" num="34.0.1847.131"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1731" published="2014-04-26" name="CVE-2014-1731" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=349903" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=349903</ref>
<ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="chrome">
<vers prev="1" num="34.0.1847.130"/>
<vers prev="1" num="34.0.1847.131"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1732" published="2014-04-26" name="CVE-2014-1732" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=352851" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352851</ref>
<ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="chrome">
<vers prev="1" num="34.0.1847.130"/>
<vers prev="1" num="34.0.1847.131"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1733" published="2014-04-26" name="CVE-2014-1733" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=351103" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351103</ref>
<ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="chrome">
<vers prev="1" num="34.0.1847.130"/>
<vers prev="1" num="34.0.1847.131"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1734" published="2014-04-26" name="CVE-2014-1734" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://code.google.com/p/chromium/issues/detail?id=367314" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=367314</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=357382" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=357382</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=356181" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=356181</ref>
<ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="chrome">
<vers prev="1" num="34.0.1847.130"/>
<vers prev="1" num="34.0.1847.131"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1735" published="2014-04-26" name="CVE-2014-1735" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision</ref>
<ref url="https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20624" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20624</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20622" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20622</ref>
<ref url="https://code.google.com/p/v8/source/detail?r=20501" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20501</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=360429" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=360429</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=359525" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=359525</ref>
<ref url="https://code.google.com/p/chromium/issues/detail?id=359130" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=359130</ref>
<ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
</refs>
<vuln_soft>
<prod vendor="google" name="chrome">
<vers prev="1" num="34.0.1847.130"/>
<vers prev="1" num="34.0.1847.131"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1762" published="2014-04-27" name="CVE-2014-1762" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Unspecified vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
<ref url="http://twitter.com/thezdi/statuses/443810610958958592" source="MISC">http://twitter.com/thezdi/statuses/443810610958958592</ref>
</refs>
<vuln_soft>
<prod vendor="microsoft" name="internet_explorer">
<vers num="11" edition="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1763" published="2014-04-27" name="CVE-2014-1763" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Use-after-free vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
<ref url="http://twitter.com/thezdi/statuses/443855973673754624" source="MISC">http://twitter.com/thezdi/statuses/443855973673754624</ref>
</refs>
<vuln_soft>
<prod vendor="microsoft" name="internet_explorer">
<vers num="11" edition="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1764" published="2014-04-27" name="CVE-2014-1764" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
<ref url="http://twitter.com/thezdi/statuses/443855973673754624" source="MISC">http://twitter.com/thezdi/statuses/443855973673754624</ref>
</refs>
<vuln_soft>
<prod vendor="microsoft" name="internet_explorer">
<vers num="11" edition="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1765" published="2014-04-27" name="CVE-2014-1765" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</ref>
<ref url="http://twitter.com/thezdi/statuses/444216845734666240" source="MISC">http://twitter.com/thezdi/statuses/444216845734666240</ref>
</refs>
<vuln_soft>
<prod vendor="microsoft" name="internet_explorer">
<vers num="11" edition="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1766" published="2014-04-27" name="CVE-2014-1766" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
<desc>
<descript source="cve">Unspecified vulnerability in the kernel in Microsoft Windows 8.1 allows local users to gain privileges via unknown vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</ref>
<ref url="http://twitter.com/thezdi/statuses/444216845734666240" source="MISC">http://twitter.com/thezdi/statuses/444216845734666240</ref>
</refs>
<vuln_soft>
<prod vendor="microsoft" name="windows_8.1">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1776" published="2014-04-27" name="CVE-2014-1776" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2014.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://technet.microsoft.com/library/security/2963983" source="CONFIRM" adv="1">https://technet.microsoft.com/library/security/2963983</ref>
<ref url="http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html" source="MISC">http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html</ref>
</refs>
<vuln_soft>
<prod vendor="microsoft" name="internet_explorer">
<vers num="10"/>
<vers num="11" edition="-"/>
<vers num="6"/>
<vers num="7"/>
<vers num="8"/>
<vers num="9"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1841" published="2014-04-29" name="CVE-2014-1841" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" source="FULLDISC">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</ref>
</refs>
<vuln_soft>
<prod vendor="southrivertech" name="titan_ftp_server">
<vers num="10.0.1733"/>
<vers num="10.01.1740"/>
<vers num="10.30"/>
<vers prev="1" num="10.40"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1842" published="2014-04-29" name="CVE-2014-1842" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" source="FULLDISC">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</ref>
</refs>
<vuln_soft>
<prod vendor="southrivertech" name="titan_ftp_server">
<vers num="10.0.1733"/>
<vers num="10.01.1740"/>
<vers num="10.30"/>
<vers prev="1" num="10.40"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1843" published="2014-04-29" name="CVE-2014-1843" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" source="FULLDISC">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</ref>
</refs>
<vuln_soft>
<prod vendor="southrivertech" name="titan_ftp_server">
<vers num="10.0.1733"/>
<vers num="10.01.1740"/>
<vers num="10.30"/>
<vers prev="1" num="10.40"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-1899" published="2014-05-02" name="CVE-2014-1899" modified="2014-05-02">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
</desc>
<refs>
<ref url="https://support.citrix.com/article/CTX140291" source="CONFIRM">https://support.citrix.com/article/CTX140291</ref>
</refs>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1955" published="2014-04-30" name="CVE-2014-1955" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.fortiguard.com/advisory/FG-IR-13-009/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-009/</ref>
</refs>
<vuln_soft>
<prod vendor="fortinet" name="fortiweb">
<vers prev="1" num="5.0.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-1956" published="2014-04-30" name="CVE-2014-1956" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.</descript>
