diff options
author | Joey Hess <joeyh@debian.org> | 2005-10-19 23:08:35 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-10-19 23:08:35 +0000 |
commit | 2d535a1fc9cdf90cc4953981f30e4b7ae1822ad4 (patch) | |
tree | 8833102ec6bf3cae639cf56a11cad51d013c72f0 | |
parent | b39b612faab41db807690ebd7c0b306cdbb13cb9 (diff) |
move CAN/list to CVE/list, merge in all CVEs and rename all CANs to CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2461 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CAN/list | 20249 | ||||
-rw-r--r-- | data/CVE/1999.list | 2983 | ||||
-rw-r--r-- | data/CVE/2000.list | 285 | ||||
-rw-r--r-- | data/CVE/2001.list | 1125 | ||||
-rw-r--r-- | data/CVE/2002.list | 4024 | ||||
-rw-r--r-- | data/CVE/2003.list | 2602 | ||||
-rw-r--r-- | data/CVE/2004.list | 5384 | ||||
-rw-r--r-- | data/CVE/2005.list | 7600 |
8 files changed, 24003 insertions, 20249 deletions
diff --git a/data/CAN/list b/data/CAN/list deleted file mode 100644 index fda16af6f8..0000000000 --- a/data/CAN/list +++ /dev/null @@ -1,20249 +0,0 @@ -CAN-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) - TODO: check -CAN-2005-3253 - RESERVED -CAN-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) - TODO: check -CAN-2005-XXXX [buffer overflow in snort's bo preprocessor] - - snort <not-affected> (Vulnerable code was introduced later) - NOTE: See bug #334606 -CAN-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...) - - gallery 2.0.1-1 (medium) -CAN-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...) - NOT-FOR-US: Solaris -CAN-2005-3249 - RESERVED -CAN-2005-3248 - RESERVED -CAN-2005-3247 - RESERVED -CAN-2005-3246 - RESERVED -CAN-2005-3245 - RESERVED -CAN-2005-3244 - RESERVED -CAN-2005-3243 - RESERVED -CAN-2005-3242 - RESERVED -CAN-2005-3241 - RESERVED -CAN-2005-3240 - RESERVED -CAN-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...) - NOT-FOR-US: Solaris -CAN-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...) - - linux-2.6 <unfixed> (bug #334113; medium) - - kernel-source-2.4.27 <unfixed> (medium) -CAN-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...) - NOT-FOR-US: Cyphor -CAN-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...) - NOT-FOR-US: Cyphor -CAN-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...) - NOT-FOR-US: Proland Protector Plus -CAN-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...) - NOT-FOR-US: Grisoft AVG Antivirus -CAN-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...) - NOT-FOR-US: Trustix Antivirus -CAN-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...) - NOT-FOR-US: TheHacker -CAN-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...) - NOT-FOR-US: CAT Quick Heal -CAN-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...) - NOT-FOR-US: Panda Antivirus -CAN-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...) - - clamav <unfixed> - NOTE: This was already forwarded to sgran; zobel any news yet? -CAN-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...) - NOT-FOR-US: Ikarus Antivirus -CAN-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...) - NOT-FOR-US: UNA Antivirus -CAN-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...) - NOT-FOR-US: ArcaVir -CAN-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...) - NOT-FOR-US: eTrust Antivirus -CAN-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...) - NOT-FOR-US: AntiVir -CAN-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...) - NOT-FOR-US: Rising Antivirus -CAN-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...) - NOT-FOR-US: VBA32 Antivirus -CAN-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...) - NOT-FOR-US: Fortinet Antivirus -CAN-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...) - NOT-FOR-US: Norman Antivirus -CAN-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...) - NOT-FOR-US: Avira Antivirus -CAN-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...) - NOT-FOR-US: Dr. Web Antivirus -CAN-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...) - NOT-FOR-US: Symantec Antivirus -CAN-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...) - NOT-FOR-US: Sophos Antivirus -CAN-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...) - NOT-FOR-US: McAfee Antivirus -CAN-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...) - NOT-FOR-US: Avast Antovirus -CAN-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...) - NOT-FOR-US: F-Prot Antivirus -CAN-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...) - NOT-FOR-US: NOD32 Antivirus -CAN-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...) - NOT-FOR-US: BitDefender Antivirus -CAN-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...) - NOT-FOR-US: Kaspersky Antivirus -CAN-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...) - NOT-FOR-US: aeNovo apps -CAN-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...) - NOT-FOR-US: aeNovo apps -CAN-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...) - NOT-FOR-US: Oracle -CAN-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...) - NOT-FOR-US: Oracle -CAN-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...) - NOT-FOR-US: Oracle -CAN-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...) - NOT-FOR-US: Oracle -CAN-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...) - NOT-FOR-US: Oracle -CAN-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...) - NOT-FOR-US: Oracle -CAN-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro 1.1.3 when ...) - NOT-FOR-US: Utopia News Pro -CAN-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...) - NOT-FOR-US: Utopia News Pro -CAN-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...) - NOT-FOR-US: aspReady -CAN-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...) - NOT-FOR-US: Webroot Desktop Firewall -CAN-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...) - NOT-FOR-US: Webroot Desktop Firewall -CAN-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...) - NOT-FOR-US: Planet Technology switch -CAN-2005-3195 - REJECTED -CAN-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...) - NOT-FOR-US: ALZip -CAN-2005-3193 - RESERVED -CAN-2005-3192 - RESERVED -CAN-2005-3191 - RESERVED -CAN-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...) - NOT-FOR-US: iGateway -CAN-2005-3189 - RESERVED -CAN-2005-3188 - RESERVED -CAN-2005-3187 - RESERVED -CAN-2005-3186 - RESERVED -CAN-2005-3184 - RESERVED -CAN-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...) - - w3c-libwww <unfixed> (bug #334443; low) -CAN-2005-3182 - RESERVED -CAN-2005-XXXX [unsafe temporary file creation in flexbackup default config] - - flexbackup <unfixed> (bug #334350; low) -CAN-2005-XXXX [xscreensaver does not maintain screen locks during upgrade] - - xscreensaver <unfixed> (bug #334193; low) -CAN-2005-XXXX [centericq remote dos by special nmap scan] - - centericq <unfixed> (bug #334089; low) -CAN-2005-XXXX [Unspecified vulnerability in enigmail] - - enigmail 2:0.93-1 (unknown) -CAN-2005-XXXX [Unspecified vulnerability in zope's docutils] - - zope2.8 2.8.1-7 -CAN-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) - - wget 1.10.2-1 (medium) - - curl 7.15.0-1 (bug #333734; medium) -CAN-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...) - - clamav <unfixed> (bug #333566) -CAN-2005-XXXX [Local file inclusion in phpmyadmin] - - phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high) -CAN-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...) - - linux-2.6 2.6.12-11 - NOTE: Might as well be 2.6.13-2, depending on the next upload - - kernel-source-2.4.27 2.4.27-12 - NOTE: CVE not yet requested -CAN-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions] - - php5 5.0.5-2 - - php4 4:4.4.0-3 -CAN-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...) - - linux-2.6 2.6.12-11 - NOTE: Might as well be 2.6.13-2, depending on the next upload - - kernel-source-2.4.27 2.4.27-12 - NOTE: CVE requested -CAN-2005-3119 (Memory leak in the request_key_auth_destroy function in ...) - - linux-2.6 2.6.13-2 - - kernel-source-2.4.27 <not-affected> - NOTE: 2.6.12 itself not affected, fixed in SVN -CAN-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...) - - linux-2.6 2.6.12-11 - NOTE: Might as well be 2.6.13-2, depending on the next upload - - kernel-source-2.4.27 <not-affected> - NOTE: CVE requested -CAN-2005-XXXX [DoS vulnerability in msg id parsing of spampd] - - spampd <unfixed> (bug #332259; low) -CAN-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...) - {DSA-859-1 DSA-858-1} - - xloadimage 4.1-15 (bug #332524; medium) - - xli 1.17.0-20 (medium) - NOTE: xli couldn't load the provided test images when I checked? -CAN-2005-XXXX [Arbitrary command execution in import script for bvh files in Blender] - - blender <unfixed> (bug #330895; medium) -CAN-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...) - NOT-FOR-US: Microsoft -CAN-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...) - NOT-FOR-US: Microsoft -CAN-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...) - NOT-FOR-US: Microsoft -CAN-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...) - NOT-FOR-US: Microsoft -CAN-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...) - NOT-FOR-US: Microsoft -CAN-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...) - NOT-FOR-US: Microsoft -CAN-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...) - NOT-FOR-US: Microsoft -CAN-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...) - NOT-FOR-US: Microsoft -CAN-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...) - NOT-FOR-US: Microsoft -CAN-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...) - NOT-FOR-US: Microsoft -CAN-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...) - - mediawiki 1.4.11-1 (bug #332408; medium) -CAN-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...) - - mediawiki 1.4.11-1 (bug #332408; unknown) -CAN-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...) - - mediawiki 1.4.9 -CAN-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...) - NOT-FOR-US: Hitachi Cosminexus Application Server -CAN-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) - - polipo <unfixed> (bug #332411; medium) -CAN-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...) - NOT-FOR-US: EasyGuppy -CAN-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...) - NOT-FOR-US: MailEnable Enterprise -CAN-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...) - NOT-FOR-US: Bitdefender Antivirus -CAN-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...) - NOT-FOR-US: MyBloggie -CAN-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...) - NOT-FOR-US: CubeCart -CAN-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...) - - blender <unfixed> (bug #332413; low) -CAN-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) - {DSA-855-1} - - weex 2.6.1-6sarge1 (bug #332424; medium) -CAN-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...) - - uim <unfixed> (bug #331620; medium) -CAN-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...) - - storebackup 1.19-1 (bug #332434) - NOTE: Bug filed for stable, fixed in testing/sid -CAN-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...) - - storebackup 1.19-1 (bug #332434; medium) - NOTE: Bug filed for stable, fixed in testing/sid -CAN-2005-3146 (StoreBackup before 1.19 in SUSE Linux allows local users to perform ...) - - storebackup 1.19-1 (bug #332434; medium) - NOTE: Bug filed for stable, fixed in testing/sid -CAN-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) - NOT-FOR-US: Standard Based Linux Instrumentation -CAN-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) - NOT-FOR-US: Standard Based Linux Instrumentation -CAN-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...) - NOT-FOR-US: Mailbox Server for 4D WebStar -CAN-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...) - NOT-FOR-US: Kaspersky Antivirus -CAN-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...) - NOT-FOR-US: Trillian -CAN-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...) - NOT-FOR-US: Procom NetFORCE -CAN-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...) - {DSA-836-1 DSA-835-1} - - cfengine <unfixed> (bug #332433) - - cfengine2 <unfixed> (bug #332432) -CAN-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...) - NOT-FOR-US: Virtools Web Player -CAN-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...) - NOT-FOR-US: Virtools Web Player -CAN-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...) - NOT-FOR-US: Citrix -CAN-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...) - NOT-FOR-US: MERAK Mail Server -CAN-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...) - NOT-FOR-US: MERAK Mail Server -CAN-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...) - NOT-FOR-US: MERAK Mail Server -CAN-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...) - NOT-FOR-US: lucidCMS -CAN-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...) - - serendipity <itp> (bug #312413) -CAN-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...) - NOT-FOR-US: Address Add Plugin for Squirrelmail -CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...) - NOT-FOR-US: lucidCMS -CAN-2005-3126 - RESERVED -CAN-2005-3125 - RESERVED -CAN-2005-3124 - RESERVED -CAN-2005-3123 - RESERVED -CAN-2005-3122 - RESERVED -CAN-2005-3121 - RESERVED -CAN-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...) - - lynx <unfixed> (bug #334423; high) - - lynx-cur 2.8.6-16 (bug #334423; high) -CAN-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...) - {DSA-845-1} - - mason 1.0.0-3 -CAN-2005-3117 - REJECTED -CAN-2005-3116 - RESERVED -CAN-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) - TODO: check, whether ucbmpeg-play from non-free is somehow related/affected -CAN-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...) - NOT-FOR-US: NateOn Messenger -CAN-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...) - NOT-FOR-US: NateOn Messenger -CAN-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...) - NOT-FOR-US: Macromedia Breeze -CAN-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...) - - linux-2.6 2.6.12-1 - - kernel-source-2.6.8 2.6.8-16sarge1 - NOTE: 2.4.27 not applicable -CAN-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to ...) - - linux-2.6 2.6.12-1 - - kernel-source-2.6.8 2.6.8-16sarge1 - - kernel-source-2.4.27 <unfixed> -CAN-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...) - - linux-2.6 2.6.12-1 - - kernel-source-2.6.8 2.6.8-16sarge1 -CAN-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...) - - linux-2.6 <unfixed> - - kernel-source-2.6.8 2.6.8-16sarge1 -CAN-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...) - - kernel-source-2.6.8 2.6.8-16sarge1 -CAN-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...) - - kernel-source-2.6.8 2.6.8-16sarge1 - - kernel-source-2.4.27 <unfixed> (bug #332569; medium) -CAN-2005-XXXX [horde3 maintainer scripts don't set sufficiently strict permissions on config files] - - horde3 3.0.5-2 (bug #332289) -CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally configured] - - horde3 3.0.5-2 (bug #332290) -CAN-2005-XXXX [Minor local DoS as libldap] - - openldap <unfixed> (bug #253838; low) - TODO: Check, whether openldap2.2 is affected as well -CAN-2005-XXXX [Insecure bounds checking in mpack's content parser] - - mpack 1.6-1 (bug #216566) -CAN-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod] - - coreutils <unfixed> (bug #306076; low) -CAN-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure] - - gossip <unfixed> (bug #305419; low) - NOTE: This looks quite strange, should be followed up, whether it's really reproducible -CAN-2005-XXXX [tar's rmt command may have undesired side effects] - - tar <unfixed> (bug #290435; low) -CAN-2005-XXXX [Unspecified vulnerability in htdig's htsearch and qtest] - - htdig <unfixed> (bug #305996; unknown) -CAN-2005-XXXX [clamav's VERSION command does not return the currently loaded version] - NOTE: no exploit vector, just bad info - - clamav <unfixed> (bug #323803; unimportant) -CAN-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4] - - kernel-source-2.4.27 <unfixed> (bug #310982) -CAN-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror] - - kdebase 4:3.3.1-1 (bug #278002; low) - TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well -CAN-2005-XXXX [apt-listchanges does not drop privs, spawned pagers may permit execution of further commands] - NOTE: #318736 is not a valid bug, closed -CAN-2003-XXXX [Incomplete reporting of failed logins in login] - - login 1:4.0.3-36 (bug #192849) -CAN-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances] - - openldap2.2 <unfixed> (bug #260204) - TODO: Probably fix already uploaded? -> followup -CAN-2004-XXXX [Unspecified buffer overflow in libmng] - - libmng 1.0.8-1 (bug #250106) -CAN-2004-XXXX [Multiple buffer overflows in isoqlog] - - isoqlog 2.2-0.1 (bug #254101; bug #202634) -CAN-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - - libnss-ldap 199-1 (bug #169793) -CAN-2004-XXXX [Firefox doesn't clear all cookies] - - mozilla-firefox <unfixed> (bug #203034; bug #235932) - TODO: Re-check this, most probably fixed by now -CAN-2004-XXXX [Insecure temp files in amanda's chg-manual] - - amanda <unfixed> (bug #226139; unknown) -CAN-2004-XXXX [Potential buffer overflow in firebird2] - - firebird2 <unfixed> (bug #264453; unknown) -CAN-2004-XXXX [Buffer overflow in wdm's login] - - wdm <unfixed> (bug #276218; unknown) -CAN-2005-XXXX [Unsafe string landling in ldapdiff] - - ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878) -CAN-2005-XXXX [apt-cache doesn't differentiate sources which share several properties] - - apt <unfixed> (bug #329814; low) -CAN-2004-XXXX [asciijump: /var/games/asciijump world writable] - - asciijump 0.0.6-1.2 (bug #269186) -CAN-2004-XXXX [Barrendero spool world-readable] - - barrendero 1.1-1 (bug #279163) -CAN-2005-XXXX [Potential xlockmore bypass] - - xlockmore 1:5.13-2.1 (bug #309760) -CAN-2005-XXXX [hdup inproperly preserves permissions on directories] - - hdup <unfixed> (bug #302790) -CAN-2001-XXXX [crypt++ passes passwords through the command line] - - crypt++el <unfixed> (bug #105562; low) -CAN-2004-XXXX [Two vulnerabilities in sredird] - - sredird 2.2.1-1.1 (bug #267098) -CAN-2003-XXXX [fuzz: Insecure temp file usage] - - fuzz 0.6-7.1 (bug #183047) -CAN-2005-XXXX [DoS triggering endless loops in findutils -follow option] - - findutils 4.2.22-1 (bug #313081) -CAN-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) - - bugzilla 2.18.4-1 (bug #331206; medium) -CAN-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...) - - bugzilla 2.18.4-1 (bug #331206; medium) -CAN-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...) - {DSA-847-1} - - dia 0.94.0-15 (bug #330890; medium) -CAN-2005-XXXX [Serendipity account hijacking through CSRF] - - serendipity <itp> (bug #312413) - NOTE: Fixed in 0.8.5 -CAN-2005-XXXX [Insecure temp files in linux-wlan-ng] - - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low) -CAN-2004-XXXX [kmail may send out sensitive information when used on NFS homes] - - kdepim <unfixed> (bug #280287; low) - NOTE: kmail was once part of kdenetwork. -CAN-2002-XXXX [sanitizer bypassal through quoted file names] - - sanitizer <unfixed> (bug #149799; medium) - TODO: We should followup, this is probably fixed since the last three years -CAN-2005-XXXX [hdup does not preserve directory permissions] - - hdup <unfixed> (bug #302790) -CAN-2005-XXXX [Heap overflow in libosip URI parsing] - - libosip2 2.0.9-1 (bug #308737) -CAN-2005-XXXX [rkhunter: Insecure temporary file] - - rkhunter 1.2.7-14 (bug #330627; medium) -CAN-2005-XXXX [fprobe-ng: Insecure default hash] - - fprobe-ng <unfixed> (bug #322699; low) -CAN-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...) - NOT-FOR-US: Movable Type -CAN-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...) - NOT-FOR-US: Movable Type -CAN-2005-3102 (The administrative interface in Movable Type allows attackers to ...) - NOT-FOR-US: Movable Type -CAN-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...) - NOT-FOR-US: Movable Type -CAN-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux ...) - NOT-FOR-US: Astato Security Linux -CAN-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...) - NOT-FOR-US: Solaris -CAN-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...) - - qpopper <unfixed> (bug #330123; unimportant) - NOTE: Vulnerable code does not seem to be shipped in the binary package -CAN-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...) - NOT-FOR-US: Avi Alkalay -CAN-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...) - NOT-FOR-US: Avi Alkalay -CAN-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...) - NOT-FOR-US: Avi Alkalay -CAN-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...) - NOT-FOR-US: Avi Alkalay -CAN-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...) - NOT-FOR-US: Nokia cell phones -CAN-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...) - NOT-FOR-US: Image-Line Software FL Studio -CAN-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...) - - mantis <unfixed> (bug #330682; unknown) -CAN-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...) - - mantis <unfixed> (bug #330682; unknown) -CAN-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...) - TODO: file a bug, it's not really clear, whether this has security implications -CAN-2005-3088 - RESERVED -CAN-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...) - - backupninja 0.8-2 (medium) -CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation] - - microcode.ctl <unfixed> (bug #282583; low) - NOTE: The validity of the microcode is ensure inside the CPU -CAN-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list] - - icebreaker 1.21-9.1 (bug #297644; low) -CAN-2001-XXXX [gnupg: inproper flagging of signatures as being local] - - gnupg 1.0.7-1 (bug #107374) -CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...) - NOT-FOR-US: SecureW2 TLS -CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...) - NOT-FOR-US: contentSrv -CAN-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...) - NOT-FOR-US: Riverdark Studios RSS Syndicator -CAN-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...) - NOT-FOR-US: Sony PSP -CAN-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) - NOT-FOR-US: CMS Made Simple -CAN-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...) - NOT-FOR-US: SEO-Board -CAN-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...) - - wzdftpd 0.5.5-1 (high) -CAN-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...) - NOT-FOR-US: GeSHi -CAN-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...) - NOT-FOR-US: PunBB -CAN-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...) - NOT-FOR-US: PunBB -CAN-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...) - NOT-FOR-US: Microsoft -CAN-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...) - NOT-FOR-US: Simplog -CAN-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...) - NOT-FOR-US: Zengaia -CAN-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...) - NOT-FOR-US: RSyslog -CAN-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...) - - interchange 5.2.1-1 (bug #329705; unknown) -CAN-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...) - - interchange 5.2.1-1 (bug #329705; medium) -CAN-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...) - NOT-FOR-US: Solaris -CAN-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...) - - hylafax 1:4.2.2+rc1 (bug #329384; low) -CAN-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...) - {DSA-865-1} - - hylafax 1:4.2.2+rc1 (bug #329384; low) -CAN-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...) - - eric 3.7.2-1 (bug #330608; unknown) -CAN-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...) - NOT-FOR-US: PerlDiver -CAN-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) - NOT-FOR-US: PerlDiver -CAN-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...) - NOT-FOR-US: MultiTheftAuto -CAN-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) - NOT-FOR-US: MultiTheftAuto -CAN-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...) - NOT-FOR-US: MailGust -CAN-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) - NOT-FOR-US: AlstraSoft E-Friends -CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...) - NOT-FOR-US: PowerArchiver -CAN-2003-XXXX [libsafe: does not prevent some exploit types] - TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase - - libsafe <unfixed> (bug #173227; medium) -CAN-2003-XXXX [Insecure temp files in lilo] - - lilo 1:22.4-1 (bug #173238; bug #292073; low) -CAN-2005-XXXX [Multiple security issues when using distcc without ssh auth] - - distcc 2.18.3-3 (bug #298929; low) - NOTE: Only affects distcc in a very non-standard setup -CAN-2004-XXXX [phpwiki shares a cookie for all wikis on a host] - - phpwiki <unfixed> (bug #282565; medium) -CAN-2005-XXXX [Possibly incorrect virtualisation in php4] - - php4 <unfixed> (bug #317577; bug #330419; unknown) - NOTE: Maintainer can't reproduce -CAN-1999-XXXX [Insecure access control on GNU Mach's IO ports] - - gnumach <unfixed> (bug #46709) - NOTE: Nearly six years old :-) -CAN-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...) - NOT-FOR-US: AIX -CAN-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...) - NOT-FOR-US: Opera -CAN-2005-3058 - RESERVED -CAN-2005-3057 - RESERVED -CAN-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ] - RESERVED - - twiki 20040902-2 (bug #330733; high) -CAN-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...) - - linux-2.6 <unfixed> (bug #330287; bug #332587; medium) - - kernel-source-2.6.8 <unfixed> (bug #332596) -CAN-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...) - - php4 4:4.4.0-3 (bug #353585; medium) - - php5 5.0.5-2 (bug #353585; medium) -CAN-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...) - - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium) - - kernel-source-2.6.8 2.6.8-16sarge2 (medium) -CAN-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...) - NOT-FOR-US: jportal -CAN-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...) - NOT-FOR-US: 7-Zip -CAN-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: PhpMyFaq -CAN-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...) - NOT-FOR-US: PhpMyFaq -CAN-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...) - NOT-FOR-US: PhpMyFaq -CAN-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...) - NOT-FOR-US: PhpMyFaq -CAN-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...) - NOT-FOR-US: PhpMyFaq -CAN-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...) - NOT-FOR-US: My Little Forum -CAN-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...) - - emacs21 21.3-1 (bug #286183; medium) - TODO: check xemacs21 -CAN-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] - - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) -CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] - - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) -CAN-2005-XXXX [Insecure pidfile handling in mailleds] - - mailleds 0.93-11.1 (bug #329365; low) -CAN-2005-XXXX [kdebase uses urandom as an entropy source] - - kdebase <unfixed> (bug #325369; unimportant) - NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels - NOTE: on Linux urandom should provide sufficient entropy -CAN-2005-XXXX [imview: Possible buffer overflow with FITS images] - - imview <unfixed> (bug #326971; unknown) - TODO: Needs further evaluation -CAN-2005-XXXX [ Chroot escape in vserver kernel patch] - - kernel-patch-vserver <unfixed> (bug #329087; medium) -CAN-2005-XXXX [Local kernel DoS through incorrect boundary checks in cipher processors] - - linux-2.6 2.6.12-7 (low) -CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) - NOT-FOR-US: Mall23 eCommerce -CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...) - - webmin 1.230-1 (high; bug #329741) - - usermin 1.160-1 (high; bug #329742) - NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821 -CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) - NOT-FOR-US: Opera -CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) - NOT-FOR-US: TAC Vista -CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) - NOT-FOR-US: Mall23 eCommerce -CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) - NOT-FOR-US: Hosting Controller -CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) - NOT-FOR-US: Handy Address Book Server -CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...) - NOT-FOR-US: File Transfer Anywhere -CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) - NOT-FOR-US: Compuware DriverStudio -CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) - NOT-FOR-US: Compuware DriverStudio -CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) - NOT-FOR-US: vxWeb - WinCE software -CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) - NOT-FOR-US: vxTfpSrv - WinCE software -CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...) - NOT-FOR-US: vxTfpSrv - WinCE software -CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) - NOT-FOR-US: Ahnlab Anti virus -CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...) - NOT-FOR-US: Ahnlab Anti virus -CAN-2005-3028 - REJECTED -CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...) - NOT-FOR-US: Sybari Antigen anti spam solution -CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) - NOT-FOR-US: Epay Pro -CAN-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...) - NOT-FOR-US: vBulletin -CAN-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...) - NOT-FOR-US: vBulletin -CAN-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...) - NOT-FOR-US: vBulletin -CAN-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...) - NOT-FOR-US: vBulletin -CAN-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...) - NOT-FOR-US: vBulletin -CAN-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) - NOT-FOR-US: vBulletin -CAN-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...) - NOT-FOR-US: vBulletin -CAN-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Safari -CAN-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...) - NOT-FOR-US: Content2Web -CAN-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...) - NOT-FOR-US: Lotus Domino -CAN-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...) - NOT-FOR-US: Ensim webppliance -CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...) - NOT-FOR-US: YaST -CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) - NOT-FOR-US: SimpleCDR-X -CAN-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to overwrite ...) - - texinfo 4.8-1 (bug #328365; low) -CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...) - NOT-FOR-US: CuteNews -CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...) - NOT-FOR-US: CuteNews -CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) - NOT-FOR-US: Tofu - TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix -CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) - NOT-FOR-US: Opera -CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) - NOT-FOR-US: Opera -CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...) - NOT-FOR-US: Helpdesk Software Hesk -CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...) - NOT-FOR-US: Interakt MX Shop -CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...) - NOT-FOR-US: NooTopList -CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...) - NOT-FOR-US: Multi-Computer Control System -CAN-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...) - NOT-FOR-US: Solaris -CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) - NOT-FOR-US: PHP Advanced Transfer Manager -CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...) - NOT-FOR-US: PHP Advanced Transfer Manager -CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...) - NOT-FOR-US: PHP Advanced Transfer Manager -CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) - NOT-FOR-US: PHP Advanced Transfer Manager -CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...) - NOT-FOR-US: VERITAS storage solutions -CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...) - - bacula (bug #329271; low) -CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...) - NOT-FOR-US: IBM Rational ClearQuest -CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...) - NOT-FOR-US: HP Tru64 -CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) - - ncompress <unfixed> (bug #329052; unimportant) -CAN-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) - {DSA-843-1} - - arc 5.21m-1 (low) -CAN-2005-XXXX [freeradius buffer overflows and SQL injection] - - freeradius 1.0.5-1 (medium) -CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...) - NOT-FOR-US: LineControl Java Client -CAN-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...) - NOT-FOR-US: DeluxeBB -CAN-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...) - NOT-FOR-US: HP printers -CAN-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...) - NOT-FOR-US: Digital Scribe -CAN-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...) - NOT-FOR-US: AhnLab antivirus and related products -CAN-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...) - NOT-FOR-US: aeDating script -CAN-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...) - NOT-FOR-US: Avocent hardware issue -CAN-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...) - NOT-FOR-US: Oracle -CAN-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...) - NOT-FOR-US: CompaqHTTPServer -CAN-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...) - NOT-FOR-US: Orion -CAN-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...) - NOT-FOR-US: phpoutsourcing Noah's classifieds -CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...) - NOT-FOR-US: phpoutsourcing Noah's classifieds -CAN-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...) - - netpbm-free 2:10.0-10 -CAN-2005-2977 - RESERVED -CAN-2005-2976 - RESERVED -CAN-2005-2975 - RESERVED -CAN-2005-2974 - RESERVED -CAN-2005-2973 - RESERVED -CAN-2005-2972 [Further RTF buffer overflows in abiword] - RESERVED - - abiword 2.4.1-1 (bug #333740; medium) -CAN-2005-2971 [Heap overflow in kword's RTF import] - RESERVED - - koffice 1:1.3.5-5 (bug #333497; medium) -CAN-2005-2970 - RESERVED -CAN-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) - - openssl 0.9.8-3 (bug #333500; low) - - openssl097 0.9.7g-5 (bug #333500; low) - - openssl094 <removed> - - openssl095 <removed> - - openssl096 <removed> -CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) - - mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script) - - mozilla <not-affected> (Debian ships a non-vulnerable wrapper script) - - mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high) -CAN-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...) - {DSA-863-1} - - xine-lib <unfixed> (bug #332919; bug #333682; medium) -CAN-2005-2965 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...) - {DSA-857-1} - - graphviz 2.2.1-1sarge1 (low) -CAN-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...) - - abiword 2.2.10-1 (bug #329839; medium) -CAN-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...) - {DSA-844-1} - - mod-auth-shadow 1.4-2 (bug #323789; medium) -CAN-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...) - {DSA-830-1} -CAN-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...) - {DSA-834-1} - NOTE: prozilla is not in sarge or etch -CAN-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...) - {DSA-836-1 DSA-835-1} - - cfengine <unfixed> -CAN-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps] - RESERVED - - sudo 1.6.8p9-3 (medium) -CAN-2005-2958 [Format string vulnerability in libgda2] - RESERVED - - libgda2 1.2.2-1 (medium) -CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...) - NOT-FOR-US: AVIRA Desktop -CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...) - NOT-FOR-US: ATutor -CAN-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...) - NOT-FOR-US: ATutor -CAN-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...) - NOT-FOR-US: ATutor -CAN-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...) - NOT-FOR-US: MIVA Merchant -CAN-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...) - NOT-FOR-US: Subscribe Me Pro -CAN-2005-2951 (Directory traversal vulnerability in security.inc.php in ...) - NOT-FOR-US: AzDGDating lite -CAN-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...) - NOT-FOR-US: Sawmill -CAN-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...) - TODO: check -CAN-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...) - NOT-FOR-US: KillProcess -CAN-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...) - NOT-FOR-US: KillProcess -CAN-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...) - - openssl (bug #314465; unimportant) - NOTE: MD5 is still good enough for most applications, second preimage attacks - NOTE: haven't been presented yet -CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...) - NOT-FOR-US: GNOME Workstation Command Center -CAN-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...) - - xmail 1.22-1 (bug #333863; medium) -CAN-2005-2942 - REJECTED -CAN-2005-2941 - RESERVED -CAN-2005-2940 - RESERVED -CAN-2005-2939 - RESERVED -CAN-2005-2938 - RESERVED -CAN-2005-2937 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) - NOT-FOR-US: Kaspersky -CAN-2005-2936 - RESERVED -CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...) - NOT-FOR-US: Microsoft AntiSpyware -CAN-2005-2934 - RESERVED -CAN-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...) - {DSA-861-1} - - uw-imap 7:2002edebian1-12 (medium; bug #332215) -CAN-2005-2932 - RESERVED -CAN-2005-2931 - RESERVED -CAN-2005-2930 - RESERVED -CAN-2005-2929 - RESERVED -CAN-2005-2928 - RESERVED -CAN-2005-2927 - RESERVED -CAN-2005-2926 - RESERVED -CAN-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...) - NOT-FOR-US: IRIX -CAN-2005-2924 - RESERVED -CAN-2005-2923 - RESERVED -CAN-2005-2922 - RESERVED -CAN-2005-2921 - RESERVED -CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...) - NOT-FOR-US: Linksys routers -CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) - NOT-FOR-US: Linksys routers -CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) - NOT-FOR-US: Linksys routers -CAN-2005-2913 - REJECTED -CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...) - NOT-FOR-US: Linksys routers -CAN-2005-2911 - RESERVED -CAN-2005-2910 - RESERVED -CAN-2005-2909 - RESERVED -CAN-2005-2908 - RESERVED -CAN-2005-2907 - RESERVED -CAN-2005-2906 - RESERVED -CAN-2005-2905 - RESERVED -CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...) - NOT-FOR-US: Zebedee -CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...) - NOT-FOR-US: NOD32 Anti virus -CAN-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...) - NOT-FOR-US: class-1 Forum -CAN-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...) - NOT-FOR-US: CjWeb2Mail -CAN-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...) - NOT-FOR-US: CjLinkOut -CAN-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...) - NOT-FOR-US: CjTagBoard -CAN-2005-2898 (** DISPUTED ** ...) - NOT-FOR-US: Filezilla -CAN-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: WEB//NEWS -CAN-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...) - NOT-FOR-US: WEB//NEWS -CAN-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...) - NOT-FOR-US: PBLang -CAN-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...) - NOT-FOR-US: PBLang -CAN-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...) - NOT-FOR-US: PBLang -CAN-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...) - NOT-FOR-US: PBLang -CAN-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...) - NOT-FOR-US: WebArchiveX -CAN-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...) - NOT-FOR-US: SecureOL -CAN-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...) - NOT-FOR-US: Check Point -CAN-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) - NOT-FOR-US: MyBB -CAN-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...) - NOT-FOR-US: MAXDev MD-Pro -CAN-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) - NOT-FOR-US: MAXDev MD-Pro -CAN-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...) - NOT-FOR-US: MAXDev MD-Pro -CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...) - NOT-FOR-US: Land Down Under -CAN-2005-2883 - REJECTED - NOT-FOR-US: Unclassified News Board -CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - NOT-FOR-US: phpCommunityCalendar -CAN-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...) - NOT-FOR-US: phpCommunityCalendar -CAN-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...) - NOT-FOR-US: phpCommunityCalendar -CAN-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...) - NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect -CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...) - {DSA-843-1} - - arc 5.21m-1 (bug #329053; low) -CAN-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...) - {DSA-828-1} - - squid 2.5.10-6 (unknown) -CAN-2005-XXXX [user password file created by gajim is world-redable] - - gajim 0.8.2-1 (bug #325080; low) -CAN-2005-XXXX [mkzopeinstance.py creates world-readable inituser file] - - zope2.7 <unfixed> (bug #313644; low) - NOTE: first patch was incorrect -CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap] - - wine 0.0.20050830-1 (bug #327261; bug #327262; high) -CAN-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...) - {DSA-824-1 DTSA-19-1} - - clamav 0.87-1 (bug #328660; medium) -CAN-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...) - {DSA-824-1 DTSA-19-1} - - clamav 0.87-1 (bug #328660; medium) -CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...) - {DSA-822-1} - - gtkdiskfree 1.9.3-4sarge1 (bug #328566; low) -CAN-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...) - - linux-2.6 2.6.12-7 (medium) - - kernel-source-2.6.8 2.6.8-16sarge2 (medium) - NOTE: code is vulnerable but there is no amd64 for 2.4 in Sarge -CAN-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...) - NOTE: proactively fixed by the robustness patch - - twiki 20040902-2 -CAN-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...) - {DSA-825-1 DSA-823-1} - - util-linux 2.12p-8 (bug #328141; bug #329063; medium) - - loop-aes-utils 2.12p-9 (bug #328626; medium) -CAN-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...) - {DSA-856-1} - - py2play 0.1.8-1 (bug #326976; medium) - - slune 1.0.10-1 (bug #326976; medium) - NOTE: slune had to be adapted to internal py2play changes in order to avoid breakage -CAN-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...) - - cupsys 1.1.23-1 (unknown) -CAN-2005-XXXX [snort vulnerable to DoS attack] - - snort 2.3.3-2 (bug #328134; low) -CAN-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...) - {DSA-837-1} - - mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; medium) - - mozilla 2:1.7.12-1 (bug #327455; medium) - NOTE: epiphany-browser is apparently fixed fix the mozilla-browser - NOTE: upload; see bug #327366 -CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36] - - chmlib 0.36-1 (bug #327431) -CAN-2005-2802 - REJECTED - NOTE: rejected, initially ipt_recent related -CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...) - {DSA-841-1 DTSA-20-1} - - mailutils 1:0.6.90-2.1etch1 (bug #327424; high) -CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...) - NOT-FOR-US: Solaris -CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - - phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium) -CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...) - NOT-FOR-US: ZipTorrent -CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...) - NOT-FOR-US: BlueWhaleCRM -CAN-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...) - NOT-FOR-US: Mercora IMRadio -CAN-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...) - NOT-FOR-US: aMember Pro -CAN-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...) - NOT-FOR-US: URBAN -CAN-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...) - NOT-FOR-US: OpenWebmail -CAN-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...) - NOT-FOR-US: ADSL hardware -CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...) - NOT-FOR-US: N-Stealth -CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...) - - nikto 1.35-1 (bug #327339; medium) -CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...) - NOT-FOR-US: Savant Web Server -CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...) - NOT-FOR-US: Rediff BOL) -CAN-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...) - NOT-FOR-US: Free SMTP Server -CAN-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51 through 6.11 ...) - NOT-FOR-US: ALZip -CAN-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...) - NOT-FOR-US: Unclassified Newsboard -CAN-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...) - NOT-FOR-US: thesitewizard.com chfeedback.pl -CAN-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...) - NOT-FOR-US: GuppY -CAN-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...) - NOT-FOR-US: Novell Netware -CAN-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...) - - smb4k 0.6.3-1 (medium) -CAN-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: SlimFTPD -CAN-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...) - NOT-FOR-US: Barracuda antispam solution -CAN-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...) - NOT-FOR-US: Barracuda antispam solution -CAN-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...) - NOT-FOR-US: Barracuda antispam solution -CAN-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...) - NOT-FOR-US: CMS Made Simple -CAN-2005-2845 (Ariba Spend Management System sends the username and password to the ...) - NOT-FOR-US: Ariba Spend Management System -CAN-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...) - NOT-FOR-US: Indiatimes Messenger -CAN-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...) - NOT-FOR-US: Hesk -CAN-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...) - NOT-FOR-US: DameWare Mini -CAN-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...) - NOT-FOR-US: IOS -CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...) - NOT-FOR-US: MAXdev -CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) - NOT-FOR-US: MAXdev -CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...) - NOT-FOR-US: myBloggie -CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...) - NOT-FOR-US: WebGUI -CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...) - NOT-FOR-US: Phorum -CAN-2005-2835 - RESERVED -CAN-2005-2834 - RESERVED -CAN-2005-2833 - RESERVED -CAN-2005-2832 - RESERVED -CAN-2005-2831 - RESERVED -CAN-2005-2830 - RESERVED -CAN-2005-2829 - RESERVED -CAN-2005-2828 - RESERVED -CAN-2005-2827 - RESERVED -CAN-2005-2826 - RESERVED -CAN-2005-2825 - RESERVED -CAN-2005-2824 - RESERVED -CAN-2005-2823 - RESERVED -CAN-2005-2822 - RESERVED -CAN-2005-2821 - RESERVED -CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) - {DSA-820-1} - - courier 0.47-9 (bug #327181; medium) -CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...) - NOT-FOR-US: DownFile -CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...) - NOT-FOR-US: DownFile -CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...) - NOT-FOR-US: Simple Machines Forum -CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...) - NOT-FOR-US: Greymatter -CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...) - NOT-FOR-US: FlatNuke -CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...) - NOT-FOR-US: FlatNuke -CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...) - NOT-FOR-US: FlatNuke -CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...) - NOT-FOR-US: man2web -CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...) - - net-snmp <not-affected> (Gentoo Portage specific configuration flaw) -CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...) - NOT-FOR-US: urban game -CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...) - NOT-FOR-US: silc daemon -CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...) - - frox 0.7.18-1 (medium) -CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...) - - frox <not-affected> (does not run setuid root in the Debian package) -CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...) - NOT-FOR-US: BNBT EasyTracker -CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...) - NOT-FOR-US: e107 -CAN-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...) - NOT-FOR-US: GroupWise -CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...) - - hiki 0.8.3-1 -CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...) - - linux-2.6 2.6.12-6 (low) -CAN-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...) - NOT-FOR-US: Linksys routers -CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) - - openssh 1:4.2p1-1 (bug #326065; medium) - - openssh-krb5 <unfixed> (bug #327233; medium) -CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) - - openssh 1:4.2p1-1 (bug #326065; medium) -CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...) - {DSA-809-1} - - squid 2.5.10-5 (medium) -CAN-2005-2795 - RESERVED -CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...) - {DSA-809-2 DSA-809-1} - - squid 2.5.10-5 (medium) -CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...) - - phpldapadmin 0.9.6c-7 (bug #325785; medium) -CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...) - - phpldapadmin 0.9.6c-7 (bug #325785; medium) -CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) - NOT-FOR-US: BFCC -CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) - NOT-FOR-US: BFCC -CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) - NOT-FOR-US: BFCC -CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...) - NOT-FOR-US: Land Down Under -CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...) - NOT-FOR-US: Simple PHP Blog -CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...) - NOT-FOR-US: cosmoshop -CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...) - NOT-FOR-US: cosmoshop -CAN-2005-2784 (SQL injection vulnerability in the login function for the ...) - NOT-FOR-US: cosmoshop -CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...) - NOT-FOR-US: AutoLinks Pro -CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) - TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected -CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) - NOT-FOR-US: Land Down Under -CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...) - NOT-FOR-US: iTAN -CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) - NOT-FOR-US: MyBB -CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Looking Glass -CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...) - NOT-FOR-US: Looking Glass -CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...) - NOT-FOR-US: Looking Glass -CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...) - NOT-FOR-US: Litium Quake mod -CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...) - NOT-FOR-US: HP OpenView -CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...) - {DSA-832-1} - - gopher 3.0.11 (bug #327722; high) -CAN-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) - NOT-FOR-US: Reflection for Secure IT -CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) - NOT-FOR-US: Reflection for Secure IT -CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...) - - sqwebmail 0.47-9 (bug #327727; medium) -CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...) - NOT-FOR-US: Sophos AntiVirus -CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...) - NOT-FOR-US: LeapFTP -CAN-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6] - - linux-2.6 2.6.12-6 (low) -CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...) - NOT-FOR-US: Symantec AntiVirus -CAN-2005-2765 (The user interface in the Windows Firewall does not properly display ...) - NOT-FOR-US: Microsoft Windows -CAN-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...) - NOT-FOR-US: OpenTTD -CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...) - NOT-FOR-US: OpenTTD -CAN-2005-2762 - RESERVED -CAN-2005-2760 - RESERVED -CAN-2005-2759 - RESERVED -CAN-2005-2758 (Integer signedness error in the administrative interface for Symantec ...) - NOT-FOR-US: Symantec Antivirus -CAN-2005-2757 - RESERVED -CAN-2005-2756 - RESERVED -CAN-2005-2755 - RESERVED -CAN-2005-2754 - RESERVED -CAN-2005-2753 - RESERVED -CAN-2005-2752 - RESERVED -CAN-2005-2751 - RESERVED -CAN-2005-2750 - RESERVED -CAN-2005-2749 - RESERVED -CAN-2005-2748 - RESERVED -CAN-2005-2747 - RESERVED -CAN-2005-2746 - RESERVED -CAN-2005-2745 - RESERVED -CAN-2005-2744 - RESERVED -CAN-2005-2743 - RESERVED -CAN-2005-2742 - RESERVED -CAN-2005-2741 - RESERVED -CAN-2005-2740 - RESERVED -CAN-2005-2739 - RESERVED -CAN-2005-2738 - RESERVED -CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...) - NOT-FOR-US: PhotoPost -CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...) - NOT-FOR-US: YaPig -CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...) - NOT-FOR-US: phpGraphy -CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...) - - gallery 1.5-2 (bug #325285; medium) - TODO: check gallery2 -CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...) - NOT-FOR-US: Simple PHP Blog -CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...) - NOTE: path disclosure, so not very important on debian systems - NOTE: unreproducible according to bug #327729 -CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...) - NOT-FOR-US: Astato specific -CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...) - NOT-FOR-US: Astato specific -CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...) - NOT-FOR-US: Astato specific -CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...) - {DSA-805-1} - NOTE: The CVE description is wrong, this has been merged for 2.0.55 - - apache2 2.0.54-5 (bug #326435; medium) -CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...) - NOT-FOR-US: Home Ftp Server -CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...) - NOT-FOR-US: Home Ftp Server -CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...) - NOT-FOR-US: QNX -CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...) - NOT-FOR-US: PaFileDB -CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Foojan PHP Weblog -CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) - NOT-FOR-US: Foojan PHP Weblog -CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...) - NOT-FOR-US: HAURI Antivirus -CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...) - NOT-FOR-US: Ventrilo -CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...) - NOT-FOR-US: MPlayer -CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...) - {DSA-799-1} - - webcalendar 0.9.45-7 (bug #326223; medium) -CAN-2005-2715 (Format string vulnerability in the Java user interface service ...) - NOT-FOR-US: VERITAS NetBackup Data and Business Center -CAN-2005-2714 - RESERVED -CAN-2005-2713 - RESERVED -CAN-2005-2712 - RESERVED -CAN-2005-2711 - RESERVED -CAN-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...) - {DSA-826-1} - NOTE: see http://www.open-security.org/advisories/13 - - helix-player 1.0.6-1 (bug #330364; high) -CAN-2005-2709 - RESERVED -CAN-2005-2708 - RESERVED -CAN-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; medium) - - mozilla 2:1.7.12-1 (medium) -CAN-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; high) - - mozilla 2:1.7.12-1 (high) -CAN-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; high) - - mozilla 2:1.7.12-1 (high) -CAN-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; medium) - - mozilla 2:1.7.12-1 (medium) -CAN-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; medium) - - mozilla (medium) -CAN-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; high) - - mozilla 2:1.7.12-1 (high) -CAN-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...) - {DSA-838-1} - - mozilla-firefox 1.0.7-1 (bug #329778; medium) - - mozilla 2:1.7.12-1 (bug #329778; medium) -CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...) - {DSA-807-1 DSA-805-1} - - libapache-mod-ssl 2.8.24-1 (medium) - - apache2 2.0.54-5 (bug #327210; medium) -CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...) - NOT-FOR-US: PHPKit -CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...) - NOT-FOR-US: Nephp Publisher Enterprise -CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...) - NOT-FOR-US: MyBB -CAN-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...) - NOT-FOR-US: Notes -CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...) - NOT-FOR-US: Cisco -CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...) - NOT-FOR-US: WinAce -CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...) - NOT-FOR-US: SunOS -CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...) - NOT-FOR-US: Solaris -CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...) - NOT-FOR-US: SunOS -CAN-2005-XXXX [osh buffer overflow in handlers.c] - NOTE: This is not the same as -13 - - osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium) -CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) - {DSA-793-1} - - courier 0.47-8 (medium; bug #325631) -CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...) - - kernel-source-2.4.27 2.4.27-11 (medium) - TODO: check what version of linux-2.6 fixed this. (See bug #328395) - NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html -CAN-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) - - kernel-source-2.4.27 <unfixed> (bug #332228; low) - - kernel-source-2.6.8 <unfixed> (bug #332231; low) - - linux-2.6 <unfixed> (bug #332381; low) - NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite - NOTE: of ipt_recent the best solution, which seems to occur soon -CAN-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...) - - kernel-source-2.4.27 2.4.27-11 (bug #322237; medium) - - kernel-source-2.4.27 2.4.27-10sarge1 (medium) - - kernel-source-2.6.8 2.6.8-16sarge2 (medium) -CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...) - {DSA-798-1} - - phpgroupware 0.9.16.008-1 (unknown) -CAN-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...) - {DSA-796-1} - - affix 2.1.2-3 (bug #325444; medium) -CAN-2005-XXXX [Insecure tempfile usage in tleds] - - tleds 1.05beta10-9 (bug #276789; low) -CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...) - {DSA-806-1 DSA-802-1} - NOTE: cvs: not shipped in binary package - - cvs 1:1.12.9-15 (bug #325106; unimportant) - - gcvs 1.0final-8 (bug #324969; low) -CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...) - NOT-FOR-US: RunCMS -CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...) - NOT-FOR-US: RunCMS -CAN-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...) - NOT-FOR-US: PostNuke -CAN-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...) - NOT-FOR-US: PostNuke -CAN-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...) - NOT-FOR-US: SaveWebPortal -CAN-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...) - NOT-FOR-US: SaveWebPortal -CAN-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...) - NOT-FOR-US: SaveWebPortal -CAN-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...) - NOT-FOR-US: SaveWebPortal -CAN-2005-XXXX [Insecure temp files in firehol] - - firehol 1.231-4 (low) -CAN-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...) - NOT-FOR-US: Virtual Edge Netquery -CAN-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...) - NOT-FOR-US: PHPKit -CAN-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...) - NOT-FOR-US: DTLink AreaEdit -CAN-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...) - NOT-FOR-US: Cisco -CAN-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...) - NOT-FOR-US: BEA WebLogic Portal -CAN-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...) - NOT-FOR-US: Sysinternals Process Explorer -CAN-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...) - NOT-FOR-US: MSIE -CAN-2005-2677 (ACNews stores the database in a file under the web document root with ...) - NOT-FOR-US: ACNews -CAN-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...) - NOT-FOR-US: Coppermine -CAN-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...) - NOT-FOR-US: Land Down Under -CAN-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...) - NOT-FOR-US: Land Down Under -CAN-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...) - NOT-FOR-US: Burning Board -CAN-2005-2671 - REJECTED -CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...) - NOT-FOR-US: HAURI -CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...) - NOT-FOR-US: Computer Associates -CAN-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...) - NOT-FOR-US: Computer Associates -CAN-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...) - NOT-FOR-US: Computer Associates -CAN-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...) - - openssh 1:4.0p1-1 (low) -CAN-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...) - NOT-FOR-US: elm-me+ is no longer in unstable or testing -CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...) - NOT-FOR-US: Whisper -CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...) - {DSA-848-1} - - masqmail 0.2.20-1sarge1 (low; bug #329307) -CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...) - {DSA-848-1} - - masqmail 0.2.20-1sarge1 (high; bug #329307) -CAN-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...) - {DSA-852-1} - - up-imapproxy 1.2.4-2 (high) -CAN-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...) - {DSA-839-1} - - apachetop 0.12.5-3 (unknown) -CAN-2005-2659 - RESERVED -CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...) - {DSA-812-1} - - turqstat 2.2.4-1 (medium) -CAN-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...) - {DSA-811-1} -CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...) - {DSA-794-1} - NOTE: Fix in -8 had problems - - polygen 1.0.6-9 (bug #325468; low) -CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...) - {DSA-791-1 DTSA-11-1} - - maildrop 1.5.3-2 (bug #325135; medium) -CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...) - {DSA-790-1} - - phpldapadmin 0.9.6c-5 (medium) -CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks] - - cplay 1.49-8 (bug #324913; low) -CAN-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory] - - phpldapadmin 0.9.6c-5 (bug #322423; low) -CAN-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...) - {DSA-814-1 DTSA-17-1} - - lm-sensors 1:2.9.1-7 (bug #324193; medium) -CAN-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...) - NOT-FOR-US: BBCaffe -CAN-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...) - NOT-FOR-US: Zorum -CAN-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...) - NOT-FOR-US: Zorum -CAN-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...) - NOT-FOR-US: Emefa Guestbook -CAN-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...) - NOT-FOR-US: ATutor -CAN-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...) - NOT-FOR-US: W-Agora -CAN-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...) - NOT-FOR-US: Xerox MicroServer Web Server in Document Centre -CAN-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) - NOT-FOR-US: Xerox MicroServer Web Server in Document Centre -CAN-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) - NOT-FOR-US: Xerox MicroServer Web Server in Document Centre -CAN-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...) - NOT-FOR-US: JaguarControl -CAN-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...) - - tor 0.1.0.14-1 (bug #323786; medium) -CAN-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...) - - mutt <unfixed> (bug #323956; high) - NOTE: Status is not clear; upstream is unresponsive. -CAN-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...) - {DSA-785-1} - - libpam-ldap 178-1sarge1 (bug #324899; unknown) -CAN-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...) - NOT-FOR-US: Kerio WinRoute Firewall -CAN-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...) - NOT-FOR-US: Outlook -CAN-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...) - NOT-FOR-US: MyProxy -CAN-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...) - TODO: check -CAN-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...) - - squid 2.5.8 -CAN-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is included in ...) - NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name." -CAN-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...) - NOT-FOR-US: DiamondCS -CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...) - NOT-FOR-US: Juniper -CAN-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...) - NOT-FOR-US: World Poker Championship -CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...) - NOT-FOR-US: PHPFreeNews -CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...) - NOT-FOR-US: PHPFreeNews -CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...) - - phpadsnew <itp> (bug #226636) -CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...) - - phpadsnew <itp> (bug #226636) -CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...) - NOT-FOR-US: WinFTP Server -CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...) - NOT-FOR-US: PHPTB Topic Board -CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...) - - mediabox404 <itp> (bug #294397) -CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...) - NOT-FOR-US: Cisco -CAN-2005-2630 - RESERVED -CAN-2005-2629 - RESERVED -CAN-2005-2628 - RESERVED -CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...) - {DSA-788-1 DTSA-1-1} - - kismet 2005.08.R1-1 (bug #323386; high) -CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...) - {DSA-788-1 DTSA-1-1} - - kismet 2005.08.R1-1 (bug #323386; high) -CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...) - NOT-FOR-US: MS IE -CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...) - NOT-FOR-US: Google Toolbar -CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...) - NOT-FOR-US: PHPNews -CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...) - - wmfrog <itp> (bug #294352) -CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...) - NOT-FOR-US: Outpost Pro -CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...) - NOT-FOR-US: QuoteEngine -CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...) - NOT-FOR-US: MadBMS -CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...) - NOT-FOR-US: phpScheduleIt -CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...) - NOT-FOR-US: SillySearch -CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...) - NOT-FOR-US: Easy Chat Server -CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...) - NOT-FOR-US: Easy Chat Server -CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...) - NOT-FOR-US: Easy Chat Server -CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...) - NOT-FOR-US: ADA Image Server -CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...) - NOT-FOR-US: ADA Image Server -CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...) - - cplay 1.49-3 (medium) -CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...) - - gnubiff 2.0.0 (medium) -CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...) - - gnubiff 2.0.0 (medium) -CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...) - - gnubiff 2.0.0 (medium) -CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...) - NOT-FOR-US: Open WebMail -CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...) - NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router -CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...) - NOT-FOR-US: miniBB -CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...) - NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g -CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...) - NOT-FOR-US: aMSN 0.90 for Microsoft Windows -CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...) - NOT-FOR-US: Tutti Nova -CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...) - NOT-FOR-US: Hitachi Cosminexus Portal Framework -CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...) - NOT-FOR-US: Roger Wilco -CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...) - NOT-FOR-US: Roger Wilco -CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...) - NOT-FOR-US: Roger Wilco -CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...) - NOT-FOR-US: S-Mart Shopping Cart or RediCart -CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...) - NOT-FOR-US: *1st Class Mail Server -CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...) - NOT-FOR-US: *1st Class Mail Server -CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...) - NOT-FOR-US: Jaws -CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...) - NOT-FOR-US: Jaws -CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...) - NOT-FOR-US: Jaws -CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...) - NOT-FOR-US: F-Secure Anti-Virus -CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...) - NOT-FOR-US: Kerio -CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...) - NOT-FOR-US: proxytunnel -CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...) - NOT-FOR-US: HP printers -CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...) - NOT-FOR-US: PHP-Fusion -CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...) - NOT-FOR-US: PHP-Fusion -CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...) - NOT-FOR-US: Computer Associates Unicenter Common Services -CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...) - NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS) -CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...) - NOT-FOR-US: CPAINT ajax toolkit -CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...) - NOT-FOR-US: CPAINT ajax toolkit -CAN-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...) - NOT-FOR-US: ECW Shop -CAN-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...) - NOT-FOR-US: ECW Shop -CAN-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...) - NOT-FOR-US: ECW Shop -CAN-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...) - NOT-FOR-US: Novell GroupWise -CAN-2005-2619 - RESERVED -CAN-2005-2618 - RESERVED -CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) - NOT-FOR-US: MS IE -CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...) - NOT-FOR-US: ADM ActiveX control -CAN-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: WinAgents TFTP Server -CAN-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...) - NOT-FOR-US: ignitionServer -CAN-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...) - NOT-FOR-US: Trend OfficeScan -CAN-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...) - NOT-FOR-US: EnderUNIX spamGuard -CAN-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...) - NOT-FOR-US: WWWguestbook -CAN-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) - NOT-FOR-US: Axis Network Camera -CAN-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...) - NOT-FOR-US: Axis Network Camera -CAN-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) - NOT-FOR-US: Axis Network Camera -CAN-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...) - NOT-FOR-US: BEA -CAN-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...) - NOT-FOR-US: Ipswitch IMail Server -CAN-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...) - NOT-FOR-US: Ipswitch IMail Server -CAN-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...) - NOT-FOR-US: Hitachi Job Management Partner -CAN-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...) - NOT-FOR-US: Hitachi Job Management Partner -CAN-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...) - NOT-FOR-US: Keene Digital Media Server -CAN-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...) - NOT-FOR-US: slimftpd not in debian -CAN-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...) - NOT-FOR-US: smtp.proxy -CAN-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...) - NOT-FOR-US: ccproxy -CAN-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...) - NOT-FOR-US: Davenport -CAN-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...) - NOT-FOR-US: Novell NetWare -CAN-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...) - NOT-FOR-US: VP-ASP Shopping Cart -CAN-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...) - NOT-FOR-US: VP-ASP Shopping Cart -CAN-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...) - NOT-FOR-US: VP-ASP Shopping Cart -CAN-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...) - - samhain 2.0.2 -CAN-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...) - - samhain 2.0.2 -CAN-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...) - - kernel-patch-vserver 1.9.2 -CAN-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...) - - phpgroupware 0.9.14.002 -CAN-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before ...) - - phpgroupware 0.9.14.002 -CAN-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...) - NOT-FOR-US: F-Secure Anti-Virus -CAN-2004-2404 - REJECTED - NOT-FOR-US: Leif Wright Web Blog -CAN-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...) - NOT-FOR-US: YaBB -CAN-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...) - NOT-FOR-US: YaBB -CAN-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...) - NOT-FOR-US: Ipswitch IMail -CAN-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...) - NOT-FOR-US: WinFTP Server -CAN-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...) - NOT-FOR-US: Sidewinder -CAN-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...) - NOT-FOR-US: Netenberg Fantastico De Luxe -CAN-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...) - NOT-FOR-US: Blue Coat -CAN-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...) - NOTE: shadow is a different code base, and does not have this problem -CAN-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...) - NOTE: shadow is a different code base, and does not have this problem -CAN-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...) - NOTE: shadow is a different code base, and does not have this problem -CAN-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...) - NOT-FOR-US: Sun JSSE -CAN-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...) - NOT-FOR-US: libuser -CAN-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...) - NOT-FOR-US: jabber-gg-transport -CAN-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...) - NOT-FOR-US: jabber-gg-transport -CAN-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...) - NOT-FOR-US: jabber-gg-transport -CAN-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...) - NOT-FOR-US: ECW-Shop -CAN-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...) - NOT-FOR-US: (FreeBSD) - NOTE: old freebsd, before it was introduced in Debian -CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...) - NOT-FOR-US: Sun JSSE and JRE -CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...) - {DTSA-16-1} - NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html, amd64 specific DOS - - linux-2.6 2.6.12-6 -CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...) - NOT-FOR-US: ezUpload -CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...) - NOT-FOR-US: EQdkp -CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...) - NOT-FOR-US: Discuz -CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...) - NOT-FOR-US: CPAINT Ajax -CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...) - - wordpress 1.5.2-1 (bug #323040; high) -CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...) - NOT-FOR-US: VERITAS Backup Exec for Windows Servers -CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...) - NOT-FOR-US: VegaDNS -CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...) - NOT-FOR-US: VegaDNS -CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...) - NOT-FOR-US: SafeHTML -CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...) - NOT-FOR-US: PHPSimplicity -CAN-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...) - NOT-FOR-US: PHlyMail -CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...) - NOT-FOR-US: Lasso Professional Server -CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...) - NOT-FOR-US: My Image Gallery (Mig) -CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...) - NOT-FOR-US: My Image Gallery (Mig) -CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...) - - mozilla-firefox <unfixed> (bug #324907; low) - TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird -CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) - NOT-FOR-US: MidiCart -CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...) - {DSA-798-1} - - egroupware-fudforum <unfixed> (bug #323928; medium) - - phpgroupware 0.9.16.008-1 (bug #323929; medium) -CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...) - NOT-FOR-US: Hummingbird FTP for Connectivity -CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...) - NOT-FOR-US: Dokeos -CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) - NOT-FOR-US: AOL Client -CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) - - gallery 1.5-2 (medium) -CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...) - NOT-FOR-US: Dada Mail -CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...) - NOT-FOR-US: Apple Safari -CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...) - NOT-FOR-US: MindAlign -CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...) - NOT-FOR-US: MindAlign -CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...) - NOT-FOR-US: MindAlign -CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...) - NOT-FOR-US: MindAlign -CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...) - NOT-FOR-US: WRT54GS wireless router -CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...) - NOT-FOR-US: DVBBS -CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...) - NOT-FOR-US: PHPTB Topic Boards -CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...) - NOT-FOR-US: Mentor ADSL-FR4II router -CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...) - NOT-FOR-US: Mentor ADSL-FR4II router -CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...) - NOT-FOR-US: Mentor ADSL-FR4II router -CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...) - NOT-FOR-US: Mentor ADSL-FR4II router -CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...) - NOT-FOR-US: Kaspersky -CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...) - NOT-FOR-US: Grandstream BudgeTone -CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) - NOT-FOR-US: MyBB -CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...) - NOT-FOR-US: Contivity -CAN-2005-2578 - REJECTED -CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...) - NOT-FOR-US: Wyse Winterm -CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...) - NOT-FOR-US: CaLogic -CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...) - NOT-FOR-US: XMB Forum -CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...) - NOT-FOR-US: XMB Forum -CAN-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...) - - mysql <not-affected> (Windows specific mysql holes) - - mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes) - - mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes) -CAN-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...) - - mysql <not-affected> (Windows specific mysql holes) - - mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes) - - mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes) -CAN-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...) - NOT-FOR-US: FunkBoard -CAN-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...) - NOT-FOR-US: FunkBoard -CAN-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...) - NOT-FOR-US: FunkBoard -CAN-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...) - NOT-FOR-US: SysCP -CAN-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...) - NOT-FOR-US: SysCP -CAN-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) - NOT-FOR-US: OpenBB -CAN-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Gravity Board X (GBX) -CAN-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...) - NOT-FOR-US: Gravity Board X (GBX) -CAN-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...) - NOT-FOR-US: Gravity Board X (GBX) -CAN-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...) - NOT-FOR-US: Gravity Board X (GBX) -CAN-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...) - NOT-FOR-US: MYFAQ -CAN-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...) - NOT-FOR-US: CFBB -CAN-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...) - NOT-FOR-US: e107 portal -CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...) - {DSA-831-1 DSA-829-1} - - mysql-dfsg-4.1 4.1.13 (medium) - - mysql-dfsg-5.0 5.0.7beta-1 (medium) - - mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium) -CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...) - {DSA-778-1} - - mantis 0.19.2-4 (low) -CAN-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...) - {DSA-778-1} - - mantis 0.19.2-4 (medium) -CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...) - {DTSA-16-1} - - linux-2.6 2.6.12-6 (medium) - - kernel-source-2.4.27 2.4.27-12 (medium) -CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...) - NOT-FOR-US: rexecd -CAN-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...) - NOT-FOR-US: sercd -CAN-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...) - NOT-FOR-US: sercd -CAN-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...) - NOT-FOR-US: EMU Webmail -CAN-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Winamp -CAN-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) - NOT-FOR-US: Microsoft -CAN-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...) - NOT-FOR-US: Microsoft -CAN-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...) - - jetty 4.2.19-1 (medium) -CAN-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...) - NOT-FOR-US: Twilight Utilities Web Server -CAN-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...) - NOT-FOR-US: @Mail -CAN-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...) - NOT-FOR-US: @Mail -CAN-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...) - NOT-FOR-US: Alcatel OmniSwitch -CAN-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...) - NOT-FOR-US: Twilight Utilities Web Server -CAN-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...) - NOT-FOR-US: 1st Class Mail Server -CAN-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...) - NOT-FOR-US: BadBlue -CAN-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...) - NOT-FOR-US: AIM -CAN-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...) - - bochs 2.1.1-1 -CAN-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...) - NOT-FOR-US: Red Storm Games -CAN-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...) - NOT-FOR-US: Trillian -CAN-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...) - NOT-FOR-US: Lotus Domino -CAN-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...) - NOT-FOR-US: Opt-X -CAN-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...) - NOT-FOR-US: WFTPD -CAN-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...) - NOT-FOR-US: GlobalScape Secure FTP Server -CAN-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...) - NOT-FOR-US: Microsoft -CAN-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...) - NOT-FOR-US: PHPX CMS -CAN-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...) - NOT-FOR-US: PHPX CMS -CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...) - NOT-FOR-US: PHPX CMS -CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...) - NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0 -CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Targem Battle Mages -CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...) - NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet -CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...) - - phpbb2 2.0.6c (low) -CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...) - NOT-FOR-US: roofpoint Protection Server -CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Fizmez -CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...) - NOT-FOR-US: Crafty Syntax Live Help -CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...) - NOT-FOR-US: 4nGuestbook -CAN-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...) - NOT-FOR-US: BugPort -CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...) - NOT-FOR-US: GBook -CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...) - NOT-FOR-US: GBook -CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...) - - phpbb2 2.0.8 (low) -CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) - NOT-FOR-US: Tunez -CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...) - NOT-FOR-US: Sybari AntiGen for Domino -CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...) - NOT-FOR-US: Leif M. Wright Web Blog -CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...) - NOT-FOR-US: Forum Web Server -CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...) - NOT-FOR-US: Oracle -CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...) - NOT-FOR-US: VocalTec -CAN-2004-2343 (** DISPUTED ** ...) - NOTE: apache disputes this and I agree -- joeyh -CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: ChatterBox -CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...) - NOT-FOR-US: iSearch -CAN-2004-2340 (** UNVERIFIABLE ** ...) - NOT-FOR-US: PunkBuster Screenshot Database -CAN-2004-2339 (** DISPUTED ** ...) - NOT-FOR-US: Microsoft -CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...) - NOT-FOR-US: OpenBSD -CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...) - NOT-FOR-US: inlook -CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...) - NOT-FOR-US: Novel Groupwise -CAN-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...) - NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X -CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...) - NOT-FOR-US: EMU Webmail -CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...) - NOT-FOR-US: Bodington -CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...) - NOT-FOR-US: WWW::Form -CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...) - NOT-FOR-US: ColdFusion -CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...) - NOT-FOR-US: ColdFusion -CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...) - NOT-FOR-US: Kerio Personal Firewal -CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...) - NOT-FOR-US: Clearswift MAILsweeper -CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Vizer -CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...) - NOT-FOR-US: IP3 Networks NetAccess -CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...) - NOT-FOR-US: DotNetNuke -CAN-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...) - NOT-FOR-US: DotNetNuke -CAN-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...) - NOT-FOR-US: DotNetNuke -CAN-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...) - NOT-FOR-US: phpWebSite -CAN-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...) - NOT-FOR-US: BEA WebLogic -CAN-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...) - NOT-FOR-US: BEA WebLogic -CAN-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...) - NOT-FOR-US: IBM Informatik Dynamic Server -CAN-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...) - NOT-FOR-US: SurgeFTP Server -CAN-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...) - NOT-FOR-US: AppWeb HTTP server -CAN-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) - NOT-FOR-US: AppWeb HTTP server -CAN-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) - NOT-FOR-US: AppWeb HTTP server -CAN-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...) - NOT-FOR-US: Novell iChain Server -CAN-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...) - TODO: check - NOTE: Did not find reference to fix in upstream changelog or any other hint that it is fixed - NOTE: pinged Maintainer -CAN-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...) - NOT-FOR-US: AIX only -CAN-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...) - NOT-FOR-US: Lotus Domino -CAN-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...) - NOT-FOR-US: Lotus Domino -CAN-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...) - NOT-FOR-US: Crob FTP Server -CAN-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...) - NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel -CAN-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...) - NOT-FOR-US: MS IE -CAN-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...) - NOT-FOR-US: Solaris -CAN-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...) - NOT-FOR-US: Computer Associates -CAN-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...) - NOT-FOR-US: Trillian -CAN-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...) - - mtools 3.9.9 -CAN-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...) - - mathopd 1.5b14 -CAN-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...) - - gallery 1.4.1 -CAN-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...) - NOT-FOR-US: BEA -CAN-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...) - NOT-FOR-US: BEA -CAN-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...) - NOT-FOR-US: BEA -CAN-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...) - NOT-FOR-US: BEA -CAN-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...) - NOT-FOR-US: BEA -CAN-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...) - NOT-FOR-US: BEA -CAN-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...) - NOT-FOR-US: BEA -CAN-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...) - - gallery 1.3.3 -CAN-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs] - - clamav 0.86.2-1 (low) -CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) - NOT-FOR-US: Network Associated ePolicy Orchestrator Agent -CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...) - - kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium) - - kernel-source-2.4.27 2.4.27-12 (medium) -CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) - NOT-FOR-US: Integrated Light Out in HP servers -CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...) - NOT-FOR-US: Novell eDirectory -CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...) - {DSA-782-1 DTSA-9-1} - - bluez-utils 