<descript source="nvd">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') "http://cwe.mitre.org/data/definitions/113.html"</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.fortiguard.com/advisory/FG-IR-13-009/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-009/</ref>
</refs>
<vuln_soft>
<prod vendor="fortinet" name="fortiweb">
<vers prev="1" num="5.0.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1957" published="2014-04-30" name="CVE-2014-1957" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
<desc>
<descript source="cve">FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
<sec_prot user="1"/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.fortiguard.com/advisory/FG-IR-13-009/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-009/</ref>
</refs>
<vuln_soft>
<prod vendor="fortinet" name="fortiweb">
<vers prev="1" num="5.0.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2014-1988" published="2014-05-02" name="CVE-2014-1988" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://support.cybozu.com/ja-jp/article/8105" source="CONFIRM" adv="1">https://support.cybozu.com/ja-jp/article/8105</ref>
<ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042" source="JVNDB">JVNDB-2014-000042</ref>
<ref url="http://jvn.jp/en/jp/JVN90519014/index.html" source="JVN">JVN#90519014</ref>
</refs>
<vuln_soft>
<prod vendor="cybozu" name="garoon">
<vers num="2.0.0"/>
<vers num="2.1.0"/>
<vers num="2.1.1"/>
<vers num="2.1.2"/>
<vers num="2.1.3"/>
<vers num="2.5.0"/>
<vers num="2.5.1"/>
<vers num="2.5.2"/>
<vers num="2.5.3"/>
<vers num="2.5.4"/>
<vers num="3.0.0"/>
<vers num="3.0.1"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.1.0"/>
<vers num="3.1.1"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.5.0"/>
<vers num="3.5.1"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.7" edition="sp1"/>
<vers num="3.7" edition="sp2"/>
<vers num="3.7.0"/>
<vers num="3.7.1"/>
<vers num="3.7.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-1989" published="2014-05-02" name="CVE-2014-1989" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
<desc>
<descript source="cve">Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://support.cybozu.com/ja/article/5264" source="CONFIRM" adv="1">https://support.cybozu.com/ja/article/5264</ref>
<ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043" source="JVNDB">JVNDB-2014-000043</ref>
<ref url="http://jvn.jp/en/jp/JVN31230946/index.html" source="JVN">JVN#31230946</ref>
</refs>
<vuln_soft>
<prod vendor="cybozu" name="garoon">
<vers num="3.0.0"/>
<vers num="3.0.1"/>
<vers num="3.0.2"/>
<vers num="3.0.3"/>
<vers num="3.1.0"/>
<vers num="3.1.1"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.5.0"/>
<vers num="3.5.1"/>
<vers num="3.5.2"/>
<vers num="3.5.3"/>
<vers num="3.5.4"/>
<vers num="3.5.5"/>
<vers num="3.7" edition="sp1"/>
<vers num="3.7" edition="sp2"/>
<vers num="3.7" edition="sp3"/>
<vers num="3.7.0"/>
<vers num="3.7.1"/>
<vers num="3.7.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2042" published="2014-04-28" name="CVE-2014-2042" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.</descript>
<descript source="nvd">Per: http://cwe.mitre.org/data/definitions/434.html
"CWE-434: Unrestricted Upload of File with Dangerous Type"</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531914/100/0/threaded" source="BUGTRAQ">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/260" source="FULLDISC">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</ref>
</refs>
<vuln_soft>
<prod vendor="livetecs" name="timeline">
<vers num="2.81"/>
<vers num="2.91"/>
<vers num="2.94"/>
<vers num="3.0.1"/>
<vers num="3.0.3"/>
<vers num="3.0.5"/>
<vers num="3.1.1"/>
<vers num="3.2.1"/>
<vers num="3.5.1"/>
<vers num="3.6.1"/>
<vers num="3.7.1"/>
<vers num="3.8.1"/>
<vers num="4.2.1"/>
<vers num="4.3.1"/>
<vers num="4.9.1"/>
<vers num="5.2.1"/>
<vers num="6.0.1"/>
<vers num="6.2.1"/>
<vers num="6.2.3"/>
<vers num="6.2.4"/>
<vers num="6.2.6"/>
<vers num="6.2.7"/>
<vers num="6.2.71"/>
<vers prev="1" num="6.2.8"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2156" published="2014-05-02" name="CVE-2014-2156" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
<desc>
<descript source="cve">Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.</descript>
</desc>
<impacts>
<impact source="nvd">Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp
" Vulnerable Products
The following products running a version of Cisco TelePresence System MXP Series Software prior to F9.3.1 are affected by the vulnerabilities described in this advisory:
Cisco TelePresence System 1700 MXP
Cisco TelePresence System 1000 MXP
Cisco TelePresence System Edge 75 MXP
Cisco TelePresence System Edge 85 MXP
Cisco TelePresence System Edge 95 MXP
Cisco TelePresence System Codec 3000 MXP
Cisco TelePresence System Codec 6000 MXP
Tandberg 550 MXP
Tandberg 770 MXP
Tandberg 880 MXP
Tandberg 990 MXP
Tandberg 2000 MXP"
</impact>
</impacts>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_system_software">
<vers num="f9.0.1"/>
<vers num="f9.0.2"/>
<vers num="f9.1.0"/>
<vers num="f9.1.1"/>
<vers num="f9.1.2"/>
<vers prev="1" num="f9.3"/>
<vers num="fnc9.1.0"/>
<vers num="fnc9.1.1"/>
<vers num="fnc9.1.2"/>
<vers num="fnc9.3"/>
</prod>
<prod vendor="cisco" name="tandberg_2000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_550_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_770_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_880_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_990_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1700_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_75_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_85_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_95_mxp">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2157" published="2014-05-02" name="CVE-2014-2157" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
<desc>
<descript source="cve">Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.</descript>
</desc>
<impacts>
<impact source="nvd">Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp
" Vulnerable Products
The following products running a version of Cisco TelePresence System MXP Series Software prior to F9.3.1 are affected by the vulnerabilities described in this advisory:
Cisco TelePresence System 1700 MXP
Cisco TelePresence System 1000 MXP
Cisco TelePresence System Edge 75 MXP
Cisco TelePresence System Edge 85 MXP
Cisco TelePresence System Edge 95 MXP
Cisco TelePresence System Codec 3000 MXP
Cisco TelePresence System Codec 6000 MXP
Tandberg 550 MXP
Tandberg 770 MXP
Tandberg 880 MXP
Tandberg 990 MXP
Tandberg 2000 MXP"</impact>
</impacts>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_system_software">
<vers num="f9.0.1"/>
<vers num="f9.0.2"/>
<vers num="f9.1.0"/>
<vers num="f9.1.1"/>
<vers num="f9.1.2"/>
<vers prev="1" num="f9.3"/>
<vers num="fnc9.1.0"/>
<vers num="fnc9.1.1"/>
<vers num="fnc9.1.2"/>
<vers num="fnc9.3"/>
</prod>
<prod vendor="cisco" name="tandberg_2000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_550_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_770_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_880_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_990_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1700_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_75_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_85_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_95_mxp">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2158" published="2014-05-02" name="CVE-2014-2158" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_system_software">
<vers num="f9.0.1"/>
<vers num="f9.0.2"/>
<vers num="f9.1.0"/>
<vers num="f9.1.1"/>
<vers num="f9.1.2"/>
<vers prev="1" num="f9.3"/>
<vers num="fnc9.1.0"/>
<vers num="fnc9.1.1"/>
<vers num="fnc9.1.2"/>
<vers num="fnc9.3"/>
</prod>
<prod vendor="cisco" name="tandberg_2000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_550_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_770_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_880_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_990_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1700_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_75_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_85_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_95_mxp">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2159" published="2014-05-02" name="CVE-2014-2159" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_system_software">
<vers num="f9.0.1"/>
<vers num="f9.0.2"/>
<vers num="f9.1.0"/>
<vers num="f9.1.1"/>
<vers num="f9.1.2"/>
<vers prev="1" num="f9.3"/>
<vers num="fnc9.1.0"/>
<vers num="fnc9.1.1"/>
<vers num="fnc9.1.2"/>
<vers num="fnc9.3"/>
</prod>
<prod vendor="cisco" name="tandberg_2000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_550_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_770_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_880_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_990_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1700_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_75_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_85_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_95_mxp">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2160" published="2014-05-02" name="CVE-2014-2160" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_system_software">
<vers num="f9.0.1"/>
<vers num="f9.0.2"/>
<vers num="f9.1.0"/>
<vers num="f9.1.1"/>
<vers num="f9.1.2"/>
<vers prev="1" num="f9.3"/>
<vers num="fnc9.1.0"/>
<vers num="fnc9.1.1"/>
<vers num="fnc9.1.2"/>
<vers num="fnc9.3"/>
</prod>
<prod vendor="cisco" name="tandberg_2000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_550_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_770_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_880_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_990_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1700_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_75_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_85_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_95_mxp">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2161" published="2014-05-02" name="CVE-2014-2161" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_system_software">
<vers num="f9.0.1"/>
<vers num="f9.0.2"/>
<vers num="f9.1.0"/>
<vers num="f9.1.1"/>
<vers num="f9.1.2"/>
<vers prev="1" num="f9.3"/>
<vers num="fnc9.1.0"/>
<vers num="fnc9.1.1"/>
<vers num="fnc9.1.2"/>
<vers num="fnc9.3"/>
</prod>
<prod vendor="cisco" name="tandberg_2000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_550_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_770_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_880_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="tandberg_990_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_1700_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_75_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_85_mxp">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="telepresence_system_edge_95_mxp">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2162" published="2014-05-02" name="CVE-2014-2162" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2163" published="2014-05-02" name="CVE-2014-2163" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2164" published="2014-05-02" name="CVE-2014-2164" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2165" published="2014-05-02" name="CVE-2014-2165" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2166" published="2014-05-02" name="CVE-2014-2166" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2167" published="2014-05-02" name="CVE-2014-2167" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2168" published="2014-05-02" name="CVE-2014-2168" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
<desc>
<descript source="cve">Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2169" published="2014-05-02" name="CVE-2014-2169" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
<desc>
<descript source="cve">Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
<vers num="6.0.0"/>
<vers num="6.0.1"/>
<vers num="6.1.0"/>
<vers num="6.1.1"/>
<vers num="6.1.2"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2170" published="2014-05-02" name="CVE-2014-2170" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
<desc>
<descript source="cve">Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="6.0.0"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2171" published="2014-05-02" name="CVE-2014-2171" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
<vers num="6.0.0"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
<vers num="6.0.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2172" published="2014-05-02" name="CVE-2014-2172" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="6.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="2.7" CVSS_base_score="6.6">
<desc>
<descript source="cve">Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2173" published="2014-05-02" name="CVE-2014-2173" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
<desc>
<descript source="cve">Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2175" published="2014-05-02" name="CVE-2014-2175" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="telepresence_tc_software">
<vers num="4.0.0"/>
<vers num="4.0.1"/>
<vers num="4.0.4"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.2.0"/>
<vers num="4.2.1"/>
<vers num="4.2.2"/>
<vers num="4.2.3"/>
<vers num="4.2.4"/>
<vers num="5.0.0"/>
<vers num="5.0.1"/>
<vers num="5.0.2"/>
<vers num="5.1.0"/>
<vers num="5.1.1"/>
<vers num="5.1.2"/>
<vers num="5.1.3"/>
<vers num="5.1.4"/>
<vers num="5.1.5"/>
<vers num="5.1.6"/>
<vers num="5.1.7"/>
</prod>
<prod vendor="cisco" name="telepresence_te_software">
<vers num="4.1.0"/>
<vers num="4.1.1"/>
<vers num="4.1.2"/>
<vers num="4.1.3"/>
<vers num="6.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2180" published="2014-04-29" name="CVE-2014-2180" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2180" source="CISCO" adv="1">20140428 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="unified_contact_center_enterprise">
<vers num=""/>
</prod>
<prod vendor="cisco" name="unified_contact_center_express_editor_software">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2182" published="2014-04-29" name="CVE-2014-2182" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
<desc>
<descript source="cve">Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<local_network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182" source="CISCO" adv="1">20140428 Cisco ASA DHCPv6 Denial of Service Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="adaptive_security_appliance_software">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2183" published="2014-04-29" name="CVE-2014-2183" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="6.3" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.8" CVSS_base_score="6.3">
<desc>
<descript source="cve">The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33971" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33971</ref>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183" source="CISCO" adv="1">20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="asr_1001_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1002-x_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1002_fixed_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1002_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1004_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1006_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1013_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="asr_1023_router">