2.19-1 (bug #323365; medium) -CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Arab Portal -CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...) - NOT-FOR-US: PHPOpenChat -CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...) - NOT-FOR-US: Comdev eCommerce -CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...) - NOT-FOR-US: Comdev eCommerce -CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...) - NOT-FOR-US: Invision Power Board -CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...) - NOTE: This is intended behaviour, after all tar is an archiving tool and you - NOTE: need to give -p as a command line flag - - tar <unfixed> (bug #328228; unimportant) -CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...) - NOT-FOR-US: FlatNuke -CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...) - NOT-FOR-US: FlatNuke -CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) - NOT-FOR-US: FlatNuke -CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) - NOT-FOR-US: FlatNuke -CAN-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...) - {DSA-792-1} - - pstotext 1.9-2 (bug #319758; medium) -CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...) - NOT-FOR-US: ARCserve Backup -CAN-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...) - {DSA-851-1} - - openvpn 2.0.2-1 (bug #324167; high) -CAN-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging ...) - {DSA-851-1} - - openvpn 2.0.2-1 (bug #324167; high) -CAN-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...) - {DSA-851-1} - - openvpn 2.0.2-1 (bug #324167; high) -CAN-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS ...) - {DSA-851-1} - - openvpn 2.0.2-1 (bug #324167; high) -CAN-2005-2530 - RESERVED -CAN-2005-2529 - RESERVED -CAN-2005-2528 - RESERVED -CAN-2005-2527 - RESERVED -CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...) - NOT-FOR-US: MacOS X -CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...) - NOT-FOR-US: MacOS X -CAN-2005-2524 - RESERVED -CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...) - NOT-FOR-US: Weblog Server in Mac OS X -CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...) - NOT-FOR-US: Mac OS X -CAN-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...) - NOT-FOR-US: Mac OS X -CAN-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...) - NOT-FOR-US: Mac OS X -CAN-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...) - NOT-FOR-US: Mac OS X -CAN-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...) - NOT-FOR-US: Mac OS X -CAN-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...) - NOT-FOR-US: Mac OS X -CAN-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...) - NOT-FOR-US: Mac OS X -CAN-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...) - NOT-FOR-US: Mac OS X -CAN-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...) - NOT-FOR-US: Mac OS X -CAN-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...) - NOT-FOR-US: Mac OS X -CAN-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...) - NOT-FOR-US: Mac OS X -CAN-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...) - NOT-FOR-US: Mac OS X -CAN-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...) - NOT-FOR-US: Mac OS X -CAN-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...) - NOT-FOR-US: Mac OS X -CAN-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...) - NOT-FOR-US: Mac OS X -CAN-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...) - NOT-FOR-US: Mac OS X -CAN-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...) - NOT-FOR-US: Mac OS X -CAN-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...) - NOT-FOR-US: Mac OS X -CAN-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...) - NOT-FOR-US: Mac OS X -CAN-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...) - NOT-FOR-US: Mac OS X -CAN-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...) - NOT-FOR-US: Mac OS X -CAN-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...) - NOT-FOR-US: Mac OS X -CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...) - - linux-2.6 2.6.12-1 (medium) -CAN-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...) - - slocate <unfixed> (bug #324951; low) -CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...) - {DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1} - - drupal 4.5.5-1 (bug #323347; high) - - phpgroupware 0.9.16.008-1 (bug #323349; high) - - egroupware 1.0.0.009.dfsg-1 (bug #323350; high) - - phpwiki <unfixed> (unimportant) - NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway - - php4 4:4.3.10-16 (bug #323366; high) - TODO: check php5 -CAN-2005-2497 - REJECTED -CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...) - {DSA-801-1} - NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu?? - - ntp 1:4.2.0a+stable-2sarge1 (medium) -CAN-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...) - {DSA-816-1} - - xorg-x11 6.8.2.dfsg.1-7 (medium) -CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...) - {DSA-815-1} - - kdebase 4:3.4.2-3 (bug #327039; medium) -CAN-2005-2493 - RESERVED -CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...) - - linux-2.6 2.6.12-7 (bug #327416; medium) -CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...) - {DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1} - - pcre3 6.3-1 (bug #324531; medium) - - gnumeric <unfixed> (bug #326628; bug #326898; unimportant) - - goffice <unfixed> (bug #326898; unimportant) - NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used - - python2.1 2.1.3dfsg-3 (medium) - - python2.2 2.2.3dfsg-4 (medium) - - python2.3 2.3.5-8 (medium) -CAN-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...) - - linux-2.6 2.6.12-7 (bug #327416; medium) - - kernel-source-2.6.8 2.6.8-16sarge2 -CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...) - {DTSA-16-1} - - kernel-source-2.6.8 <unfixed> (bug #322339; medium) - - linux-2.6 2.6.12-1 (bug #322339; medium) - NOTE: 2.4.27 not affected -CAN-2005-XXXX [Buffer overflow in Description parsing] - - bidwatcher <removed> (bug #319489; high) -CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] - - dbmail <unfixed> (bug #303991; medium) -CAN-2005-XXXX [downloads.ini writable by group users, world-readable] - - mldonkey 2.5.28.1-1 (bug #300560; low) -CAN-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] - - gcjwebplugin <unfixed> (bug #267040; high) -CAN-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] - - dbmail-pgsql <unfixed> (bug #290833; medium) -CAN-2005-XXXX [time delay of password check proves account existence to attackers] - NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs - - ssh <unfixed> (bug #314645; low) -CAN-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...) - {DTSA-16-1} - NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2 - - kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low) - NOTE: 2.6.12-1 contained a partially broken fix - - linux-2.6 2.6.12-6 (bug #309308; low) -CAN-2005-XXXX [DoS by removal of default ACLs in ext2/ext3] - NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8 - TODO: Check, whether this is fixed in linux-2.6 SVN as well -CAN-2005-XXXX [Unspecified buffer overflow in metar] - - metar 20050807.1-1 (unknown) -CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...) - NOT-FOR-US: Web Content Management News System -CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...) - NOT-FOR-US: Web Content Management News System -CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...) - NOT-FOR-US: Sun switches -CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...) - NOT-FOR-US: PortailPHP -CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...) - NOT-FOR-US: Logicampus -CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...) - NOT-FOR-US: Denora IRC stats -CAN-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...) - NOT-FOR-US: Karrigell -CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...) - NOT-FOR-US: Metasploit Framework -CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Fusebox -CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...) - NOT-FOR-US: Fusebox -CAN-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...) - NOT-FOR-US: Quick 'n Easy FTP Server -CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...) - NOT-FOR-US: Silvernews -CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...) - NOT-FOR-US: Naxtor Shopping Cart -CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...) - NOT-FOR-US: Naxtor Shopping Cart -CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...) - - unzip <unfixed> (bug #321927; low) -CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...) - NOT-FOR-US: ChurchInfo -CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...) - NOT-FOR-US: ChurchInfo -CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...) - NOT-FOR-US: BusinessMail -CAN-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...) - - netpbm 2:10.0-9 (bug #319757; low) -CAN-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 ...) - NOT-FOR-US: Adobe -CAN-2005-2469 - RESERVED -CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...) - {DTSA-16-1} - - linux-2.6 2.6.12-3 (bug #323173) - - kernel-source-2.4.27 2.4.27-11 (medium) -CAN-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...) - {DTSA-16-1} - - linux-2.6 2.6.12-3 (bug #323173; medium) - - kernel-source-2.6.8 2.6.8-16sarge1 (medium) - - kernel-source-2.4.27 2.4.27-11 (medium) - - kernel-source-2.4.27 2.4.27-10sarge1 -CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Eudora -CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...) - - net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian) -CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...) - NOT-FOR-US: Omnicron -CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...) - NOT-FOR-US: Novell Internet Messaging System -CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...) - NOT-FOR-US: Pointsec -CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...) - NOT-FOR-US: SurfControl -CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...) - NOT-FOR-US: QNX -CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) - NOT-FOR-US: Novell eDirectory -CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...) - NOT-FOR-US: Blue World Lasso Web Data Engine -CAN-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...) - NOT-FOR-US: Microsoft -CAN-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...) - NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers -CAN-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...) - NOT-FOR-US: Hyper NIKKI System (HNS) Lite -CAN-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...) - - netjuke 1.0b7 -CAN-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...) - NOT-FOR-US: HTMLsearch -CAN-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...) - NOT-FOR-US: RCA Digital Cable Modem -CAN-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Fwmon -CAN-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...) - NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E -CAN-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...) - NOTE: debian's nms-formmail is a reimplementation of old formmail -CAN-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony ...) - NOT-FOR-US: Sony VAIO -CAN-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...) - NOT-FOR-US: OpenKeyServer -CAN-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...) - NOT-FOR-US: WikkiTikkiTavi -CAN-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...) - NOT-FOR-US: Microsoft -CAN-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...) - NOT-FOR-US: Ganglia PHP RRD Web Client - NOTE: not ganglia-monitor -CAN-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...) - - apache 1.3.24 (low) -CAN-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...) - - libjzlib-java 0.0.7 (low) -CAN-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Microsoft -CAN-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...) - NOT-FOR-US: Microsoft -CAN-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...) - - ddd <not-affected> (ddd is not setuid/gid so not exploitable) -CAN-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...) - NOT-FOR-US: Axspawn-pam -CAN-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...) - - maradns 0.9.01 (low) -CAN-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...) - NOT-FOR-US: Netware -CAN-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...) - NOT-FOR-US: Joe Testa hellbent 01 webserver -CAN-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...) - NOT-FOR-US: Joe Testa hellbent 01 webserver -CAN-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...) - NOT-FOR-US: SGI IRIX -CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...) - NOT-FOR-US: OpenBSD/NetBSD/FreeBSD -CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...) - NOT-FOR-US: decfingerd -CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) - NOT-FOR-US: aucho Technology Resin server -CAN-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...) - NOT-FOR-US: Solaris -CAN-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) - NOT-FOR-US: clump/os -CAN-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) - TODO: check firebird as it's based on InterBase 6.0 -CAN-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...) - NOT-FOR-US: ScriptEase -CAN-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...) - NOT-FOR-US: UnixWare/OpenUnix -CAN-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...) - NOT-FOR-US: SCO -CAN-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...) - NOT-FOR-US: CDE -CAN-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...) - NOTE: insufficient info to check, but not same code base -CAN-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...) - NOT-FOR-US: Apple -CAN-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...) - NOT-FOR-US: Trend Micro InterScan VirusWall -CAN-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...) - NOT-FOR-US: Trend Micro InterScan VirusWall -CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher] - - wine <unfixed> (bug #321470; low) -CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension] - - inkscape 0.42 (bug #321501; low) -CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] - - metamail 2.7-48 (bug #321473; low) -CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] - - xfree86 <unfixed> (bug #321447; low) - - xorg-x11 <unfixed> (bug #321447; low) -CAN-2005-XXXX [kdebase: startkde does not check lnusertemp's result?] - NOTE: This hardly has security implications, lots of applications do not cope - NOTE: with a filled up /tmp dir. - - kdebase <unfixed> (bug #292078; low) -CAN-2005-XXXX [gs-esp: Insecure usage of /tmp in source code] - - gs-esp <unfixed> (bug #291452; low) -CAN-2005-XXXX [Format string bug in sysklogd's syslog_tst sources] - NOTE: binary not shipped - - sysklogd <unfixed> (bug #281448; unimportant) -CAN-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] - - fftw3 3.0.1-12 (low; bug #321566) -CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files] - - clamav-getfiles 0.5-1 (bug #321446; medium) -CAN-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...) - - cgiwrap 3.9-3.1 (bug #316881; low) -CAN-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...) - - cgiwrap 3.9-3.1 (bug #316901; low) -CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - - tutos 1.1.20031017-2.1 (bug #318633; medium) -CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...) - - tutos 1.1.20031017-2.1 (bug #318633; medium) -CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...) - {DTSA-13-1} - - evolution 2.2.3-3 (high; bug #322535) -CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...) - {DTSA-13-1} - - evolution 2.2.3-3 (high; bug #322535) -CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] - - libnet-ssleay-perl 1.25-1.1 (bug #296112; low) -CAN-2005-XXXX [nvi: init.d recover file security bugs] - - nvi 1.79-22 (bug #298114; medium) -CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way] - - bugzilla 2.18.3-2 (bug #321567; low) -CAN-2005-XXXX [Crypto weakness in Tor's handshaking process] - - tor 0.1.0.14-1 (medium) -CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...) - {DTSA-16-1} - - linux-2.6 2.6.12-3 (medium) - - kernel-source-2.6.8 2.6.8-16sarge2 (medium) - - kernel-source-2.4.27 2.4.27-12 (medium) - - kernel-source-2.4.27 2.4.27-10sarge2 (medium) -CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...) - {DTSA-16-1} - - linux-2.6 2.6.12-2 (bug #321401; medium) - - kernel-source-2.4.27 2.4.27-11 (medium) -CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) - NOT-FOR-US: Greasemonkey -CAN-2005-2454 - RESERVED -CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...) - NOT-FOR-US: NetworkActiv Web Server -CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...) - NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7 - - tiff 3.7.0-1 -CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...) - NOT-FOR-US: IOS -CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...) - {DSA-776-1 DTSA-3-1} - - clamav 0.86.2-1 (medium) -CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...) - NOT-FOR-US: sandbox -CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...) - {DSA-813-1 DTSA-2-1 DTSA-4-1} - - ekg 1:1.5+20050718+1.6rc3-1 (low) - - centericq 4.20.0-9 (bug #323185; medium) -CAN-2005-2447 - REJECTED -CAN-2005-2446 - REJECTED -CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...) - NOT-FOR-US: Product Cart -CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...) - NOT-FOR-US: Trillian -CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...) - NOT-FOR-US: KShout -CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...) - NOT-FOR-US: SPI Dynamics Web Inspect -CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...) - NOT-FOR-US: VBzoom -CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...) - NOT-FOR-US: Thomson Web Skill Vantage Manager -CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...) - NOT-FOR-US: UseBB -CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...) - NOT-FOR-US: UseBB -CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...) - NOT-FOR-US: Website Baker -CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...) - NOT-FOR-US: Website Baker -CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...) - NOT-FOR-US: Linksys hardware -CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...) - NOT-FOR-US: PhpList -CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) - NOT-FOR-US: PhpList -CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) - - gforge (bug #328224; unimportant) - NOTE: Direct flooding is possible as well in most circumstances. - NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian -CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) - - gforge (bug #328224; medium) - NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian -CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) - - mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms) -CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...) - NOT-FOR-US: Lotus Domino -CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) - NOT-FOR-US: CartWIZ -CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...) - NOT-FOR-US: FTPshell Server -CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...) - NOT-FOR-US: Ares FileShare -CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...) - NOT-FOR-US: Siemens hardware -CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: Beehive -CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...) - NOT-FOR-US: Beehive -CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...) - NOT-FOR-US: Beehive -CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...) - NOT-FOR-US: FtpLocate -CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...) - NOT-FOR-US: hardware issue -CAN-2005-2418 - REJECTED - NOT-FOR-US: Realchat -CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Contrexx -CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...) - NOT-FOR-US: Contrexx -CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) - NOT-FOR-US: Contrexx -CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) - - mozilla-firefox (bug #327549; medium) - - mozilla (bug #327550; medium) - TODO: check more Mozilla-based browsers -CAN-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) - NOT-FOR-US: Atomic Photo Album -CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...) - NOT-FOR-US: First Post -CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...) - {DSA-808-1} - - tdiary 2.0.2-1 (bug #319315; medium) -CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...) - NOT-FOR-US: Network Manager -CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...) - NOT-FOR-US: nbsmtp -CAN-2005-2408 - RESERVED -CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...) - NOT-FOR-US: Opera -CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) - NOT-FOR-US: Opera -CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...) - NOT-FOR-US: Opera -CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...) - NOT-FOR-US: Alt-N Technologies Mdaemon -CAN-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...) - NOT-FOR-US: Microsoft -CAN-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...) - NOT-FOR-US: Microsoft -CAN-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...) - NOT-FOR-US: vBulletin -CAN-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...) - NOT-FOR-US: Light Web File Manager -CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...) - NOT-FOR-US: ActivePerl -CAN-2004-2285 - REJECTED - NOT-FOR-US: Perl on Windows -CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) - NOT-FOR-US: osCommerce -CAN-2005-XXXX [DoS against rsync in embedded zlib copy] - NOTE: This is distinct from CAN-2005-2096, please see rsync's 2.6.6 announcement - NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3 - NOTE: I haven't verified this with source so far, but it looks like a DoS - NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding - NOTE: zlib 1.2 are affected as well - - rsync 2.6.6-1 (low) -CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...) - NOT-FOR-US: Sendcard -CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...) - NOT-FOR-US: RealChat -CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...) - NOT-FOR-US: PHPSiteSearch -CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...) - NOT-FOR-US: PHPFinance -CAN-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...) - NOT-FOR-US: PHP Surveyor -CAN-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...) - NOT-FOR-US: PHP Surveyor -CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...) - NOT-FOR-US: phpBook -CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...) - - mozilla-firefox <unfixed> (bug #320539; medium) - - mozilla <unfixed> (bug #320538; medium) -CAN-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...) - NOT-FOR-US: CuteNews -CAN-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) - NOT-FOR-US: CuteNews -CAN-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...) - NOT-FOR-US: CMSimple -CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...) - NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP -CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...) - {DSA-795-2} - - proftpd 1.2.10-20 (low) - NOTE: ftpshut fixed in -19, SQLShowInfo in -20 -CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...) - NOT-FOR-US: Veritas NetBackup -CAN-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...) - NOT-FOR-US: some windows USB driver -CAN-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...) - NOT-FOR-US: GoodTech SMTP server -CAN-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) - NOT-FOR-US: CartWIZ -CAN-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...) - NOT-FOR-US: UNACEV2.DLL -CAN-2005-2384 (Directory traversal vulnerability in a third-party compression library ...) - NOT-FOR-US: UNACEV2.DLL -CAN-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...) - NOT-FOR-US: PHPNews -CAN-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...) - NOT-FOR-US: Oray PeanutHull -CAN-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: PHP Surveyor -CAN-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...) - NOT-FOR-US: PHP Surveyor -CAN-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...) - NOT-FOR-US: Oracle Reports -CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...) - NOT-FOR-US: Oracle Reports -CAN-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...) - - libnss-ldap <not-affected> (Mandrake specfic vulnerability) -CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...) - NOT-FOR-US: Race Driver -CAN-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...) - NOT-FOR-US: Race Driver -CAN-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...) - NOT-FOR-US: Belkin 54g wireless routers -CAN-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...) - NOT-FOR-US: SlimFTPd -CAN-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...) - NOT-FOR-US: Oracle Forms -CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...) - NOT-FOR-US: Oracle Reports -CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...) - {DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1} - - gaim 1:1.4.0-5 (low) - - centericq 4.20.0-9 (bug #323185; low) -CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...) - {DSA-813-1 DTSA-2-1} - TODO: check gaim and others that embed libgadu in source tree - - centericq 4.20.0-9 (bug #323185; medium) -CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...) - {DTSA-12-1} - - vim 1:6.3-085+1 (bug #320017; medium) -CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; medium) -CAN-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...) - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...) - {DSA-853-1} - - ethereal 0.10.12-1 (bug #320183; low) -CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...) - - kfreebsd-5 5.3-1 (medium) -CAN-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...) - NOT-FOR-US: EMC Navisphere Manager -CAN-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...) - NOT-FOR-US: EMC Navisphere Manager -CAN-2005-2355 - REJECTED - NOTE: see CAN-2005-2356 -CAN-2005-2347 - RESERVED - - xsupplicant 1.0.1-5 (bug #317703; low) -CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) - NOT-FOR-US: Novell -CAN-2005-2345 - RESERVED -CAN-2005-2344 - RESERVED -CAN-2005-2343 - RESERVED -CAN-2005-2342 - RESERVED -CAN-2005-2341 - RESERVED -CAN-2005-2340 - RESERVED -CAN-2005-2339 - RESERVED -CAN-2005-2338 - RESERVED -CAN-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...) - {DSA-864-1 DSA-862-1 DSA-860-1} - - ruby1.6 1.6.8-13 (medium) - - ruby1.8 1.8.3-1 (medium) - - ruby1.9 1.9.0+20050921-1 (medium) -CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...) - - hiki 0.8.2-1 -CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...) - NOT-FOR-US: Y.SAK -CAN-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...) - NOT-FOR-US: smilies_popup.php -CAN-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...) - NOT-FOR-US: PHPPageProtect -CAN-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...) - NOT-FOR-US: MooseGallery -CAN-2005-2330 (Directory traversal vulnerability in update.php in osCommerce 2.2 ...) - NOT-FOR-US: osCommerce -CAN-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...) - NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S -CAN-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...) - NOT-FOR-US: Laffer -CAN-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...) - NOT-FOR-US: e107 -CAN-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) - NOT-FOR-US: Clever Copy -CAN-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...) - NOT-FOR-US: Clever Copy -CAN-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) - NOT-FOR-US: Clever Copy -CAN-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...) - NOT-FOR-US: Class-1 Forum -CAN-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...) - NOT-FOR-US: Class-1 Forum -CAN-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...) - NOT-FOR-US: CaLogic -CAN-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...) - NOT-FOR-US: Yawp -CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...) - NOT-FOR-US: DVBBS -CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...) - {DSA-849-1} - - shorewall 2.4.1-2 (bug #318946; medium) -CAN-2005-2316 - RESERVED -CAN-2005-2315 - RESERVED -CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...) - NOT-FOR-US: PHPsFTPd -CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...) - NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence -CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...) - NOT-FOR-US: Realnode Emilda -CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) - - sms-pl <unfixed> (bug #320540; unimportant) - NOTE: vulnerable contrib file only in source package -CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...) - NOT-FOR-US: Winamp -CAN-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...) - NOT-FOR-US: Opera -CAN-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...) - NOT-FOR-US: MSIE -CAN-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...) - NOT-FOR-US: Microsoft -CAN-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...) - NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0 -CAN-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...) - NOT-FOR-US: DG Remote Control Server -CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2005-2303 - REJECTED - NOT-FOR-US: Microsoft -CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...) - {DSA-771-1} - - pdns 2.9.18-1 (medium; bug #318798) -CAN-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...) - {DSA-771-1} - - pdns 2.9.18-1 (medium; bug #318798) -CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...) - NOT-FOR-US: Skype -CAN-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...) - NOT-FOR-US: Simple Message Board -CAN-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...) - NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian -CAN-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...) - NOT-FOR-US: Sybase EAServer -CAN-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: YabbSE -CAN-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...) - - netpanzer <unfixed> (bug #318329; medium) -CAN-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...) - NOT-FOR-US: Oracle -CAN-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...) - NOT-FOR-US: Oracle -CAN-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...) - NOT-FOR-US: Oracle -CAN-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...) - NOT-FOR-US: Oracle -CAN-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...) - NOT-FOR-US: WPS -CAN-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: PHPCounter -CAN-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...) - NOT-FOR-US: PHPCounter -CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...) - NOT-FOR-US: SoftiaCom wMailServer -CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...) - NOT-FOR-US: WebEOC -CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...) - NOT-FOR-US: WebEOC -CAN-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...) - NOT-FOR-US: WebEOC -CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...) - NOT-FOR-US: WebEOC -CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...) - NOT-FOR-US: WebEOC -CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...) - NOT-FOR-US: WebEOC -CAN-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...) - NOT-FOR-US: Cisco -CAN-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...) - NOT-FOR-US: Cisco -CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...) - NOT-FOR-US: MailEnable -CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...) - {DSA-762-1} - - affix 2.1.2-2 (bug #318328; medium) -CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...) - NOT-FOR-US: Novell Groupwise WebAccess -CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...) - NOT-FOR-US: OpenWebmail -CAN-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...) - - dansguardian 2.6.1-13 (medium) -CAN-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...) - - dansguardian 2.7.7-2 -CAN-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...) - NOT-FOR-US: IBM Lotus Notes -CAN-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...) - NOT-FOR-US: IBM Lotus Notes -CAN-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...) - NOT-FOR-US: Invision Power Board -CAN-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...) - NOT-FOR-US: vHost -CAN-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...) - NOT-FOR-US: aGSM Half-Life -CAN-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...) - NOT-FOR-US: F-Secure Anti-Virus -CAN-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...) - NOT-FOR-US: I-Mall Commerce -CAN-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...) - NOT-FOR-US: w3m Jigsaw -CAN-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: efFingerD -CAN-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...) - NOT-FOR-US: efFingerD -CAN-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...) - NOT-FOR-US: MiniShare -CAN-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...) - NOT-FOR-US: IBM Parallel Environment -CAN-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...) - - pads 1.1.1 (high) -CAN-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...) - NOT-FOR-US: PimenGest2 -CAN-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...) - NOT-FOR-US: Ansel -CAN-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...) - NOT-FOR-US: Ansel -CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...) - - uudeview <unfixed> (bug #320541; medium) - TODO: check libconvert-uulib-perl, Florian Weimer is looking at libconvert-uulib-perl - TODO: Check, to which extent #242999 applies (there might be more?) -CAN-2004-2264 (** DISPUTED ** ...) - NOTE: less is not suid, explotability unlikely -CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...) - NOT-FOR-US: PlaySMS -CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...) - NOT-FOR-US: e107 -CAN-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...) - NOT-FOR-US: e107 -CAN-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...) - NOT-FOR-US: Opera -CAN-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...) - - vsftpd 2.0.1-1 (low) -CAN-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...) - NOT-FOR-US: Hummingbird Exceed -CAN-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...) - NOT-FOR-US: phpMyFAQ -CAN-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...) - NOT-FOR-US: phpMyFAQ -CAN-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...) - NOT-FOR-US: phpMyFAQ -CAN-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...) - NOT-FOR-US: SurgeLDAP -CAN-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...) - NOT-FOR-US: SurgeLDAP -CAN-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...) - NOT-FOR-US: Astaro suite -CAN-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...) - NOT-FOR-US: Astaro suite -CAN-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before ...) - NOT-FOR-US: RemoteEditor -CAN-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before ...) - NOT-FOR-US: SecureEditor -CAN-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...) - NOT-FOR-US: RemoteEditor -CAN-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in ...) - NOT-FOR-US: AudienceConnect -CAN-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...) - NOT-FOR-US: Goollery -CAN-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...) - NOT-FOR-US: Goollery -CAN-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...) - NOT-FOR-US: Oracle -CAN-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...) - NOT-FOR-US: Phorum -CAN-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...) - NOT-FOR-US: Phorum -CAN-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...) - NOT-FOR-US: Phorum -CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...) - NOT-FOR-US: Phorum -CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...) - - vpopmail <unfixed> (bug #320608; low) -CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6] - NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html - NOTE: maintainer says does not apply to debian, see #320608 -CAN-2004-2238 (** DISPUTED ** ...) - NOTE: format string vuln in vpopmail doesn't seem to be real -CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...) - - moodle 1.4-1 -CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...) - - moodle 1.3.3-1 -CAN-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...) - - moodle 1.2.1-1 -CAN-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...) - - moodle 1.2.1-1 -CAN-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle ...) - - moodle 1.3.2-1 -CAN-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...) - - moodle 1.4.2-1 -CAN-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...) - NOT-FOR-US: InstallAnywhere -CAN-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...) - NOT-FOR-US: OpenBSD -CAN-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...) - NOT-FOR-US: Oracle -CAN-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...) - - mozilla-firefox <not-affected> (Only affects Firefox on MacOS) -CAN-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...) - - mozilla-firefox 1.0-1 -CAN-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...) - - mozilla-thunderbird 1.0-3 - TODO: check Mozilla suite -CAN-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...) - - mozilla-firefox 0.99+1.0RC1-1 -CAN-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...) - NOT-FOR-US: Message Foundry -CAN-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...) - NOT-FOR-US: FsPHPGallery -CAN-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...) - NOT-FOR-US: FsPHPGallery -CAN-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...) - NOT-FOR-US: SoftCart -CAN-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...) - NOT-FOR-US: F-Secure Anti-Virus -CAN-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...) - NOT-FOR-US: Microsoft -CAN-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...) - NOT-FOR-US: PHPMyWebHosting -CAN-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...) - NOT-FOR-US: yChat -CAN-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) - NOT-FOR-US: Sun Java -CAN-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...) - - rxvt-unicode 3.8-1 -CAN-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) - NOT-FOR-US: AppWeb HTTP server -CAN-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) - NOT-FOR-US: AppWeb HTTP server -CAN-2005-XXXX [strobe reads file from unsafe directory] - - netdiag 0.7-7.1 (bug #206905; low) -CAN-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding] - - ffmpeg 0.cvs20050811-1 (bug #320150; medium) -CAN-2005-XXXX [xgalaga score file segfault] - - xgalaga 2.0.34-31 (bug #319686; low) -CAN-2005-XXXX [xemeraldia games file overwrite] - - xemeraldia 0.4-1 (bug #319661; low) -CAN-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...) - {DSA-774-1} - NOTE: previous fix in -15 was broken - - fetchmail 6.2.5-16 (bug #320357; bug #212762; medium) -CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...) - {DSA-766-1} - - webcalendar 0.9.45-7 (bug #315671; medium) -CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...) - NOT-FOR-US: Website Baker -CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions] - NOTE: This doesn't look like a real security issue as cron.daily should only be - NOTE: writable by root, but lets include it as the maintainer considers it an issue - - fiaif 1.19.2-14 (low) -CAN-2005-2275 - RESERVED -CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...) - NOT-FOR-US: MSIE -CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...) - NOT-FOR-US: Opera -CAN-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...) - NOT-FOR-US: Sfari -CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...) - NOT-FOR-US: iCab -CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...) - {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (high) - - mozilla 2:1.7.8-1sarge2 (bug #318062; high) - - mozilla-thunderbird 1.0.6-1 (bug #318728; high) -CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...) - {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (high) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) - - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...) - {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (medium) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) -CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...) - {DSA-779-2 DSA-779-1 DTSA-8-2} - - mozilla-firefox 1.0.4-2sarge3 (medium) -CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...) - {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (medium) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) - - mozilla-thunderbird 1.0.6-1 (bug #318728; low) -CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...) - {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (high) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) - - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...) - {DSA-779-2 DSA-779-1 DTSA-8-2} - - mozilla-firefox 1.0.4-2sarge3 (medium) -CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...) - {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (medium) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) -CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...) - {DSA-779-2 DSA-779-1 DTSA-8-2} - - mozilla-firefox 1.0.4-2sarge3 (medium) -CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...) - {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (medium) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) - - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...) - {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (medium) - - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) -CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...) - NOT-FOR-US: magicHTML -CAN-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...) - NOT-FOR-US: WWWeBBB forum -CAN-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...) - NOT-FOR-US: Portix -CAN-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...) - NOT-FOR-US: Novell Netware -CAN-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...) - NOT-FOR-US: FTGate -CAN-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...) - NOT-FOR-US: Microsoft -CAN-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...) - NOT-FOR-US: FTGate -CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...) - - kernel-patch-openmosix <unfixed> (bug #319621; low) - NOTE: filed bug with ftp.debian.org for removal (#319817) -CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...) - NOT-FOR-US: FTGate -CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...) - NOT-FOR-US: Microsoft -CAN-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...) - NOT-FOR-US: Lil' HTTP server -CAN-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...) - NOT-FOR-US: ICQ -CAN-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...) - NOT-FOR-US: Mailidx -CAN-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...) - NOT-FOR-US: Microsoft -CAN-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...) - NOT-FOR-US: Sun Java -CAN-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...) - NOT-FOR-US: Tru64 -CAN-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...) - NOT-FOR-US: SecureClean -CAN-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...) - NOT-FOR-US: Proprietary PGP -CAN-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...) - NOT-FOR-US: Eraser -CAN-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...) - NOT-FOR-US: Eraser -CAN-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...) - NOT-FOR-US: BCWipe -CAN-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...) - NOT-FOR-US: WebCalender -CAN-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...) - NOT-FOR-US: PhpWebGallery -CAN-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...) - NOT-FOR-US: AtGuard -CAN-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...) - NOT-FOR-US: Microsoft -CAN-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...) - NOTE: fixed in upstream 1.0.1 - NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html - - mozilla 2:1.1-1 (low) -CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...) - - links2 2.1pre16-2 (low) -CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) - NOT-FOR-US: Intel motherboards -CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...) - NOT-FOR-US: TeeKai -CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...) - NOT-FOR-US: TeeKai -CAN-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...) - NOT-FOR-US: TeeKai -CAN-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...) - NOT-FOR-US: TeeKai -CAN-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...) - NOT-FOR-US: TeeKai -CAN-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...) - NOT-FOR-US: Cisco -CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) - NOT-FOR-US: Cisco -CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) - - modlogan 0.7.12-1 (low) -CAN-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) - - modlogan 0.7.12-1 (low) -CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...) - TODO: check -CAN-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...) - NOT-FOR-US: PFinger -CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...) - - sketch 0.6.13-1 (low) -CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) - NOT-FOR-US: X-News -CAN-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...) - NOT-FOR-US: x-stat -CAN-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...) - NOT-FOR-US: x-stat -CAN-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...) - TODO: check -CAN-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...) - NOT-FOR-US: QNX -CAN-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...) - NOT-FOR-US: QNX -CAN-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...) - NOT-FOR-US: QNX -CAN-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...) - NOT-FOR-US: QNX -CAN-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...) - NOT-FOR-US: NGPT - NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html - NOTE: NPTL does not have this problem. -CAN-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...) - NOT-FOR-US: Cisco -CAN-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...) - NOT-FOR-US: Sun -CAN-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...) - NOT-FOR-US: RealityScape -CAN-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...) - NOT-FOR-US: Email Sanitizer -CAN-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...) - NOT-FOR-US: FAQManager -CAN-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...) - NOT-FOR-US: PHPNuke -CAN-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...) - NOT-FOR-US: Microsoft -CAN-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...) - NOT-FOR-US: Microsoft -CAN-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...) - NOT-FOR-US: PHP, Mircrosoft -CAN-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...) - NOT-FOR-US: Microsoft -CAN-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...) - NOT-FOR-US: DOOW -CAN-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...) - NOT-FOR-US: BrowseFTP -CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) - NOT-FOR-US: Lotus Domino -CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...) - - imp 3:2.2.6-5 (high) -CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) - NOT-FOR-US: We use the OTHER beep program :P -CAN-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...) - NOTE: only affects old-stable -CAN-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...) - NOT-FOR-US: wbboard -CAN-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...) - NOT-FOR-US: Netgear hardware -CAN-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...) - NOT-FOR-US: osCommerce -CAN-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...) - NOT-FOR-US: SAS/Base -CAN-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...) - NOT-FOR-US: SAS/Base -CAN-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...) - TODO: check -CAN-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...) - NOT-FOR-US: PostNuke -CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) - NOT-FOR-US: Lotus Domino -CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...) - TODO: Check this, Mozilla is in the archive -CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...) - NOT-FOR-US: Apache -CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...) - NOT-FOR-US: faqomatic -CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...) - TODO: Check this, htdig is in the archive -CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...) - NOT-FOR-US: Tomcat -CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) - NOT-FOR-US: Tomcat -CAN-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...) - NOT-FOR-US: Tomcat -CAN-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...) - NOT-FOR-US: Tomcat -CAN-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...) - NOT-FOR-US: Sun -CAN-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...) - NOT-FOR-US: Compaq -CAN-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...) - NOT-FOR-US: Compaq -CAN-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...) - NOT-FOR-US: Compaq -CAN-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...) - NOT-FOR-US: jmcce -CAN-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...) - NOT-FOR-US: OpenVMS -CAN-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...) - NOT-FOR-US: VVOS -CAN-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...) - NOT-FOR-US: UnixWare -CAN-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...) - NOT-FOR-US: ZoneAlarm -CAN-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...) - NOT-FOR-US: Postnuke -CAN-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...) - NOT-FOR-US: Postnuke -CAN-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...) - NOT-FOR-US: Windows -CAN-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...) - NOT-FOR-US: WebBBS -CAN-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...) - NOT-FOR-US: Windows -CAN-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...) - NOT-FOR-US: osCommerce -CAN-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...) - NOT-FOR-US: Resin -CAN-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Resin -CAN-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Resin -CAN-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...) - NOT-FOR-US: Resin -CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...) - NOTE: presumably fixed in linux 2.4.12 -CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...) - NOT-FOR-US: Microsoft -CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...) - NOT-FOR-US: Microsoft -CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...) - NOT-FOR-US: Openwave WAP gateway -CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...) - NOT-FOR-US: CMG WAP gateway -CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) - NOT-FOR-US: Lotus Domino -CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...) - - vanessa-logger 0.0.2 -CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...) - NOT-FOR-US: MacOS -CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...) - NOT-FOR-US: HP-UX -CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...) - NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS -CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...) - - nvi 1.79-16a.1 - NOTE: was DSA 085 -CAN-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...) - NOTE: DSA 082 - - xvt 2.1-13 -CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...) - NOT-FOR-US: Microsoft -CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...) - NOT-FOR-US: OpenBSD -CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...) - - snort 1.8.3 -CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...) - NOT-FOR-US: AIX -CAN-2001-1556 (The log files in Apache web server contain information directly ...) - NOTE: documented issue in apache, unlikely to be changed - NOTE: see http://httpd.apache.org/docs/logs.html -CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...) - NOT-FOR-US: Solaris -CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...) - NOT-FOR-US: AIX -CAN-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...) - - setiathome <not-affected> (not suid in debian) -CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...) - NOT-FOR-US: Microsoft -CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...) - NOTE: no info in CVE db about fix - TODO: check with current kernel on a system with quotas -CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...) - NOT-FOR-US: Centra -CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...) - NOT-FOR-US: Tiny Personal Firewall -CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...) - NOT-FOR-US: Tiny Personal Firewall -CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ...) - NOT-FOR-US: Outlook -CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...) - NOT-FOR-US: Pathways Homecare -CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...) - NOT-FOR-US: Macromedia JRun -CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...) - NOT-FOR-US: Macromedia JRun -CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...) - NOT-FOR-US: Axis network camera -CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...) - NOT-FOR-US: NAI WebShield SMTP -CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...) - NOT-FOR-US: BSDI UUCP -CAN-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...) - NOT-FOR-US: IPRoute router software - NOTE: This is not for iproute/iproute2. - NOTE: From Chris Gragsone's message on BUGTRAQ: - NOTE: "IPRoute, by David F. Mischler, is PC-based router software - NOTE: "for networks running the Internet Protocol (IP)." -CAN-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...) - NOT-FOR-US: MSIE -CAN-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...) - NOT-FOR-US: SpeedXess HA-120 DSL router -CAN-2001-1537 (The default "basic" security setting' in config.php for TWIG webmail ...) - NOTE: current twig package seems to have secure cookies enabled - NOTE: still uses "basic" security setting. -CAN-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...) - NOT-FOR-US: Autogalaxy -CAN-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...) - - slash <unfixed> (bug #328927; low) -CAN-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...) - - apache (bug #328919; unimportant) - - apache2 <unfixed> (unimportant) - NOTE: Cookies are only used for invading user privacy, - NOTE: not for authentication, so apache and apache2 should be fine. -CAN-2001-1533 (** DISPUTED * ...) - NOT-FOR-US: Microsoft -CAN-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...) - NOT-FOR-US: WebX -CAN-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...) - NOT-FOR-US: Claris Emailer -CAN-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...) - NOTE: verified current webmin is ok -CAN-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...) - NOT-FOR-US: AIX -CAN-2001-1528 (AmTote International homebet program returns different error messages ...) - NOT-FOR-US: AmTote International homebet -CAN-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...) - NOT-FOR-US: easynews -CAN-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...) - NOT-FOR-US: easynews -CAN-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...) - NOT-FOR-US: easynews -CAN-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...) - NOT-FOR-US: PHP-Nuke -CAN-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...) - NOT-FOR-US: PHP-Nuke -CAN-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...) - NOT-FOR-US: PHP-Nuke -CAN-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...) - NOT-FOR-US: PHP-Nuke -CAN-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...) - NOT-FOR-US: Xircom REX -CAN-2001-1519 (** DISPUTED ** ...) - NOT-FOR-US: RunAs -CAN-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...) - NOT-FOR-US: RunAs -CAN-2001-1517 (** DISPUTED ** ...) - NOT-FOR-US: RunAs -CAN-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...) - NOT-FOR-US: phpReview -CAN-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...) - NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows -CAN-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...) - NOT-FOR-US: ColdFusion -CAN-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...) - NOT-FOR-US: JRun -CAN-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...) - NOT-FOR-US: JRun -CAN-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...) - NOT-FOR-US: JRun -CAN-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...) - NOT-FOR-US: JRun -CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...) - NOT-FOR-US: HP-UX -CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...) - - lprng <not-affected> (Not suid in Debian) - - cupsys <not-affected> (Not suid in Debian) -CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...) - - openssh 1:3.0.1 -CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) - NOT-FOR-US: FTGate -CAN-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...) - NOT-FOR-US: Oracle -CAN-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...) - NOT-FOR-US: Oracle -CAN-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...) - NOT-FOR-US: Phorum -CAN-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...) - NOT-FOR-US: Phorum -CAN-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...) - NOT-FOR-US: Phorum -CAN-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...) - NOT-FOR-US: Phorum -CAN-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...) - NOT-FOR-US: Phorum -CAN-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...) - NOT-FOR-US: Phorum -CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...) - NOT-FOR-US: Phorum -CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...) - NOT-FOR-US: USANet -CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...) - NOT-FOR-US: Squito Gallery -CAN-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...) - NOT-FOR-US: PhpSlash -CAN-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...) - {DSA-759-1} - - phppgadmin 3.5.4-1 (bug #318284; medium) -CAN-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...) - NOT-FOR-US: PhpAuction -CAN-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...) - NOT-FOR-US: PhpAuction -CAN-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...) - NOT-FOR-US: PhpAuction -CAN-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...) - NOT-FOR-US: PhpAuction -CAN-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...) - NOT-FOR-US: PHPSecurePages (phpSP) -CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...) - {DSA-762-1} - - affix 2.1.2-2 (bug #318327; medium) -CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...) - - jinzora <itp> (bug #289487) -CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...) - NOT-FOR-US: DownloadProtect -CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...) - NOTE: no details available - - moodle 1.5.1-1 -CAN-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...) - NOT-FOR-US: iPhotoAlbum -CAN-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...) - NOT-FOR-US: BIG-IP -CAN-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...) - NOT-FOR-US: Cisco CallManager -CAN-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...) - NOT-FOR-US: Cisco CallManager -CAN-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) - NOT-FOR-US: Cisco CallManager -CAN-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) - NOT-FOR-US: Cisco CallManager -CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) - - xpvm 