<vers num="-"/>
</prod>
<prod vendor="cisco" name="ios_xe">
<vers num="3.10"/>
<vers num="3.10.0s"/>
<vers num="3.10.1s"/>
<vers num="3.10.1s1"/>
<vers prev="1" num="3.10.2s"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2184" published="2014-04-29" name="CVE-2014-2184" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184" source="CISCO" adv="1">20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="unified_communications_manager">
<vers num=""/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2185" published="2014-04-29" name="CVE-2014-2185" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185" source="CISCO" adv="1">20140428 Cisco Unified Communications Manager CDR Management Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="unified_communications_manager">
<vers num=""/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2186" published="2014-04-30" name="CVE-2014-2186" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
<desc>
<descript source="cve">Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186" source="CISCO" adv="1">20140429 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability</ref>
</refs>
<vuln_soft>
<prod vendor="cisco" name="webex_meetings_server">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2014-2260" published="2014-04-30" name="CVE-2014-2260" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310" source="MISC" patch="1">https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310</ref>
<ref url="https://github.com/Eugeny/ajenti/issues/233" source="CONFIRM">https://github.com/Eugeny/ajenti/issues/233</ref>
<ref url="http://www.securityfocus.com/bid/64982" source="BID">64982</ref>
<ref url="http://www.osvdb.org/102174" source="OSVDB">102174</ref>
<ref url="http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html</ref>
</refs>
<vuln_soft>
<prod vendor="ajenti" name="ajenti">
<vers num="1.2.13"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2285" published="2014-04-27" name="CVE-2014-2285" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072778" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1072778</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072044" source="CONFIRM" adv="1">https://bugzilla.redhat.com/show_bug.cgi?id=1072044</ref>
<ref url="http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html" source="MISC">http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html</ref>
<ref url="http://sourceforge.net/p/net-snmp/patches/1275/" source="CONFIRM">http://sourceforge.net/p/net-snmp/patches/1275/</ref>
<ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" source="SUSE">openSUSE-SU-2014:0399</ref>
<ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" source="SUSE">openSUSE-SU-2014:0398</ref>
<ref url="http://comments.gmane.org/gmane.comp.security.oss.general/12284" source="MLIST">[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws</ref>
</refs>
<vuln_soft>
<prod vendor="net-snmp" name="net-snmp">
<vers prev="1" num="5.7.3" edition="pre1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-2322" published="2014-05-02" name="CVE-2014-2322" modified="2014-05-02">
<desc>
<descript source="cve">lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.</descript>
</desc>
<refs>
<ref url="http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html" source="MISC">http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/03/12/6" source="MLIST">[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/03/10/8" source="MLIST">[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</ref>
</refs>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2383" published="2014-04-28" name="CVE-2014-2383" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/</ref>
<ref url="https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028" source="CONFIRM">https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028</ref>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531912/100/0/threaded" source="BUGTRAQ">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/258" source="FULLDISC">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</ref>
</refs>
<vuln_soft>
<prod vendor="dompdf" name="dompdf">
<vers prev="1" num="0.6.0" edition="beta3"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2545" published="2014-04-30" name="CVE-2014-2545" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt</ref>
<ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
</refs>
<vuln_soft>
<prod vendor="tibco" name="managed_file_transfer_command_center">
<vers num="6.7"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="7.1.0"/>
<vers num="7.2.0"/>
<vers prev="1" num="7.2.1"/>
</prod>
<prod vendor="tibco" name="managed_file_transfer_internet_server">
<vers num="6.7"/>
<vers num="7.0"/>
<vers num="7.0.1"/>
<vers num="7.1.0"/>
<vers num="7.2.0"/>
<vers prev="1" num="7.2.1"/>
</prod>
<prod vendor="tibco" name="slingshot">
<vers num="1.7.0"/>
<vers num="1.8.0"/>
<vers num="1.8.1"/>
<vers prev="1" num="1.9.0"/>
</prod>
<prod vendor="tibco" name="vault">
<vers prev="1" num="1.0.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2565" published="2014-04-30" name="CVE-2014-2565" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:A/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="6.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="2.5" CVSS_base_score="6.5">
<desc>
<descript source="cve">The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local_network/>
</range>
<refs>
<ref url="https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST" source="CONFIRM" adv="1">https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST</ref>
</refs>
<vuln_soft>
<prod vendor="bluecoat" name="content_analysis_system_software">
<vers num="1.1"/>
<vers num="1.1.1.1"/>
<vers prev="1" num="1.1.2.1"/>
</prod>
<prod vendor="bluecoat" name="content_analysis_system">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2579" published="2014-04-25" name="CVE-2014-2579" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
<desc>
<descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://www.htbridge.com/advisory/HTB23207" source="MISC">https://www.htbridge.com/advisory/HTB23207</ref>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" source="BUGTRAQ">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</ref>
<ref url="http://www.exploit-db.com/exploits/32790" source="EXPLOIT-DB">32790</ref>
</refs>
<vuln_soft>
<prod vendor="xcloner" name="xcloner">
<vers prev="1" num="3.5" edition=":standalone"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2601" published="2014-04-24" name="CVE-2014-2601" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
<desc>
<descript source="cve">The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" source="HP" patch="1" adv="1">SSRT101509</ref>
<ref url="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" source="HP" patch="1" adv="1">HPSBHF03006</ref>
</refs>
<vuln_soft>
<prod vendor="hp" name="integrated_lights-out_2_firmware">
<vers num="1.00"/>
<vers num="1.10"/>
<vers num="1.20"/>
<vers num="1.30"/>
<vers num="1.70"/>
<vers num="1.75"/>
<vers num="2.12"/>
<vers num="2.15"/>
<vers num="2.20"/>
<vers num="2.22"/>
<vers prev="1" num="2.23"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2657" published="2014-04-28" name="CVE-2014-2657" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Unspecified vulnerability in the print release functionality in PaperCut MF 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/92650" source="XF">papercut-cve20142657-unspec(92650)</ref>
<ref url="http://www.papercut-mf.com/release-history/" source="CONFIRM" adv="1">http://www.papercut-mf.com/release-history/</ref>
</refs>
<vuln_soft>
<prod vendor="papercut" name="papercut_mf">
<vers num="14.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2658" published="2014-04-28" name="CVE-2014-2658" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/92649" source="XF">papercut-cve20142658-dos(92649)</ref>
<ref url="http://www.papercut.com/release-history/" source="CONFIRM" adv="1">http://www.papercut.com/release-history/</ref>
<ref url="http://www.papercut-mf.com/release-history/" source="CONFIRM" adv="1">http://www.papercut-mf.com/release-history/</ref>
<ref url="http://secunia.com/advisories/58037" source="SECUNIA" adv="1">58037</ref>
</refs>
<vuln_soft>
<prod vendor="papercut" name="papercut_mf">
<vers num="12.0"/>
<vers num="12.1"/>
<vers num="12.2"/>
<vers num="12.3"/>
<vers num="12.4"/>
<vers num="12.5"/>
<vers num="13.0"/>
<vers num="13.1"/>
<vers num="13.2"/>
<vers num="13.3"/>
<vers num="13.4"/>
<vers num="13.5"/>
<vers num="14.0"/>
<vers prev="1" num="14.1"/>
</prod>
<prod vendor="papercut" name="papercut_ng">
<vers num="12.0"/>
<vers num="12.1"/>
<vers num="12.2"/>
<vers num="12.3"/>
<vers num="12.4"/>
<vers num="12.5"/>
<vers num="13.0"/>
<vers num="13.1"/>
<vers num="13.2"/>
<vers num="13.3"/>
<vers num="13.4"/>
<vers num="13.5"/>
<vers num="14.0"/>
<vers prev="1" num="14.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2715" published="2014-04-28" name="CVE-2014-2715" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531935/100/0/threaded" source="BUGTRAQ">20140425 [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper</ref>
</refs>
<vuln_soft>
<prod vendor="videowhisper" name="videowhisper">
<vers num="7.x-1.0" edition=":~~~drupal~~"/>
<vers num="7.x-1.1" edition=":~~~drupal~~"/>
<vers num="7.x-1.3" edition=":~~~drupal~~"/>
<vers num="7.x-1.x" edition="dev:~~~drupal~~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Low" seq="2014-2729" published="2014-04-25" name="CVE-2014-2729" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531853/100/0/threaded" source="BUGTRAQ">20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7</ref>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531852/100/0/threaded" source="BUGTRAQ">20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7</ref>
<ref url="http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html</ref>
</refs>
<vuln_soft>
<prod vendor="ektron" name="ektron_content_management_system">
<vers num="8.7.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2734" published="2014-04-24" name="CVE-2014-2734" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
<desc>
<descript source="cve">The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://gist.github.com/10446549" source="MISC">https://gist.github.com/10446549</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/231" source="FULLDISC">20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC</ref>
<ref url="http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html" source="MISC">http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html</ref>
</refs>
<vuln_soft>
<prod vendor="ruby-lang" name="ruby">
<vers num="2.0"/>
<vers num="2.0.0" edition="p0"/>
<vers num="2.0.0" edition="p195"/>
<vers num="2.0.0" edition="p247"/>
<vers num="2.0.0" edition="preview1"/>
<vers num="2.0.0" edition="preview2"/>
<vers num="2.0.0" edition="rc1"/>
<vers num="2.0.0" edition="rc2"/>
<vers num="2.1" edition="-"/>
<vers num="2.1" edition="preview1"/>
<vers num="2.1.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2846" published="2014-04-28" name="CVE-2014-2846" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531910/100/0/threaded" source="BUGTRAQ">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/257" source="FULLDISC">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</ref>
</refs>
<vuln_soft>
<prod vendor="wdc" name="arkeia_virtual_appliance">
<vers num="-"/>
</prod>
<prod vendor="wdc" name="arkeia_virtual_appliance_firmware">
<vers prev="1" num="10.2.7"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2853" published="2014-04-29" name="CVE-2014-2853" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" source="CONFIRM" adv="1">https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5</ref>
<ref url="https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" source="CONFIRM" adv="1">https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8</ref>
<ref url="https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" source="MISC">https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6</ref>
<ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" source="CONFIRM">https://bugzilla.wikimedia.org/show_bug.cgi?id=63251</ref>
<ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1091967" source="MISC">https://bugzilla.redhat.com/show_bug.cgi?id=1091967</ref>
<ref url="http://www.securityfocus.com/bid/67068" source="BID">67068</ref>
<ref url="http://secunia.com/advisories/58262" source="SECUNIA" adv="1">58262</ref>
<ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" source="MLIST">[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9</ref>
</refs>
<vuln_soft>
<prod vendor="mediawiki" name="mediawiki">
<vers num="1.1.0"/>
<vers num="1.10.0" edition="rc1"/>
<vers num="1.10.0" edition="rc2"/>
<vers num="1.10.1"/>
<vers num="1.10.2"/>
<vers num="1.10.3"/>
<vers num="1.10.4"/>
<vers num="1.11"/>
<vers num="1.11.0" edition="rc1"/>
<vers num="1.11.1"/>
<vers num="1.11.2"/>
<vers num="1.12.0" edition="rc1"/>
<vers num="1.12.1"/>
<vers num="1.12.2"/>
<vers num="1.12.3"/>
<vers num="1.12.4"/>
<vers num="1.13.0" edition="rc1"/>
<vers num="1.13.0" edition="rc2"/>
<vers num="1.13.1"/>
<vers num="1.13.2"/>
<vers num="1.13.3"/>
<vers num="1.13.4"/>
<vers num="1.14.0" edition="rc1"/>
<vers num="1.14.1"/>
<vers num="1.15.0" edition="rc1"/>
<vers num="1.15.1"/>
<vers num="1.15.2"/>
<vers num="1.15.3"/>
<vers num="1.15.4"/>
<vers num="1.15.5"/>
<vers num="1.16.0" edition="beta1"/>
<vers num="1.16.0" edition="beta2"/>
<vers num="1.16.0" edition="beta3"/>
<vers num="1.16.1"/>
<vers num="1.16.2"/>
<vers num="1.17" edition="beta_1"/>
<vers num="1.17.0" edition="rc1"/>
<vers num="1.17.1"/>
<vers num="1.17.2"/>
<vers num="1.17.3"/>
<vers num="1.17.4"/>
<vers num="1.18" edition="beta_1"/>
<vers num="1.18.0" edition="rc1"/>
<vers num="1.18.1"/>
<vers num="1.18.2"/>
<vers num="1.18.3"/>
<vers num="1.19" edition="beta_1"/>
<vers num="1.19" edition="beta_2"/>
<vers num="1.19.0"/>
<vers num="1.19.1"/>
<vers num="1.19.10"/>
<vers num="1.19.11"/>
<vers num="1.19.12"/>
<vers num="1.19.13"/>
<vers num="1.19.14"/>
<vers num="1.19.2"/>
<vers num="1.19.3"/>
<vers num="1.19.4"/>
<vers num="1.19.5"/>
<vers num="1.19.6"/>
<vers num="1.19.7"/>
<vers num="1.19.8"/>
<vers num="1.19.9"/>
<vers num="1.2.0"/>
<vers num="1.2.1"/>
<vers num="1.2.2"/>
<vers num="1.2.3"/>
<vers num="1.2.4"/>
<vers num="1.2.5"/>
<vers num="1.2.6"/>
<vers num="1.20"/>
<vers num="1.20.1"/>
<vers num="1.20.2"/>
<vers num="1.20.3"/>
<vers num="1.20.4"/>
<vers num="1.20.5"/>
<vers num="1.20.6"/>
<vers num="1.20.7"/>
<vers num="1.20.8"/>
<vers num="1.21"/>
<vers num="1.21.1"/>
<vers num="1.21.2"/>
<vers num="1.21.3"/>
<vers num="1.21.4"/>
<vers num="1.21.5"/>
<vers num="1.21.6"/>
<vers num="1.21.7"/>
<vers prev="1" num="1.21.8"/>
<vers num="1.22.0"/>
<vers num="1.22.1"/>
<vers num="1.22.2"/>
<vers num="1.22.3"/>
<vers num="1.22.4"/>
<vers num="1.22.5"/>
<vers num="1.3"/>
<vers num="1.3.0"/>
<vers num="1.3.1"/>
<vers num="1.3.10"/>
<vers num="1.3.11"/>
<vers num="1.3.12"/>
<vers num="1.3.13"/>
<vers num="1.3.14"/>
<vers num="1.3.15"/>
<vers num="1.3.2"/>
<vers num="1.3.3"/>
<vers num="1.3.4"/>
<vers num="1.3.5"/>
<vers num="1.3.6"/>
<vers num="1.3.7"/>
<vers num="1.3.8"/>
<vers num="1.3.9"/>
<vers num="1.4" edition="beta1"/>
<vers num="1.4" edition="beta2"/>
<vers num="1.4" edition="beta3"/>
<vers num="1.4" edition="beta4"/>
<vers num="1.4" edition="beta5"/>
<vers num="1.4" edition="beta6"/>
<vers num="1.4.0"/>
<vers num="1.4.1"/>
<vers num="1.4.10"/>
<vers num="1.4.11"/>
<vers num="1.4.12"/>
<vers num="1.4.13"/>
<vers num="1.4.14"/>
<vers num="1.4.2"/>
<vers num="1.4.3"/>
<vers num="1.4.4"/>
<vers num="1.4.5"/>
<vers num="1.4.6"/>
<vers num="1.4.7"/>
<vers num="1.4.8"/>
<vers num="1.4.9"/>
<vers num="1.5" edition="alpha1"/>
<vers num="1.5" edition="alpha2"/>
<vers num="1.5" edition="beta1"/>
<vers num="1.5" edition="beta2"/>
<vers num="1.5" edition="beta3"/>
<vers num="1.5" edition="beta4"/>
<vers num="1.5" edition="rc2"/>
<vers num="1.5" edition="rc3"/>
<vers num="1.5" edition="rc4"/>
<vers num="1.5.0"/>
<vers num="1.5.1"/>
<vers num="1.5.2"/>
<vers num="1.5.3"/>
<vers num="1.5.4"/>
<vers num="1.5.5"/>
<vers num="1.5.6"/>
<vers num="1.5.7"/>
<vers num="1.5.8"/>
<vers num="1.6.0"/>
<vers num="1.6.1"/>
<vers num="1.6.10"/>
<vers num="1.6.11"/>
<vers num="1.6.12"/>
<vers num="1.6.2"/>
<vers num="1.6.3"/>
<vers num="1.6.4"/>
<vers num="1.6.5"/>
<vers num="1.6.6"/>
<vers num="1.6.7"/>
<vers num="1.6.8"/>
<vers num="1.6.9"/>
<vers num="1.7.0"/>
<vers num="1.7.1"/>
<vers num="1.7.2"/>
<vers num="1.7.3"/>
<vers num="1.8.0"/>
<vers num="1.8.1"/>
<vers num="1.8.2"/>
<vers num="1.8.3"/>
<vers num="1.8.4"/>
<vers num="1.8.5"/>
<vers num="1.9.0" edition="rc2"/>
<vers num="1.9.1"/>
<vers num="1.9.2"/>
<vers num="1.9.3"/>
<vers num="1.9.4"/>
<vers num="1.9.5"/>
<vers num="1.9.6"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2881" published="2014-05-01" name="CVE-2014-2881" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.securitytracker.com/id/1030180" source="SECTRACK">1030180</ref>
<ref url="http://support.citrix.com/article/CTX140651" source="CONFIRM" adv="1">http://support.citrix.com/article/CTX140651</ref>
</refs>
<vuln_soft>
<prod vendor="citrix" name="netscaler_access_gateway_firmware">
<vers prev="1" num="10.1.e"/>
<vers num="9.3"/>
</prod>
<prod vendor="citrix" name="netscaler_application_delivery_controller_firmware">
<vers num="10.1"/>
<vers prev="1" num="9.3.e"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2882" published="2014-05-01" name="CVE-2014-2882" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://www.securitytracker.com/id/1030180" source="SECTRACK">1030180</ref>
<ref url="http://support.citrix.com/article/CTX140651" source="CONFIRM" adv="1">http://support.citrix.com/article/CTX140651</ref>
</refs>
<vuln_soft>
<prod vendor="citrix" name="netscaler_access_gateway_firmware">
<vers prev="1" num="10.1.e"/>
<vers num="9.3"/>
</prod>
<prod vendor="citrix" name="netscaler_application_delivery_controller_firmware">
<vers num="10.1"/>
<vers prev="1" num="9.3.e"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2889" published="2014-04-26" name="CVE-2014-2889" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
<desc>
<descript source="cve">Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa" source="CONFIRM">https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/18/6" source="MLIST">[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target</ref>
<ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8</ref>
<ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa</ref>
</refs>
<vuln_soft>
<prod vendor="linux" name="linux_kernel">
<vers num="3.0" edition="rc1"/>
<vers num="3.0" edition="rc2"/>
<vers num="3.0" edition="rc3"/>
<vers num="3.0" edition="rc4"/>
<vers num="3.0" edition="rc5"/>
<vers num="3.0" edition="rc6"/>
<vers num="3.0" edition="rc7"/>
<vers num="3.0.1"/>
<vers num="3.0.10"/>
<vers num="3.0.11"/>
<vers num="3.0.12"/>
<vers num="3.0.13"/>
<vers num="3.0.14"/>
<vers num="3.0.15"/>
<vers num="3.0.16"/>
<vers num="3.0.17"/>
<vers num="3.0.18"/>
<vers num="3.0.19"/>
<vers num="3.0.2"/>
<vers num="3.0.20"/>
<vers num="3.0.21"/>
<vers num="3.0.22"/>
<vers num="3.0.23"/>
<vers num="3.0.24"/>
<vers num="3.0.25"/>
<vers num="3.0.26"/>
<vers num="3.0.27"/>
<vers num="3.0.28"/>
<vers num="3.0.29"/>
<vers num="3.0.3"/>
<vers num="3.0.30"/>
<vers num="3.0.31"/>
<vers num="3.0.32"/>
<vers num="3.0.33"/>
<vers num="3.0.34"/>
<vers num="3.0.35"/>
<vers num="3.0.36"/>
<vers num="3.0.37"/>
<vers num="3.0.38"/>
<vers num="3.0.39"/>
<vers num="3.0.4"/>
<vers num="3.0.40"/>
<vers num="3.0.41"/>
<vers num="3.0.42"/>
<vers num="3.0.43"/>
<vers num="3.0.44"/>
<vers num="3.0.45"/>
<vers num="3.0.46"/>
<vers num="3.0.47"/>
<vers num="3.0.48"/>
<vers num="3.0.49"/>
<vers num="3.0.5"/>
<vers num="3.0.50"/>
<vers num="3.0.51"/>
<vers num="3.0.52"/>
<vers num="3.0.53"/>
<vers num="3.0.54"/>
<vers num="3.0.55"/>
<vers num="3.0.56"/>
<vers num="3.0.57"/>
<vers num="3.0.58"/>
<vers num="3.0.59"/>
<vers num="3.0.6"/>
<vers num="3.0.60"/>
<vers num="3.0.61"/>
<vers num="3.0.62"/>
<vers num="3.0.63"/>
<vers num="3.0.64"/>
<vers num="3.0.65"/>
<vers num="3.0.66"/>
<vers num="3.0.67"/>
<vers num="3.0.68"/>
<vers num="3.0.7"/>
<vers num="3.0.8"/>
<vers num="3.0.9"/>
<vers num="3.1" edition="rc1"/>
<vers num="3.1" edition="rc2"/>
<vers num="3.1" edition="rc3"/>
<vers num="3.1" edition="rc4"/>
<vers num="3.1.1"/>
<vers num="3.1.2"/>
<vers num="3.1.3"/>
<vers num="3.1.4"/>
<vers num="3.1.5"/>
<vers num="3.1.6"/>
<vers prev="1" num="3.1.7"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-2905" published="2014-05-02" name="CVE-2014-2905" modified="2014-05-02">
<desc>
<descript source="cve">fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.</descript>
</desc>
<refs>
<ref url="https://github.com/fish-shell/fish-shell/issues/1436" source="CONFIRM">https://github.com/fish-shell/fish-shell/issues/1436</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/28/4" source="MLIST">[oss-security] 20140428 Upcoming security release of fish 2.1.1</ref>
</refs>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2908" published="2014-04-25" name="CVE-2014-2908" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</ref>
<ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</ref>
</refs>
<vuln_soft>
<prod vendor="siemens" name="simatic_s7_cpu-1211c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1212c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1214c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1215c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1217c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
<vers num="2.0"/>
<vers num="3.0"/>
<vers num="3.0.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2909" published="2014-04-25" name="CVE-2014-2909" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
<desc>
<descript source="cve">CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</ref>
<ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</ref>
</refs>
<vuln_soft>
<prod vendor="siemens" name="simatic_s7_cpu-1211c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1212c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1214c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1215c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1217c">
<vers num="-"/>
</prod>
<prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
<vers num="2.0"/>
<vers num="3.0"/>
<vers num="3.0.2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2980" published="2014-04-28" name="CVE-2014-2980" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756" source="CONFIRM" patch="1">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756</ref>
<ref url="https://savannah.gnu.org/bugs/?41751" source="CONFIRM">https://savannah.gnu.org/bugs/?41751</ref>
<ref url="http://xforce.iss.net/xforce/xfdb/92688" source="XF">gnustep-cve20142980-dos(92688)</ref>
<ref url="http://www.securityfocus.com/bid/66992" source="BID">66992</ref>
<ref url="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756" source="CONFIRM">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756</ref>
<ref url="http://secunia.com/advisories/58104" source="SECUNIA" adv="1">58104</ref>
<ref url="http://seclists.org/oss-sec/2014/q2/152" source="MLIST">[oss-security] 20140421 Re: CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</ref>
<ref url="http://seclists.org/oss-sec/2014/q2/143" source="MLIST">[oss-security] 20140419 CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</ref>
</refs>
<vuln_soft>
<prod vendor="gnustep" name="base">
<vers prev="1" num="1.24.6"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-2984" reject="1" published="2014-04-25" name="CVE-2014-2984" modified="2014-04-25">
<desc>
<descript source="cve">** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
</desc>
<refs/>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2986" published="2014-04-28" name="CVE-2014-2986" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="5.5" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="5.1" CVSS_base_score="5.5">
<desc>
<descript source="cve">The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.</descript>
</desc>
<loss_types>
<avail/>
</loss_types>
<range>
<local_network/>
</range>
<refs>
<ref url="http://xenbits.xen.org/xsa/advisory-94.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-94.html</ref>
<ref url="http://www.securitytracker.com/id/1030146" source="SECTRACK">1030146</ref>
<ref url="http://www.securityfocus.com/bid/67047" source="BID">67047</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/23/5" source="MLIST">[oss-security] 20140423 Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/23/4" source="MLIST">[oss-security] 20140423 Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/23/3" source="MLIST">[oss-security] 20140423 Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</ref>
</refs>
<vuln_soft>
<prod vendor="xen" name="xen">
<vers num="4.4.0" edition="-"/>
<vers num="4.4.0" edition="rc1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2992" published="2014-04-25" name="CVE-2014-2992" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
<desc>
<descript source="cve">The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-" source="MISC">http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-</ref>
<ref url="http://archives.neohapsis.com/archives/bugtraq/current/0152.html" source="BUGTRAQ">20140424 Misli.com Android App SSL certificate validation weakness</ref>
</refs>
<vuln_soft>
<prod vendor="misli" name="misli.com_app">
<vers num="-" edition=":~~~~android~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-2993" published="2014-04-25" name="CVE-2014-2993" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
<desc>
<descript source="cve">The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
</desc>
<loss_types>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-" source="MISC">http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-</ref>
<ref url="http://archives.neohapsis.com/archives/bugtraq/current/0153.html" source="BUGTRAQ">20140424 Birebin.com Android App SSL certificate validation weakness</ref>
</refs>
<vuln_soft>
<prod vendor="birebin" name="birebin.com_app">
<vers num="-" edition=":~~~~android~"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2994" published="2014-04-27" name="CVE-2014-2994" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://www.youtube.com/watch?v=RHaMx8K1GeM" source="MISC">https://www.youtube.com/watch?v=RHaMx8K1GeM</ref>
<ref url="http://www.exploit-db.com/exploits/32997" source="EXPLOIT-DB">32997</ref>
<ref url="http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/" source="CONFIRM" adv="1">http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/</ref>
<ref url="http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html" source="MISC">http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html</ref>
<ref url="http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html" source="MISC">http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html</ref>
<ref url="http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/" source="MISC">http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/</ref>
<ref url="http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html" source="MISC">http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html</ref>
</refs>
<vuln_soft>
<prod vendor="acunetix" name="web_vulnerability_scanner">
<vers num="8" edition="build_20120704"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-2996" published="2014-04-25" name="CVE-2014-2996" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="7.1" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.1">
<desc>
<descript source="cve">XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://www.htbridge.com/advisory/HTB23207" source="MISC">https://www.htbridge.com/advisory/HTB23207</ref>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" source="BUGTRAQ">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</ref>
<ref url="http://www.exploit-db.com/exploits/32790" source="EXPLOIT-DB">32790</ref>
</refs>
<vuln_soft>
<prod vendor="xcloner" name="xcloner">
<vers prev="1" num="3.5" edition=":standalone"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-3000" published="2014-05-02" name="CVE-2014-3000" modified="2014-05-02">
<desc>
<descript source="cve">The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.</descript>
</desc>
<refs>
<ref url="http://www.securitytracker.com/id/1030172" source="SECTRACK">1030172</ref>
<ref url="http://www.securityfocus.com/bid/67153" source="BID">67153</ref>
<ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc" source="FREEBSD">FreeBSD-SA-14:08</ref>
<ref url="http://secunia.com/advisories/58293" source="SECUNIA">58293</ref>
</refs>
</entry>
<entry type="CVE" seq="2014-3001" published="2014-05-02" name="CVE-2014-3001" modified="2014-05-02">
<desc>
<descript source="cve">The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.</descript>
</desc>
<refs>
<ref url="http://www.securitytracker.com/id/1030171" source="SECTRACK">1030171</ref>
<ref url="http://www.securityfocus.com/bid/67158" source="BID">67158</ref>
<ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc" source="FREEBSD">FreeBSD-SA-14:07</ref>
</refs>
</entry>
<entry type="CVE" seq="2014-3006" published="2014-05-02" name="CVE-2014-3006" modified="2014-05-02">
<desc>
<descript source="cve">Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.</descript>
</desc>
<refs>
<ref url="https://www.lsexperts.de/advisories/lse-2014-04-10.txt" source="MISC">https://www.lsexperts.de/advisories/lse-2014-04-10.txt</ref>
<ref url="http://www.securityfocus.com/bid/67165" source="BID">67165</ref>
<ref url="http://www.securityfocus.com/archive/1/archive/1/531986/100/0/threaded" source="BUGTRAQ">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/317" source="FULLDISC">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</ref>
</refs>
</entry>
<entry type="CVE" severity="High" seq="2014-3007" published="2014-04-27" name="CVE-2014-3007" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" source="MISC">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059</ref>
<ref url="http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html" source="MISC">http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html</ref>
</refs>
<vuln_soft>
<prod vendor="python" name="pillow">
<vers num="2.3.0"/>
</prod>
<prod vendor="pythonware" name="python_imaging_library">
<vers prev="1" num="1.1.7"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-3008" published="2014-04-28" name="CVE-2014-3008" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
<desc>
<descript source="cve">Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://gist.github.com/brandonprry/10745756" source="MISC">https://gist.github.com/brandonprry/10745756</ref>
<ref url="http://xforce.iss.net/xforce/xfdb/92642" source="XF">unitrends-snmpod-command-exec(92642)</ref>
<ref url="http://www.securityfocus.com/bid/66928" source="BID">66928</ref>
<ref url="http://www.exploit-db.com/exploits/32885" source="EXPLOIT-DB">32885</ref>
<ref url="http://secunia.com/advisories/58001" source="SECUNIA" adv="1">58001</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/204" source="FULLDISC">20140415 Unitrends enterprise backup remote unauthenticated root</ref>
</refs>
<vuln_soft>
<prod vendor="unitrends" name="enterprise_backup">
<vers num="7.3.0"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" seq="2014-3125" published="2014-05-02" name="CVE-2014-3125" modified="2014-05-02">
<desc>
<descript source="cve">Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.</descript>
</desc>
<refs>
<ref url="http://xenbits.xen.org/xsa/advisory-91.html" source="CONFIRM">http://xenbits.xen.org/xsa/advisory-91.html</ref>
<ref url="http://www.securitytracker.com/id/1030184" source="SECTRACK">1030184</ref>
<ref url="http://www.securityfocus.com/bid/67157" source="BID">67157</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/30/5" source="MLIST">[oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</ref>
<ref url="http://www.openwall.com/lists/oss-security/2014/04/30/11" source="MLIST">[oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</ref>
<ref url="http://secunia.com/advisories/58347" source="SECUNIA">58347</ref>
</refs>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3129" published="2014-04-30" name="CVE-2014-3129" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://service.sap.com/sap/support/notes/1894049" source="CONFIRM">https://service.sap.com/sap/support/notes/1894049</ref>
<ref url="http://www.securitytracker.com/id/1030157" source="SECTRACK">1030157</ref>
<ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/294" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager</ref>
<ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
</refs>
<vuln_soft>
<prod vendor="sap" name="netweaver_software_lifecycle_manager">
<vers num="7.1"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3130" published="2014-04-30" name="CVE-2014-3130" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
<desc>
<descript source="cve">The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
<sec_prot other="1"/>
</loss_types>
<range>
<local/>
</range>
<refs>
<ref url="https://service.sap.com/sap/support/notes/1910914" source="CONFIRM">https://service.sap.com/sap/support/notes/1910914</ref>
<ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/302" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check</ref>
<ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
</refs>
<vuln_soft>
<prod vendor="sap" name="netweaver_abap_application_server">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3131" published="2014-04-30" name="CVE-2014-3131" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://service.sap.com/sap/support/notes/1917381" source="CONFIRM">https://service.sap.com/sap/support/notes/1917381</ref>
<ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/300" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance</ref>
<ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
</refs>
<vuln_soft>
<prod vendor="sap" name="profile_maintenance">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3132" published="2014-04-30" name="CVE-2014-3132" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
<desc>
<descript source="cve">SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://service.sap.com/sap/support/notes/1918333" source="CONFIRM">https://service.sap.com/sap/support/notes/1918333</ref>
<ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/299" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC</ref>
<ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
</refs>
<vuln_soft>
<prod vendor="sap" name="background_processing">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3133" published="2014-04-30" name="CVE-2014-3133" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
<desc>
<descript source="cve">SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.</descript>
</desc>
<loss_types>
<conf/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://service.sap.com/sap/support/notes/1922547" source="CONFIRM">https://service.sap.com/sap/support/notes/1922547</ref>
<ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/301" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure</ref>
<ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
</refs>
<vuln_soft>
<prod vendor="sap" name="netweaver_java_application_server">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3134" published="2014-04-30" name="CVE-2014-3134" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="https://service.sap.com/sap/support/notes/1931399" source="CONFIRM">https://service.sap.com/sap/support/notes/1931399</ref>
<ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/303" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting</ref>
<ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
</refs>
<vuln_soft>
<prod vendor="sap" name="businessobjects">
<vers num="-"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3135" published="2014-04-30" name="CVE-2014-3135" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
<desc>
<descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.</descript>
</desc>
<loss_types>
<int/>
</loss_types>
<range>
<network/>
<user_init/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/92664" source="XF">vbulletin-multiple-scripts-xss(92664)</ref>
<ref url="http://www.securityfocus.com/bid/66972" source="BID">66972</ref>
<ref url="http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html</ref>
</refs>
<vuln_soft>
<prod vendor="vbulletin" name="vbulletin">
<vers num="5.1.1" edition="alpha9"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="Medium" seq="2014-3138" published="2014-05-01" name="CVE-2014-3138" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
<desc>
<descript source="cve">SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="http://xforce.iss.net/xforce/xfdb/92548" source="XF">xerox-docushare-sql-injection(92548)</ref>
<ref url="http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf" source="MISC" adv="1">http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf</ref>
<ref url="http://www.securityfocus.com/bid/66922" source="BID">66922</ref>
<ref url="http://www.osvdb.org/105972" source="OSVDB">105972</ref>
<ref url="http://www.exploit-db.com/exploits/32886" source="EXPLOIT-DB">32886</ref>
<ref url="http://secunia.com/advisories/57996" source="SECUNIA" adv="1">57996</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/205" source="FULLDISC">20140415 Xerox DocuShare authenticated SQL injection</ref>
<ref url="http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html" source="MISC">http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html</ref>
</refs>
<vuln_soft>
<prod vendor="xerox" name="docushare">
<vers num="6.5.3" edition="-"/>
<vers num="6.5.3" edition="patch6"/>
<vers num="6.6.1" edition="-"/>
<vers num="6.6.1" edition="update1"/>
<vers num="6.6.1" edition="update2"/>
</prod>
</vuln_soft>
</entry>
<entry type="CVE" severity="High" seq="2014-3139" published="2014-05-02" name="CVE-2014-3139" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
<desc>
<descript source="cve">recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.</descript>
</desc>
<loss_types>
<avail/>
<conf/>
<int/>
</loss_types>
<range>
<network/>
</range>
<refs>
<ref url="https://gist.github.com/brandonprry/10745756" source="MISC">https://gist.github.com/brandonprry/10745756</ref>
<ref url="http://www.exploit-db.com/exploits/32885" source="EXPLOIT-DB">32885</ref>
<ref url="http://seclists.org/fulldisclosure/2014/Apr/204" source="FULLDISC">20140415 Unitrends enterprise backup remote unauthenticated root</ref>
</refs>
<vuln_soft>
<prod vendor="unitrends" name="enterprise_backup">
<vers num="7.3.0"/>
</prod>
</vuln_soft>
</entry>
</nvd>
Reference in New Issue View Git Blame Copy Permalink