1.2.5-8 (bug #318285; medium) -CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...) - - oftpd <removed> (bug #318286; medium) -CAN-2005-XXXX [oftpd port DOS] - - oftpd <removed> (bug #307957; low) - NOTE: CVE id requested from mitre -CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...) - NOT-FOR-US: AIX -CAN-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...) - NOT-FOR-US: AIX -CAN-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...) - NOT-FOR-US: AIX -CAN-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...) - NOT-FOR-US: AIX -CAN-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...) - NOT-FOR-US: AIX -CAN-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 ...) - NOT-FOR-US: AIX -CAN-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...) - NOT-FOR-US: AIX -CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...) - {DSA-761-2} - - heartbeat 1.2.3-12 (bug #318287; medium) -CAN-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...) - - elmo <unfixed> (bug #318291; medium) - NOTE: upload to unstable still hasn't occurred (2005-09-18) -CAN-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...) - NOT-FOR-US: Blog Torrent -CAN-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...) - NOT-FOR-US: Web Wiz Forums -CAN-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...) - NOT-FOR-US: Softiacom wMailserver -CAN-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...) - NOT-FOR-US: Outlook -CAN-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...) - NOT-FOR-US: Microsoft -CAN-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...) - NOT-FOR-US: Microsoft -CAN-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...) - NOT-FOR-US: MailEnable -CAN-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...) - NOT-FOR-US: MailEnable -CAN-2005-2221 (** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly ...) - NOT-FOR-US: Dragonfly -CAN-2005-2220 (** DISPUTED ** Dragonfly Commerce allows remote attackers to change a ...) - NOT-FOR-US: Dragonfly -CAN-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...) - NOT-FOR-US: Hosting Controller -CAN-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...) - - kfreebsd5-source 5.3-17 (medium) -CAN-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...) - NOT-FOR-US: Dansie Shopping Cart -CAN-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...) - NOT-FOR-US: PhotoGal -CAN-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...) - - mediawiki 1.4.9 -CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...) - - base-config <unfixed> (bug #305142; low) -CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...) - NOT-FOR-US: MMS Ripper -CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...) - - backup-manager 0.5.8-2 (bug #308897; low) -CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) - - backup-manager 0.5.8-2 (low) -CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...) - NOT-FOR-US: Internet Down -CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) - NOT-FOR-US: ScanShare -CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...) - NOT-FOR-US: PrivaShare -CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...) - NOT-FOR-US: CartWIZ -CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...) - NOT-FOR-US: CartWIZ -CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...) - NOT-FOR-US: kaiseki.cgi -CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...) - NOT-FOR-US: SiteMinder -CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...) - NOT-FOR-US: phpWishlist -CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...) - NOT-FOR-US: Xerox Hardware issue -CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...) - NOT-FOR-US: Xerox hardware -CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...) - NOT-FOR-US: Xerox hardware -CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) - NOT-FOR-US: PPA web photo gallery -CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...) - NOT-FOR-US: SPiD -CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...) - NOT-FOR-US: Id Board -CAN-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...) - NOT-FOR-US: Apple Airport -CAN-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...) - NOT-FOR-US: Apple Darwin Streaming Server -CAN-2005-2194 - RESERVED -CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...) - NOT-FOR-US: PunBB -CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...) - NOT-FOR-US: SimplePHPBlog -CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...) - NOT-FOR-US: Comersus -CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...) - NOT-FOR-US: Comersus -CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...) - NOT-FOR-US: Lantronix SecureLinx -CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...) - NOT-FOR-US: McAfee IntruShield -CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...) - NOT-FOR-US: McAfee IntruShield -CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...) - NOT-FOR-US: McAfee IntruShield -CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...) - NOT-FOR-US: eRoom -CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...) - NOT-FOR-US: eRoom -CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...) - NOT-FOR-US: PhpXmail -CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...) - NOT-FOR-US: PhpXmail -CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...) - NOT-FOR-US: SIP phone hardware issue -CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...) - - gnats 4.0 (bug #318481; high) -CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...) - NOT-FOR-US: Jaws -CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...) - NOTE: How bizarre, they assign a CVE Id without knowing which product contains - NOTE: the affected probe.cgi -CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...) - - net-snmp 5.2.1.2-1 (bug #318420; medium) -CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...) - NOT-FOR-US: Novell NetMail -CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...) - NOT-FOR-US: Notes -CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...) - - bugzilla 2.18.3-1 (low) -CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...) - - bugzilla 2.18.3-1 (low) -CAN-2005-2172 - RESERVED -CAN-2005-2171 - RESERVED -CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...) - NOT-FOR-US: Tivoli -CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...) - NOT-FOR-US: AliveSites -CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...) - NOT-FOR-US: AliveSites -CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) - NOT-FOR-US: Express-Web -CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) - NOT-FOR-US: IdealBB -CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) - NOT-FOR-US: IdealBB -CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...) - NOT-FOR-US: IdealBB -CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...) - NOT-FOR-US: NatterChat -CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...) - NOT-FOR-US: Veritas -CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...) - NOT-FOR-US: Cold Fusion -CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) - NOT-FOR-US: Ansel -CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...) - NOT-FOR-US: DUclassified -CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...) - NOT-FOR-US: DUforum -CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...) - NOT-FOR-US: DUforum -CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...) - NOT-FOR-US: DUclassified -CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...) - NOT-FOR-US: DUclassmate -CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...) - NOT-FOR-US: kdocker -CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...) - NOT-FOR-US: Zanfi -CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...) - NOT-FOR-US: Zanfi -CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...) - NOT-FOR-US: MailEnable -CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...) - NOT-FOR-US: CJOverkill -CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...) - NOT-FOR-US: Turbo Traffic Trader -CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) - NOT-FOR-US: Turbo Traffic Trader -CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...) - - unzoo 4.4-3 (bug #306164) -CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...) - NOT-FOR-US: DMXReady -CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...) - NOT-FOR-US: DMXReady -CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...) - NOT-FOR-US: Digicraft Yak! -CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...) - NOT-FOR-US: WeHelpBUS -CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...) - NOT-FOR-US: Macromedia JRun -CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...) - NOT-FOR-US: WowBB Forum -CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...) - NOT-FOR-US: WowBB Forum -CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...) - NOT-FOR-US: Microsoft -CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...) - NOT-FOR-US: DevoyBB -CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...) - NOT-FOR-US: DevoyBB -CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...) - NOT-FOR-US: Microsoft -CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...) - NOT-FOR-US: ReviewPost -CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...) - NOT-FOR-US: EarlyImpact -CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...) - NOT-FOR-US: EarlyImpact -CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...) - NOT-FOR-US: EarlyImpact -CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...) - - cherokee 0.4.8 -CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...) - NOT-FOR-US: Caravan -CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...) - NOT-FOR-US: Application Access Server (A-A-S) -CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: BaSoMail -CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...) - - latex2rtf 1.9.16 -CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...) - NOT-FOR-US: Canon ImageRUNNER -CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...) - NOT-FOR-US: Lords of the Realm -CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...) - NOT-FOR-US: VP-ASP -CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...) - NOT-FOR-US: OpenBSD -CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...) - - xmlstarlet 1.0.0-1 -CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...) - - xmlstarlet 1.0.0-1 -CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...) - - serendipity <itp> (bug #312413) -CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...) - - serendipity <itp> (bug #312413) -CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...) - NOT-FOR-US: Online Recruitment Agency -CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...) - NOT-FOR-US: Online-bookmarks -CAN-2005-2348 [base-config log should not be world readable] - RESERVED - - base-config 2.68 (bug #254068; low) -CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...) - NOT-FOR-US: PHPSource Printer -CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...) - NOT-FOR-US: Plague -CAN-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...) - NOT-FOR-US: Plague -CAN-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...) - NOT-FOR-US: Plague -CAN-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...) - NOT-FOR-US: GlobalNoteScript -CAN-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...) - NOT-FOR-US: Covide -CAN-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...) - NOT-FOR-US: AutoIndex PHP Script -CAN-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...) - NOT-FOR-US: MyGuestbook -CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...) - {DSA-768-1} - - phpbb2 2.0.13-6sarge1 (bug #317739; high) -CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...) - NOT-FOR-US: IMail -CAN-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...) - NOT-FOR-US: PlanetDNS -CAN-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...) - NOT-FOR-US: JBoss -CAN-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...) - NOT-FOR-US: nabopoll -CAN-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...) - NOT-FOR-US: PHPNews -CAN-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...) - NOT-FOR-US: EasyPHPCalender -CAN-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...) - NOT-FOR-US: osTicket -CAN-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...) - NOT-FOR-US: osTicket -CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...) - NOT-FOR-US: Geeklog -CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...) - {DSA-784-1} - - courier 0.47-6 (bug #320290; low) -CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...) - NOT-FOR-US: Microsoft -CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...) - {DSA-764-1} - - cacti 0.8.6f-1 (bug #316590; high) -CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...) - {DSA-764-1} - - cacti 0.8.6f-1 (bug #316590; high) -CAN-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...) - TODO: Check, whether this was covered by DSA-739 as well - - trac 0.8.4-1 -CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...) - NOT-FOR-US: SSH Tectia Server -CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...) - NOT-FOR-US: Prevx Pro -CAN-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...) - NOT-FOR-US: Prevx Pro -CAN-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...) - NOT-FOR-US: Microsoft -CAN-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...) - NOT-FOR-US: Golden FTP Server -CAN-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: TCP Chat -CAN-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...) - NOT-FOR-US: FSboard -CAN-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...) - NOT-FOR-US: Pavsta -CAN-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...) - NOT-FOR-US: Comdev eCommerce -CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...) - NOT-FOR-US: NateOn Messenger -CAN-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...) - NOT-FOR-US: Raritan Dominion SX -CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...) - NOT-FOR-US: EtoShop -CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...) - NOT-FOR-US: NetBSD -CAN-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-1915. Reason: ...) - NOT-FOR-US: log4sh -CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...) - NOT-FOR-US: SCO UnixWare -CAN-2005-2131 - RESERVED -CAN-2005-2130 - RESERVED -CAN-2005-2129 - RESERVED -CAN-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...) - NOT-FOR-US: Windows -CAN-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) - NOT-FOR-US: Windows -CAN-2005-2126 - RESERVED -CAN-2005-2125 - RESERVED -CAN-2005-2124 - RESERVED -CAN-2005-2123 - RESERVED -CAN-2005-2122 - RESERVED -CAN-2005-2121 - RESERVED -CAN-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...) - NOT-FOR-US: Windows -CAN-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...) - NOT-FOR-US: Microsoft -CAN-2005-2118 - RESERVED -CAN-2005-2117 - RESERVED -CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...) - - cupsys 1.1.20final+rc1-1 (low) -CAN-2005-2116 - REJECTED - {DSA-745-1} -CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...) - NOT-FOR-US: Soldier of Fortune -CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...) - NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits - - mozilla 2:1.7.10-1 (bug #318723; medium) -CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...) - NOT-FOR-US: XOOPS -CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...) - NOT-FOR-US: XOOPS -CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...) - NOT-FOR-US: Community Link Pro Web Editor -CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...) - - wordpress 1.5.1.3-1 (bug #316402) -CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...) - - wordpress 1.5.1.3-1 (bug #316402) -CAN-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...) - - wordpress 1.5.1.3-1 (bug #316402) -CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) - - wordpress 1.5.1.3-1 (bug #316402) -CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...) - {DSA-745-1} - - drupal 4.5.4-1 (bug #316362) -CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...) - NOT-FOR-US: IOS -CAN-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...) - NOT-FOR-US: sysreport -CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...) - {DTSA-5-1} - - gaim 1:1.4.0-5 (high; bug #323706) -CAN-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...) - {DTSA-5-1} - - gaim 1:1.4.0-5 (medium; bug #323706) -CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...) - {DSA-818-1} - - kdeedu 4:3.4.2-1 (low) -CAN-2005-2100 - RESERVED -CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...) - {DTSA-16-1} - NOTE: 2.6.8 and 2.4.27 not affected - - linux-2.6 2.6.12-3 (bug #323039; medium) -CAN-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...) - {DTSA-16-1} - NOTE: 2.6.8 and 2.4.27 not affected - - linux-2.6 2.6.12-3 (bug #323039; medium) -CAN-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...) - {DSA-780-1} - - kdegraphics 4:3.4.2-1 (bug #322458; low) - - xpdf 3.00-15 (bug #322462; low) - - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code) - - gpdf <unfixed> (bug #334454; low) - NOTE: only affects cupsys source package, not used in binary - - cupsys <unfixed> (bug #324464; unimportant) - - poppler 0.4.0-1 (low) -CAN-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...) - {DSA-797-2 DSA-797-1 DSA-740-1} - NOTE: Several packages ship embedded copies of zlib, there are a lot probably more - NOTE: Florian Weimer is doing a comprehensive audit using clamav - NOTE: to search for static zlib signatures in binaries in Debian - NOTE: Not all of the listed packages have been checked for actual - NOTE: exploitability using this hole. - - dpkg 1.13.11 (bug #317967; medium) - - zsync 0.4.0-2 (bug #317968; medium) - - dump 0.4b40-1 (bug #317966; medium) - - aide 0.10-6.1.1 (bug #317523; medium) - - amd64-libs 1.3 (bug #317970; medium) - - ia32-libs <unfixed> (bug #317971; medium) - - dar <not-affected> (zlib not used on unstrusted input, see #317989) - - bacula 1.36.3-2 (bug #318014; medium) - - sash 3.7-6 (bug #318246; bug #318069; medium) - - libphysfs 1.0.0-5 (bug #318091; medium) - - oops <unfixed> (bug #318097; medium) - - rpm 4.0.4-31.1 (bug #318099; medium) - - rageircd 2.0.0-3sid1 (bug #309196; medium) - - systemimager-ssh <unfixed> (bug #318101; unimportant) - - texmacs 1:1.0.5-3 (bug #318100; medium) - - zlib 1:1.2.2-7 (bug #317133; medium) - - pvpgn 1.7.8-2 (bug #332236; unknown) - - mysql-dfsg-4.1 (bug #319858; unimportant) - NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid -CAN-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the $_POST ...) - {DSA-756-1} - - squirrelmail 2:1.4.4-6 (bug #317094) -CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...) - NOT-FOR-US: Sun -CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...) - NOT-FOR-US: Oracle -CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...) - NOT-FOR-US: BEA WebLogic -CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...) - NOT-FOR-US: Websphere -CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...) - - tomcat4 4.1.28-1 - NOTE: tomcat5 in experimental has this fix as well -CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...) - NOT-FOR-US: Microsoft -CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...) - {DSA-805-1 DSA-803-1} - - apache 1.3.33-8 (bug #322607; medium) - - apache2 2.0.54-5 (bug #316173; medium) -CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...) - NOT-FOR-US: Microsoft -CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...) - - phpbb2 <not-affected> (phpbb versions in Debian not affected) -CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...) - NOT-FOR-US: Inframail -CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...) - NOT-FOR-US: Community Forum -CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...) - NOT-FOR-US: IA eMailServer -CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...) - NOT-FOR-US: imTRSET -CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...) - - asterisk 1:1.0.9.dfsg-1 (bug #315532; medium) -CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...) - NOT-FOR-US: Veritas Backup -CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...) - NOT-FOR-US: Veritas Backup -CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...) - NOT-FOR-US: Lpanel -CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...) - NOT-FOR-US: GoodTech SMTP Server -CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...) - NOT-FOR-US: Real Estate Management Software -CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...) - NOT-FOR-US: Chatman -CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...) - NOT-FOR-US: INTELLIPEER Email Server -CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...) - - mysql-dfsg-4.1 4.1.5-1 -CAN-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...) - - fprobe-ng 1.1-1 - TODO: Check, whether fprobe is affected as well -CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...) - NOT-FOR-US: Symantec Antivirus -CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) - NOT-FOR-US: MegaBBS -CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) - NOT-FOR-US: MegaBBS -CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...) - NOT-FOR-US: Baal Smart Forms -CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...) - NOT-FOR-US: Mambo Portal -CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...) - - sdd 1.52-1 -CAN-2004-2141 - REJECTED -CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...) - NOT-FOR-US: YaBB -CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...) - NOT-FOR-US: YaBB -CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...) - NOT-FOR-US: MySQLGuest -CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) - NOT-FOR-US: BisonFTP Server -CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) - NOT-FOR-US: Hosting Controller -CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) - NOT-FOR-US: HP Version Control Repository Manager -CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) - NOT-FOR-US: DB2 -CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...) - NOT-FOR-US: Solaris -CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) - NOT-FOR-US: Solaris -CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) - {DSA-737-1 DTSA-3-1} - - clamav 0.86.1 (bug #318755; medium) -CAN-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...) - {DSA-785-1} - - openldap2.2 2.2.26-3 (bug #316674; medium) - - openldap2 2.1.30-11 (medium) - - libpam-ldap 178-1sarge1 (bug #316972; medium) - - libnss-ldap 238-1.1 (bug #316973; medium) -CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...) - - kfreebsd-source <unfixed> -CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) - NOT-FOR-US: ASP Nuke -CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) - NOT-FOR-US: ASP Nuke -CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) - NOT-FOR-US: ASP Nuke -CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) - NOT-FOR-US: ASP Nuke -CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - NOT-FOR-US: ActiveBuyAndSell -CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) - NOT-FOR-US: ActiveBuyAndSell -CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) - NOT-FOR-US: Infopop UBB.Threads -CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) - NOT-FOR-US: Infopop UBB.Threads -CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) - NOT-FOR-US: Infopop UBB.Threads -CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) - NOT-FOR-US: Infopop UBB.Threads -CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) - NOT-FOR-US: Infopop UBB.Threads -CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) - {DSA-737-1 DTSA-3-1} - - clamav 0.86.1-1 (bug #318756; medium) -CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) - - helix-player 1.0.5-1 (bug #316276; high) -CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) - - helix-player 1.0.5-1 (bug #316276; unknown) -CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) - NOT-FOR-US: Perception LiteServe -CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) - NOT-FOR-US: iSMTP -CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) - NOT-FOR-US: Microsoft -CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) - NOT-FOR-US: QNX -CAN-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) - NOTE: verified current version is not vulnerable to exploit -CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) - NOT-FOR-US: Microsoft -CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) - NOT-FOR-US: Solaris -CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) - NOT-FOR-US: Watchguard SOHO -CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...) - NOT-FOR-US: IPFilter -CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) - NOT-FOR-US: Proprietary PGP -CAN-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...) - - net-tools <unfixed> (unimportant) - NOTE: This seems to be a misunderstanding of what the PROMISC flag - NOTE: is about. ifconfig reports properly when it is set using - NOTE: "ifconfig promisc". -CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) - NOT-FOR-US: Zaurus hardware -CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) - NOT-FOR-US: Zaurus hardware -CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) - NOT-FOR-US: Microsoft -CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) - NOT-FOR-US: pp_powerSwitch -CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) - NOT-FOR-US: Sourcecraft Networking Utils -CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) - NOT-FOR-US: SnortCenter -CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) - NOT-FOR-US: Magic Notebook -CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) - NOT-FOR-US: Com21 hardware -CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) - NOT-FOR-US: XiRCON -CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) - NOT-FOR-US: My Postcards Platinum -CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) - NOT-FOR-US: Imatix Xitami -CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) - NOT-FOR-US: phpEventCalender -CAN-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) - NOTE: No kernels in Sarge or sid affected -CAN-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) - NOT-FOR-US: SurfinGate -CAN-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) - NOT-FOR-US: SurfinGate -CAN-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) - NOT-FOR-US: Cybozu Share -CAN-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...) - NOTE: Nagios was packaged for Debian after these vulnerable versions have been released -CAN-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...) - NOT-FOR-US: kmMail -CAN-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...) - - pen <not-affected> (pen was introduced after this old vulnerability) -CAN-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) - - rox 1.3.0-1 -CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) - NOT-FOR-US: Iomega hardware issue -CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) - NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a - NOTE: php function that displays the PHP logo and version information. In the bug - NOTE: log the developers seem unwilling to fix this, as it only affects a debug - NOTE: function. - TODO: check, whether the mentioned XSS still affects current PHP versions in Debian -CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) - NOT-FOR-US: AIM -CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) - NOT-FOR-US: phpRank -CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) - NOT-FOR-US: GoAhead WebServer -CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) - NOT-FOR-US: phpRank -CAN-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) - NOT-FOR-US: Iomega NAS -CAN-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) - - gringotts <not-affected> (fixed before Gringotts was in Debian) -CAN-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) - - webmin 1.000-2 -CAN-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) - NOT-FOR-US: VNSL -CAN-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) - NOT-FOR-US: SmailMail -CAN-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) - NOT-FOR-US: Motorola Surfboard -CAN-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) - NOT-FOR-US: SafeTP -CAN-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) - NOT-FOR-US: Imatix -CAN-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) - NOT-FOR-US: RadioBird -CAN-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) - NOT-FOR-US: LCC-Win32 -CAN-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) - NOT-FOR-US: FlashFXP -CAN-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Virgil CGI Scanner -CAN-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) - NOT-FOR-US: Symantex Appliance -CAN-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) - NOT-FOR-US: UTStarcom -CAN-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) - NOT-FOR-US: Pingtel Xpressa -CAN-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) - NOT-FOR-US: Pingtel Xpressa -CAN-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) - NOT-FOR-US: Microsoft -CAN-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) - NOT-FOR-US: Microsoft -CAN-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) - NOT-FOR-US: PHP Arena -CAN-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) - NOT-FOR-US: AN HTTPd -CAN-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) - NOT-FOR-US: PHP Arena -CAN-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) - NOT-FOR-US: 602Pro LAN SUITE -CAN-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) - NOT-FOR-US: Aquonics File Manager -CAN-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) - NOT-FOR-US: Aquonics File Manager -CAN-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) - NOT-FOR-US: Tiny Personal Firewall -CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) - NOT-FOR-US: Powerchute -CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) - - mysql <not-affected> (Windows specific) -CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) - NOT-FOR-US: vBulletin -CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) - - mysql <not-affected> (Windows specific) -CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) - NOT-FOR-US: FtpXQ -CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) - NOT-FOR-US: VS-ASP -CAN-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) - NOT-FOR-US: Microsoft ADO -CAN-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) - NOT-FOR-US: Geeklog -CAN-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) - NOT-FOR-US: Pirch -CAN-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) - NOT-FOR-US: tip -CAN-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) - - dump 0.4b31-1 -CAN-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) - NOT-FOR-US: myPHPNuke -CAN-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) - NOT-FOR-US: SkyStream -CAN-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) - NOT-FOR-US: ZoneAlarm -CAN-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) - NOT-FOR-US: Ingenium Learning Management System -CAN-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) - NOT-FOR-US: Ingenium Learning Management System -CAN-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Microsoft IIS -CAN-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) - NOT-FOR-US: TelCondex -CAN-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) - NOT-FOR-US: ViaVideo -CAN-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) - NOT-FOR-US: ViaVideo -CAN-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) - NOT-FOR-US: ghttpd -CAN-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) - - pine <unfixed> (low) - TODO: Check, whether this still applies to current version, <unfixed> for now - NOTE: non-free -CAN-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) - NOT-FOR-US: CGIForum -CAN-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) - NOT-FOR-US: BBGallery -CAN-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) - NOT-FOR-US: Pinboard -CAN-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) - NOT-FOR-US: IceWarp Web Mail -CAN-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) - NOT-FOR-US: Mac OS X -CAN-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: MyWebserver -CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) - - alsaplayer 0.99.72-1 -CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) - - tomcat4 <not-affected> (Windows-specific Tomcat problems) -CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) - - phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295) -CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) - NOT-FOR-US: ArGoSoft Mail Server -CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) - NOT-FOR-US: Netgear hardware -CAN-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...) - NOT-FOR-US: IRCIT -CAN-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...) - NOT-FOR-US: RedHat specific -CAN-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) - NOT-FOR-US: Logsurfer -CAN-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...) - NOT-FOR-US: CommonName Toolbar -CAN-2002-1887 (PHP remote code injection vulnerability in customize.php for ...) - NOT-FOR-US: phpMyNewsletter -CAN-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...) - NOT-FOR-US: TightAuction -CAN-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for ...) - NOT-FOR-US: PPhlogger -CAN-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...) - NOT-FOR-US: Py-Membres -CAN-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) - - qt-x11-free 2:3.0.4-1 -CAN-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) - NOT-FOR-US: Oracle -CAN-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...) - - flashplugin-nonfree 6.0.61.0-1 -CAN-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...) - NOT-FOR-US: LokwaBB -CAN-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...) - NOT-FOR-US: LokwaBB -CAN-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows remote ...) - NOT-FOR-US: w-Agora -CAN-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...) - NOT-FOR-US: Netgear hardware -CAN-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) - NOT-FOR-US: Microsoft -CAN-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...) - NOT-FOR-US: Entercept Agent -CAN-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...) - NOT-FOR-US: Astrocam -CAN-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...) - NOT-FOR-US: Microsoft -CAN-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...) - NOT-FOR-US: Microsoft -CAN-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...) - NOT-FOR-US: Solaris -CAN-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...) - NOT-FOR-US: Simple Web Server -CAN-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) - NOT-FOR-US: Heysoft EventSave -CAN-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) - NOT-FOR-US: Dispair -CAN-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...) - NOT-FOR-US: ImageFolio -CAN-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...) - NOT-FOR-US: Simple Web Server -CAN-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...) - NOT-FOR-US: Embedded HTTP server -CAN-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...) - NOT-FOR-US: Simple Web Server -CAN-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...) - NOT-FOR-US: Iomega NAS -CAN-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: SmartMail Server -CAN-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...) - NOT-FOR-US: Sybase ASE -CAN-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...) - NOT-FOR-US: Pramati -CAN-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) - NOT-FOR-US: Orion -CAN-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...) - NOT-FOR-US: Oracle -CAN-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) - NOT-FOR-US: jo! jo Webserver -CAN-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...) - NOT-FOR-US: HP Application Server -CAN-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...) - NOT-FOR-US: Macromedia JRun -CAN-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...) - NOTE: not-for-us -CAN-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) - NOTE: not-for-us -CAN-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) - NOTE: not-for-us -CAN-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...) - NOTE: not-for-us -CAN-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...) - - apache2 2.0.42-1 -CAN-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...) - NOTE: not-for-us -CAN-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) - NOTE: not-for-us -CAN-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) - NOTE: not-for-us -CAN-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) - NOTE: not-for-us -CAN-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...) - NOTE: not-for-us -CAN-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...) - NOTE: not-for-us -CAN-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...) - NOTE: not-for-us -CAN-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) - NOTE: not-for-us -CAN-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...) - NOTE: not-for-us -CAN-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...) - NOTE: not-for-us -CAN-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...) - NOTE: not-for-us -CAN-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...) - NOTE: not-for-us -CAN-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...) - NOTE: not-for-us -CAN-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) - NOTE: not-for-us -CAN-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) - NOTE: not-for-us -CAN-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) - NOTE: not-for-us -CAN-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) - NOTE: not-for-us -CAN-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in ...) - NOTE: not-for-us -CAN-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...) - NOTE: not-for-us -CAN-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...) - NOTE: not-for-us -CAN-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...) - NOTE: not-for-us -CAN-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...) - NOTE: not-for-us -CAN-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) - - sendmail 8.12-4 -CAN-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) - NOTE: kernel 2.4.18 -CAN-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) - NOT-FOR-US: WASD -CAN-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) - NOT-FOR-US: MSIE -CAN-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...) - NOT-FOR-US: Zeroo -CAN-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...) - NOT-FOR-US: IBM HTTP Server on AS/400 -CAN-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...) - NOT-FOR-US: TinyHTTPD -CAN-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...) - NOT-FOR-US: httpbench -CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...) - NOT-FOR-US: Veritas -CAN-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...) - NOT-FOR-US: ATPhttpd -CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...) - NOT-FOR-US: Aquonics -CAN-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...) - NOTE: efstool not suid on debian -CAN-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...) - NOT-FOR-US: AIM -CAN-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...) - NOT-FOR-US: gdam123 -CAN-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...) - NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point -CAN-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) - NOT-FOR-US: D-Link DWL-900AP+ Access Point -CAN-2002-1809 (The default configuration of the Windows binary release of MySQL ...) - NOT-FOR-US: MySQL windows binary -CAN-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...) - NOT-FOR-US: Meunity -CAN-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...) - NOT-FOR-US: phpWebSite -CAN-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) - NOT-FOR-US: Drupal -CAN-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) - - dacode <unfixed> (bug #322605; low) -CAN-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...) - NOT-FOR-US: NPDS -CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) - NOT-FOR-US: PHP-Nuke -CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...) - - xoops <itp> (bug #207640) -CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...) - NOT-FOR-US: ImageFolio -CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...) - NOT-FOR-US: phpRank -CAN-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) - NOT-FOR-US: phpRank -CAN-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...) - NOT-FOR-US: MidiCart -CAN-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...) - NOT-FOR-US: ChaiVM -CAN-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...) - NOT-FOR-US: ChaiVM -CAN-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) - NOT-FOR-US: HP ldapux-pamauthz -CAN-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) - NOT-FOR-US: HP Virtualvault OS -CAN-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) - NOT-FOR-US: Fake Identd -CAN-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...) - NOT-FOR-US: SGI IRIX -CAN-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) - NOT-FOR-US: microsoft -CAN-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...) - - newsx 1.4pl6.0-2 -CAN-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...) - - nn 6.6.4-1 -CAN-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) - NOT-FOR-US: SGI IRIX -CAN-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) - NOT-FOR-US: SGI IRIX -CAN-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) - NOT-FOR-US: Zeus Administration Server -CAN-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...) - NOT-FOR-US: HP Tru64 -CAN-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...) - - php4 4:4.3.10-15 -CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...) - NOT-FOR-US: microsoft -CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) - NOT-FOR-US: JAF CMS -CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) - - helix-player 1.0.5-1 (bug #316276; high) -CAN-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...) - NOT-FOR-US: BEWAC -CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...) - - tor 0.0.9.10-1 (medium) -CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) - NOT-FOR-US: Duware -CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...) - NOT-FOR-US: Duware -CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) - NOT-FOR-US: Duware -CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) - NOT-FOR-US: Duware -CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) - NOT-FOR-US: Duware -CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) - NOT-FOR-US: ATutor -CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) - NOT-FOR-US: XAMPP -CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) - NOT-FOR-US: ajax-spell -CAN-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...) - NOT-FOR-US: ViRobot -CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) - {DSA-758-1} - TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - - heimdal 0.6.3-11 (bug #315065; bug #315086; high) -CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - - nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492) -CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) - NOT-FOR-US: Fortibus CMS -CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) - NOT-FOR-US: Fortibus CMS -CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...) - NOT-FOR-US: Cool Cafe Chat -CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...) - NOT-FOR-US: Cool Cafe Chat -CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) - NOT-FOR-US: iGallery -CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...) - NOT-FOR-US: iGallery -CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) - NOT-FOR-US: Solaris -CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) - NOT-FOR-US: socialMPN -CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) - NOT-FOR-US: external script that allow interaction between amarok and a browser -CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) - NOT-FOR-US: MercuryBoard -CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) - NOT-FOR-US: Enterasys hardware issue -CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) - NOT-FOR-US: Enterasys hardware issue -CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) - NOT-FOR-US: Cisco -CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) - {DSA-738-1} - NOTE: varying and apparently innacurate info about what versions fix it - - razor 2.720-1 (low) -CAN-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...) - NOTE: insufficient info, possibly SuSE specific - NOT-FOR-US: only affects 1.9.14 of gpg2 -CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) - NOT-FOR-US: iPlanet -CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) - NOT-FOR-US: cPanel -CAN-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...) - NOT-FOR-US: 3com Network Supervisor -CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...) - NOT-FOR-US: FreeBSD ipfw -CAN-2005-2018 - RESERVED -CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...) - NOT-FOR-US: Symantec AntiVirus -CAN-2005-2016 - RESERVED -CAN-2005-2015 - RESERVED -CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) - NOT-FOR-US: paFAQ -CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: paFAQ -CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...) - NOT-FOR-US: paFAQ -CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) - NOT-FOR-US: paFAQ -CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...) - NOT-FOR-US: Ublog Reload -CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) - NOT-FOR-US: Ublog Reload -CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - - yaws 1.56-1 (low) -CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) - {DSA-739-1} - - trac 0.8.4-1 (bug #315145) -CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) - NOT-FOR-US: JBOSS -CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...) - NOT-FOR-US: Mambo -CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) - NOT-FOR-US: paFileDB -CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...) - NOT-FOR-US: paFileDB -CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) - NOT-FOR-US: paFileDB -CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) - NOT-FOR-US: McGallery -CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) - NOT-FOR-US: McGallery -CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...) - NOT-FOR-US: Bitrix Site Manager -CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Bitrix Site Manager -CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) - NOT-FOR-US: Finjan SurfinGate -CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) - {DSA-735-2 DSA-735-1} - - sudo 1.6.8p9-1 (bug #315718; bug #315115; medium) -CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) - {DSA-748-1} - - ruby1.8 1.8.2-8 (bug #315064; medium) - - ruby1.9 1.9.0+20050623-1 (bug #315064; medium) -CAN-2005-1991 - RESERVED -CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...) - NOT-FOR-US: MSIE -CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) - NOT-FOR-US: MSIE -CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) - NOT-FOR-US: MSIE -CAN-2005-1987 (Collaboration Data Objects (CDO), as used in Microsoft Windows and ...) - NOT-FOR-US: Microsoft -CAN-2005-1986 - RESERVED -CAN-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...) - NOT-FOR-US: Microsoft -CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...) - NOT-FOR-US: Spoolsv.exe -CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...) - NOT-FOR-US: Microsoft -CAN-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...) - NOT-FOR-US: Microsoft -CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...) - NOT-FOR-US: Microsoft -CAN-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...) - NOT-FOR-US: Microsoft -CAN-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...) - NOT-FOR-US: Microsoft -CAN-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory ...) - NOT-FOR-US: Microsoft -CAN-2005-1977 - RESERVED -CAN-2005-1976 - RESERVED -CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...) - - uw-imap <unfixed> (bug #315499; low) -CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) - NOT-FOR-US: DeleGate -CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) - NOT-FOR-US: BPM Studio Pro -CAN-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...) - NOT-FOR-US: Norton -CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...) - NOT-FOR-US: Norton -CAN-2002-1777 (** DISPUTED ** ...) - NOT-FOR-US: Symantec -CAN-2002-1776 (** DISPUTED ** ...) - NOT-FOR-US: Symantec -CAN-2002-1775 (** DISPUTED ** ...) - NOT-FOR-US: Symantec -CAN-2002-1774 (** DISPUTED ** ...) - NOT-FOR-US: Symantec -CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...) - NOT-FOR-US: ICQ for MacOS X -CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...) - NOT-FOR-US: Novell Netware -CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...) - NOT-FOR-US: FormMail -CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) - NOT-FOR-US: Eudora -CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) - NOT-FOR-US: Mirosoft -CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) - NOT-FOR-US: Cisco -CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) - NOT-FOR-US: Oracle -CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) - NOT-FOR-US: Netscape - NOTE: didn't check mozilla -CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) - - evolution 1.0.5 -CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...) - NOT-FOR-US: acrobat -CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...) - NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver -CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) - NOT-FOR-US: Microsoft -CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) - NOT-FOR-US: PHProjekt -CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) - NOT-FOR-US: PHProjekt -CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) - NOT-FOR-US: PHProjekt -CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) - NOT-FOR-US: PHProjekt -CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...) - NOT-FOR-US: PHProjekt -CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: ACDSee -CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) - - tinc 1.0pre5 -CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...) - NOT-FOR-US: Novell NetWare -CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) - NOT-FOR-US: csNews -CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...) - NOT-FOR-US: csChat-R-Box -CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...) - NOT-FOR-US: csLiveSupport -CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...) - NOT-FOR-US: csGuestbook -CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...) - NOT-FOR-US: Windows 2000 Terminal Services -CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) - - slash 2.2.3 -CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...) - - vtun 2.5b2 -CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...) - - vtun 2.5b2 -CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...) - NOT-FOR-US: Microsoft -CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) - NOT-FOR-US: Microsoft -CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) - NOT-FOR-US: AOL ICQ -CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) - - libsoap-lite-perl 0.55 -CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...) - NOT-FOR-US: WorldClient -CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...) - NOT-FOR-US: WorldClient -CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...) - NOT-FOR-US: Alt-N Technologies Mdaemon -CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...) - NOT-FOR-US: Alt-N Technologies Mdaemon -CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...) - NOT-FOR-US: Astaro Security Linux -CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) - NOT-FOR-US: CGINews -CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...) - NOT-FOR-US: dlogin -CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...) - NOT-FOR-US: NewsPro -CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...) - NOT-FOR-US: Prospero MessageBoards -CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) - NOT-FOR-US: Actinic Catalog -CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) - NOT-FOR-US: IBM AS/400 -CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) - NOTE: not-fot-us (ASPjar Guestbook) -CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) - NOT-FOR-US: ASPjar Guestbook -CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) - NOT-FOR-US: askSam Web Publisher -CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...) - NOT-FOR-US: askSam Web Publisher -CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...) - NOT-FOR-US: PhotoDB -CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) - NOT-FOR-US: PHPImageView -CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...) - NOT-FOR-US: PHPImageView -CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) - NOT-FOR-US: Powerboards -CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) - NOT-FOR-US: microsoft -CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...) - NOT-FOR-US: alterMIME - TODO: track RFP: #289546 -CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...) - NOT-FOR-US: Spooky Login -CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...) - NOT-FOR-US: Bavo -CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...) - NOT-FOR-US: microsoft -CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...) - NOT-FOR-US: microsoft -CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...) - NOT-FOR-US: microsoft -CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...) - NOTE: "SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1." -CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) - NOT-FOR-US: microsoft -CAN-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) - NOT-FOR-US: msec -CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) - NOT-FOR-US: microsoft -CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) - NOT-FOR-US: BasiliX -CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) - NOT-FOR-US: BasiliX -CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) - NOT-FOR-US: BasiliX -CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) - NOT-FOR-US: BasiliX -CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) - - phpbb2 2.0.6c-1 -CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) - NOT-FOR-US: Cisco -CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) - NOT-FOR-US: microsoft -CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) - NOT-FOR-US: Zeroboard -CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...) - NOT-FOR-US: NetAuction -CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...) - NOT-FOR-US: DeltaScripts PHP Classifieds -CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...) - NOT-FOR-US: ColdFusion -CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) - NOT-FOR-US: ASP Client Check -CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) - NOT-FOR-US: Microsoft -CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) - - vtun 2.6-1 -CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) - NOT-FOR-US: Microsoft Outlook plugin -CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) - NOT-FOR-US: Norton -CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) - NOT-FOR-US: Microsoft -CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) - NOT-FOR-US: Microsoft -CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) - NOT-FOR-US: Alcatel hardware issue -CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) - NOT-FOR-US: AIX -CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) - NOT-FOR-US: AIX -CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) - NOT-FOR-US: Microsoft -CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) - NOT-FOR-US: AIX -CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) - NOT-FOR-US: AIX -CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) - NOT-FOR-US: BadBlue Enterprise Edition -CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) - NOT-FOR-US: Deerfield D2Gfx -CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) - NOT-FOR-US: BadBlue Personal Edition -CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) - NOT-FOR-US: NewsReactor -CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) - NOTE: Only present in intermediate CVS version, not released in Debian -CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) - NOT-FOR-US: COWS -CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) - NOT-FOR-US: vBulletin -CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) - NOT-FOR-US: vBulletin -CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) - NOT-FOR-US: mrtgconfig -CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) - NOT-FOR-US: BindView NetInventory -CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) - NOT-FOR-US: Unreal IRCd -CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) - NOTE: kfreebsd use a much more recent version of the freebsd kernel - NOT-FOR-US: FreeBSD -CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) - - webmin 0.93 (medium) -CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) - NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's - NOTE: webmin package look sane and FHS compliant -CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) - NOT-FOR-US: Microsoft -CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) - NOT-FOR-US: Microsoft -CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) - NOT-FOR-US: FreeBSD -CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) - NOT-FOR-US: HP-UX -CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) - NOTE: kfreebsd use a much more recent version of the freebsd kernel - NOT-FOR-US: FreeBSD -CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) - NOT-FOR-US: Oracle -CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) - NOT-FOR-US: HP Secure OS layer -CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - - tinc 1.0pre5-1 -CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Lotus Notes -CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) - NOT-FOR-US: Sun -CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) - NOT-FOR-US: WebCart -CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) - NOTE: Fix went into proftpd CVS on 2002-12-12 - - proftpd 1.2.8-1 -CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) - - proftpd 1.2.4-1 -CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) - NOT-FOR-US: Check Point -CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) - NOT-FOR-US: mod_bf -CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) - NOT-FOR-US: Microsoft -CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) - - thttpd 2.21 -CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) - NOT-FOR-US: Network Query Tool -CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - - util-linux 2.11n-1 -CAN-2001-1492 - REJECTED -CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) - NOT-FOR-US: Opera -CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...) - NOTE: mozilla is quite easily DOSable with all sorts of large html - NOTE: files, probably not worth following up on. -CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) - NOT-FOR-US: Microsoft -CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...) - NOT-FOR-US: Open Projects ircd -CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...) - NOTE: verified not present in 4.0.5-4sarge1 -CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...) - NOT-FOR-US: Alcatel hardware issue -CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) - - libpam-opie <unfixed> (bug #112279; low) -CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) - NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now -CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) - NOT-FOR-US: Xitami -CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) - NOT-FOR-US: Sun Java -CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...) - NOT-FOR-US: Sun -CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) - NOT-FOR-US: UnixWare -CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) - - snort 1.6.1-1 -CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) - NOT-FOR-US: Xitami -CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) - NOT-FOR-US: Annuaire -CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) - NOT-FOR-US: Sun Java -CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) - NOT-FOR-US: Sun Java -CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) - NOT-FOR-US: InteractivePHP FusionBB -CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) - NOT-FOR-US: InteractivePHP FusionBB -CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...) - NOT-FOR-US: pcAnywhere -CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...) - NOT-FOR-US: Pragma Telnetserver -CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...) - NOT-FOR-US: ProductCart Ecommerce -CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) - NOT-FOR-US: ProductCart Ecommerce -CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) - NOT-FOR-US: e107 -CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...) - NOT-FOR-US: Broadpool Siteframe -CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...) - NOT-FOR-US: Ovidentia Portal -CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Cerberus Helpdesk -CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...) - NOT-FOR-US: Cerberus Helpdesk -CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...) - NOT-FOR-US: C-JDBC -CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...) - NOT-FOR-US: C.J. Steele Tattle -CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) - NOT-FOR-US: JamMail -CAN-2005-1958 - REJECTED - NOTE: see CAN-2005-1855 -CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...) - NOT-FOR-US: File Upload Manager -CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) - NOT-FOR-US: File Upload Manager -CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) - NOT-FOR-US: singapore -CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: singapore -CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...) - NOT-FOR-US: Pico Server -CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...) - NOT-FOR-US: Pico Server -CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...) - NOT-FOR-US: osCommerce -CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Webhints -CAN-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...) - NOT-FOR-US: e107 -CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...) - NOT-FOR-US: Invision Gallery -CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...) - NOT-FOR-US: Invision Gallery -CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...) - NOT-FOR-US: Invision Blog -CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) - NOT-FOR-US: Invision Blog -CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...) - NOT-FOR-US: xmysqladmin -CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) - NOT-FOR-US: Loki download manager -CAN-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) - NOT-FOR-US: Cisco hardware issue -CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) - NOT-FOR-US: SilverCity -CAN-2005-1940 - RESERVED -CAN-2005-1939 - RESERVED -CAN-2005-1938 - REJECTED -CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) - {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} - - mozilla-firefox 1.0.4-2sarge3 (medium) - - mozilla 2:1.7.8-1sarge1 (medium) -CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) - NOT-FOR-US: Microsoft -CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) - NOT-FOR-US: Xerox hardware issue -CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) - NOT-FOR-US: Microsoft -CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) - NOT-FOR-US: Apple -CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) - {DSA-734-1} - - gaim 1:1.3.1-1 (bug #315356; low) -CAN-2005-1930 - RESERVED -CAN-2005-1929 - RESERVED -CAN-2005-1928 - RESERVED -CAN-2005-1927 - RESERVED -CAN-2005-1926 - RESERVED -CAN-2005-1925 - RESERVED -CAN-2005-1924 - RESERVED -CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) - {DSA-737-1 DTSA-3-1} - - clamav 0.86.1 (bug #316401; bug #316462; medium) -CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...) - {DSA-737-1 DTSA-3-1} - - clamav 0.86.1-1 (low) -CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...) - {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1} - - serendipity <itp> (bug #312413) - - drupal 4.5.4-1 (high; bug #316362) - - phpgroupware 0.9.16.006-1 (high) - - egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high) - - phpwiki 1.3.7-4 (bug #316714; high) - - php4 4:4.3.10-16 (high; bug #316447) - NOTE: horde3 is not affected by this issue, they ship different XMLRPC code -CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...) - {DSA-804-1} - - kdelibs 4:3.4.2-1 (bug #319016; medium) -CAN-2005-1919 - RESERVED -CAN-2005-1918 - RESERVED -CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...) - NOT-FOR-US: kpopper - NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one -CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...) - {DSA-760-1 DTSA-4-1} - - ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low) -CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...) - NOT-FOR-US: log4sh -CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...) - {DSA-754-1 DTSA-2-1} - - centericq 4.20.0-7 (medium) -CAN-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...) - {DTSA-16-1} - - linux-2.6 2.6.12-1 (medium) - - kernel-source-2.6.11 2.6.11-6 (medium) -CAN-2005-1912 - REJECTED -CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) - - leafnode 1.11.3.rel-1 (low) -CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) - NOT-FOR-US: WWWeb Concepts Events System -CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) - NOT-FOR-US: 602LAN SUITE -CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) - NOT-FOR-US: Perception LiteWeb -CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) - NOT-FOR-US: Microsoft -CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) - NOT-FOR-US: livingmailing -CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) - NOT-FOR-US: Kaspersky -CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) - NOT-FOR-US: JiRo's Upload Systems -CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) - NOT-FOR-US: SPA-PRO Mail -CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) - NOT-FOR-US: SPA-PRO Mail -CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) - NOT-FOR-US: Sawmill -CAN-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...) - NOT-FOR-US: Sawmill -CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) - NOT-FOR-US: RakNet -CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) - NOT-FOR-US: phpThumb -CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) - NOT-FOR-US: FlexCast -CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) - NOT-FOR-US: FlatNuke -CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) - NOT-FOR-US: FlatNuke -CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) - NOT-FOR-US: FlatNuke -CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: FlatNuke -CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) - NOT-FOR-US: FlatNuke -CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) - NOT-FOR-US: Mortiforo -CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) - NOT-FOR-US: Sun ONE -CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) - NOT-FOR-US: Solaris -CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) - NOT-FOR-US: YaPiG -CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) - NOT-FOR-US: YaPiG -CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) - NOT-FOR-US: YaPiG -CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) - NOT-FOR-US: YaPiG -CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) - NOT-FOR-US: YaPiG -CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) - NOT-FOR-US: YaPiG -CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) - NOT-FOR-US: everybuddy -CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) - NOT-FOR-US: LutelWall -CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) - NOT-FOR-US: GIPTables -CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) - NOT-FOR-US: Lpanel -CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) - NOT-FOR-US: CuteNews -CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) - NOT-FOR-US: Exhibit Engine -CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) - NOT-FOR-US: Dzip -CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) - NOT-FOR-US: Crob -CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) - NOT-FOR-US: WebSphere -CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) - - drupal 4.5.3-1 -CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) - NOT-FOR-US: Popper -CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) - NOT-FOR-US: MWChat -CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) - NOT-FOR-US: I-Man -CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) - NOT-FOR-US: Symantec -CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) - NOT-FOR-US: Calendarix -CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) - NOT-FOR-US: Calendarix -CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) - NOT-FOR-US: Calendarix -CAN-2003-1218 - RESERVED -CAN-2003-1217 - RESERVED -CAN-2005-1863 - RESERVED -CAN-2005-1862 - RESERVED -CAN-2005-1861 - RESERVED -CAN-2005-1860 - RESERVED -CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...) - NOT-FOR-US: arshell -CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...) - {DSA-786-1} - TODO: check -CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...) - {DSA-787-1} - - backup-manager 0.5.8-2 (bug #315582; low) -CAN-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...) - {DSA-787-1} - - backup-manager 0.5.8-2 (medium) -CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...) - {DSA-772-1} - TODO: check -CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...) - {DSA-770-1} - - gopher 3.0.8 (low) -CAN-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...) - {DSA-767-1 DTSA-4-1} - NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when - NOTE: no shared lib version is found. As the Debian package has a dependency on - NOTE: it the maintainer does not intent to fix it, see # 319443 - - ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium) -CAN-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...) - {DSA-760-1 DTSA-4-1} - - ekg 1:1.5+20050712+1.6rc2-1 (low) -CAN-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...) - {DSA-760-1 DTSA-4-1} - - ekg 1:1.5+20050712+1.6rc2-1 (low) -CAN-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...) - {DSA-797-2 DSA-797-1 DSA-763-1} - NOTE: This is only contrib code not built in the binary packages AFAIK - - zlib 1:1.2.3-1 (low) -CAN-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...) - {DSA-750-1} - - dhcpcd 1:1.3.22pl4-22 (medium) -CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) - NOT-FOR-US: YaMT -CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) - NOT-FOR-US: YaMT -CAN-2005-1845 - RESERVED -CAN-2005-1844 - RESERVED -CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) - NOT-FOR-US: Windows -CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) - NOT-FOR-US: Windows -CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...) - NOT-FOR-US: acroread -CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...) - {DSA-744-1} - - fuse 2.3.0-1 -CAN-2005-2349 [Directory traversal in zoo] - RESERVED - - zoo 2.10-4 (low; bug #309594) -CAN-2005-2350 [Cross Site Scripting in websieve] - RESERVED - - websieve <unfixed> (bug #311838; low) - NOTE: second half of bug suggets lack of escaping of user data - NOTE: could be used to compromise program somehow - NOTE: that is not covered by the CAN though due to vagueness -CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) - NOT-FOR-US: phpCMS -CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) - NOT-FOR-US: Liberum -CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) - NOT-FOR-US: Liberum -CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...) - NOT-FOR-US: Fortinet firewall -CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) - NOT-FOR-US: NEXTWEB -CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) - NOT-FOR-US: NEXTWEB -CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) - NOT-FOR-US: NEXTWEB -CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) - NOT-FOR-US: MyBB -CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) - NOT-FOR-US: MyBB -CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) - NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such - NOTE: behaviour, seems like a broken PAM setup on the submitter's side -CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) - NOT-FOR-US: SoftICE -CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) - NOT-FOR-US: Microsoft -CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) - NOT-FOR-US: D-Link hardware issue -CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) - NOT-FOR-US: D-Link hardware issue -CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) - NOT-FOR-US: HP Radia -CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) - NOT-FOR-US: HP Radia -CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) - - mailutils 1:0.6.1-2 -CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) - NOT-FOR-US: Qualiteam X-Cart -CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) - NOT-FOR-US: Qualiteam X-Cart -CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) - NOT-FOR-US: PowerDownload -CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) - NOT-FOR-US: Zeroboard -CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) - NOT-FOR-US: NikoSoft WebMail -CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) - NOT-FOR-US: NewLife Blogger -CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) - NOT-FOR-US: Invision Power Board -CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) - NOT-FOR-US: Invision Power Board -CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) - NOT-FOR-US: Hummingbird Connectivity -CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) - NOT-FOR-US: PicoWebServer -CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) - NOT-FOR-US: FutureSoft TFTP Server -CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) - NOT-FOR-US: FutureSoft TFTP Server -CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) - NOT-FOR-US: MyBB -CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) - NOTE: Not in Sarge - - wordpress 1.5.1.2-1 -CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) - NOT-FOR-US: Sony hardware issue -CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) - NOT-FOR-US: Stronghold game -CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) - NOT-FOR-US: PHPMailer -CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) - NOT-FOR-US: PeerCast -CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) - NOT-FOR-US: Online Solutions for Educators -CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) - NOT-FOR-US: Net Portal Dynamic System -CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) - NOT-FOR-US: Net Portal Dynamic System -CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) - NOT-FOR-US: Nortel hardware -CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) - NOT-FOR-US: Nokia hardware -CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) - NOT-FOR-US: Jaws glossary gadget -CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) - NOT-FOR-US: FreeStyle Wiki -CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) - NOT-FOR-US: ServersCheck -CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) - NOTE: Cryptographic attack on AES, cannot be fixed -CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) - {DSA-749-1} - - ettercap 1:0.7.1-1.1 (bug #311615) -CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) - NOT-FOR-US: ClamAV on Mac OS X -CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) - NOT-FOR-US: Microsoft -CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) - NOT-FOR-US: Microsoft -CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) - NOT-FOR-US: Microsoft -CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) - NOT-FOR-US: Microsoft -CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) - NOT-FOR-US: Microsoft -CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) - NOT-FOR-US: India Software Solution shopping cart -CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) - NOT-FOR-US: Hosting Controller -CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) - NOT-FOR-US: phpStat -CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) - NOT-FOR-US: FunkyASP -CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) - NOT-FOR-US: ZonGG -CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) - NOT-FOR-US: Hosting Controller -CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) - NOT-FOR-US: BookReview -CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) - NOT-FOR-US: BookReview -CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) - NOT-FOR-US: MailEnable -CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) - NOT-FOR-US: Active News Manager -CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) - NOT-FOR-US: MaxWebPortal -CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) - NOT-FOR-US: PostNuke -CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) - NOT-FOR-US: PostNuke -CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) - NOT-FOR-US: C'Nedra -CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) - NOT-FOR-US: Terminator game -CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) - - davfs2 0.2.4-1 (bug #310757; medium) -CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) - NOT-FOR-US: Listserv -CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) - NOT-FOR-US: Terminator game -CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) - NOT-FOR-US: HPUX -CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) - NOT-FOR-US: Avast -CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - {DSA-756-1} - - squirrelmail 2:1.4.4-6 (bug #314374; medium) -CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...) - - kernel-source-2.4.27 2.4.27-11 (medium; bug #319629) -CAN-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...) - NOTE: linux-2.6 not affected (already fixed) - TODO: Add which revision was that fixed? - - kernel-source-2.4.27 2.4.27-11 (unknown) -CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) - {DSA-826-1} - - helix-player 1.0.5-1 (bug #316276; high) - NOTE: Helix Player is affected according to: - NOTE: <http://service.real.com/help/faq/security/050623_player/EN/> -CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) - {DTSA-16-1} - - kernel-source-2.6.8 2.6.8-17 - - kernel-source-2.6.8 2.6.8-16sarge1 - - linux-2.6 2.6.12-1 (medium) - NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12 - NOTE: 2.6 only, not in 2.4 -CAN-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...) - NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell -CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) - - kernel-source-2.6.8 2.6.8-17 - - linux-2.6 2.6.12-1 - NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5) -CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...) - {DTSA-16-1} - - linux-2.6 2.6.12-1 (medium) - NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5) - - kernel-source-2.6.8 2.6.8-17 - - kernel-source-2.4.27 2.4.27-11 -CAN-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...) - {DTSA-16-1} - - linux-2.6 2.6.12-1 (medium) - - kernel-source-2.6.11 2.6.11-6 (medium) - - kernel-source-2.6.8 2.6.8-17 - - kernel-source-2.4.27 <unfixed> (low) -CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) - NOT-FOR-US: sysreport -CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - - shtool 2.0.1-2 (low) - - mysql-ocaml 1.0.3-6 (low) - - php4 4:4.4.0-1 (low) - NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751 -CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) - NOT-FOR-US: Novell -CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) - NOT-FOR-US: Novell -CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) - NOT-FOR-US: Novell -CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - {DSA-789-1 DTSA-15-1} - - shtool 2.0.1-2 (bug #311206; low) - - mysql-ocaml 1.0.3-6 (bug #314464; low) - - php4 4:4.3.10-16 (low) - NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751 -CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) - NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies - TODO: check, whether this still applies -CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) - NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies - TODO: check, whether this still applies -CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) - NOT-FOR-US: Oracle -CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) - NOT-FOR-US: CVSup third party modules -CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) - NOT-FOR-US: PJ CGI Nero -CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) - NOT-FOR-US: Informix Dynamic Server -CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) - - phpbb2 2.0.6d-2 -CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: SurfNOW -CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) - NOT-FOR-US: WebWeaver -CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) - NOT-FOR-US: Web Blog -CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) - NOT-FOR-US: BlackICE -CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...) - NOT-FOR-US: BlackICE -CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) - - gallery 1.4.4-pl1-1 -CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) - NOT-FOR-US: Nextplace -CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) - NOT-FOR-US: Intra Forum -CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) - NOT-FOR-US: Borland Web Server -CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) - NOT-FOR-US: Reptile Web Server -CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) - NOT-FOR-US: Tiny Server -CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Tiny Server -CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Tiny Server -CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) - NOT-FOR-US: Tiny Server -CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) - NOT-FOR-US: Oracle -CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) - NOT-FOR-US: ProxyNow! -CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) - NOT-FOR-US: BremsServer -CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) - NOT-FOR-US: BremsServer -CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) - NOT-FOR-US: Serv-U FTP Server -CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) - NOT-FOR-US: Phorum -CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - NOT-FOR-US: Q-Shop -CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) - NOT-FOR-US: Q-Shop -CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) - NOT-FOR-US: Finjan SurfinGate -CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) - NOT-FOR-US: Novell NetWare -CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) - NOT-FOR-US: Novell NetWare -CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) - NOT-FOR-US: Novell NetWare -CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) - NOT-FOR-US: Novell NetWare -CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) - NOT-FOR-US: Freesco -CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) - NOT-FOR-US: GeoHttpServer -CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) - NOT-FOR-US: GeoHttpServer -CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) - NOT-FOR-US: Need for Speed game -CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) - NOT-FOR-US: Banner engine -CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) - NOTE: fvwm: uses mktemp - NOTE: fvwm-gnome: same as fvwm - NOTE: x-base-clients: x11perfcomp uses mkdir atomically - NOTE: lvm10: does not contain lvmcreate_initrd -CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) - NOT-FOR-US: Mephistoles -CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) - - honeyd 0.8-1 -CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) - NOT-FOR-US: WebcamXP -CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - - phpbb2 2.0.8a-1 -CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) - - phpbb2 2.0.8a-1 -CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) - NOT-FOR-US: Yahoo Messenger -CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) - NOT-FOR-US: Yahoo Messenger -CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - - moodle 1.4.4.dfsg.1-3 -CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles] - RESERVED - - mutt <unfixed> (bug #311296; low) -CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] - NOTE: viewFile.php has been removed along with other files in -26, so Debian is - NOTE: no longer affected. - - gforge 3.1-26 -CAN-2005-XXXX [osh buffer overflow] - - osh 1.7-13 (bug #311369) -CAN-2005-XXXX [xile buffer overrun in terminal code] - - zile 2.0.4-2 -CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...) - NOT-FOR-US: ezwdc NewsletterEz -CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...) - NOT-FOR-US: Halo -CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) - NOTE: fixproc not installed in Debian package -CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) - - imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812) -CAN-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...) - NOT-FOR-US: Iron Bars Shell -CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) - NOT-FOR-US: PROMS -CAN-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) - NOT-FOR-US: PROMS -CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...) - NOT-FOR-US: PROMS -CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...) - NOT-FOR-US: PROMS -CAN-2005-1733 (Cookie Cart stores the password file under the web document root with ...) - NOT-FOR-US: Cookie Cart -CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) - NOT-FOR-US: Cookie Cart -CAN-2005-1731 - RESERVED -CAN-2005-1730 - RESERVED -CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Novell -CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) - NOT-FOR-US: Apple -CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) - NOT-FOR-US: Apple -CAN-2005-1726 - RESERVED -CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...) - NOT-FOR-US: Apple -CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...) - NOT-FOR-US: Apple -CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) - NOT-FOR-US: Apple -CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...) - NOT-FOR-US: Apple -CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) - NOT-FOR-US: Apple -CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) - NOT-FOR-US: Apple -CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) - NOT-FOR-US: avast! antivirus -CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) - NOT-FOR-US: War Times -CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...) - NOT-FOR-US: Zyxel hardware -CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...) - NOT-FOR-US: TOPo -CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...) - NOT-FOR-US: TOPo -CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...) - NOT-FOR-US: SurgeMail -CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) - NOT-FOR-US: Serendipity -CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...) - NOT-FOR-US: Serendipity -CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...) - NOT-FOR-US: Gibraltar Firewall - TODO: check, whether gibraltar-bootcd is in any way related/affected -CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...) - NOT-FOR-US: Blue Coat -CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) - NOT-FOR-US: Blue Coat -CAN-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...) - NOT-FOR-US: Blue Coat -CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) - NOT-FOR-US: Gentoo -CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) - - mailscanner <unfixed> (bug #310774; low) -CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) - - gdb 6.3-6 -CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) - - gdb 6.3-6 -CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) - NOT-FOR-US: Warrior Kings: Battles -CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) - NOT-FOR-US: Warrior Kings: Battles -CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) - NOT-FOR-US: PortailPHP -CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...) - NOT-FOR-US: PostNuke -CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...) - NOT-FOR-US: PostNuke -CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...) - NOT-FOR-US: PostNuke -CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...) - NOT-FOR-US: PostNuke -CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) - NOT-FOR-US: PostNuke -CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) - NOT-FOR-US: PostNuke -CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...) - NOT-FOR-US: PostNuke -CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) - NOT-FOR-US: CA Antivirus -CAN-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...) - - gxine 0.4.7-0.1 (bug #310712; medium) -CAN-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...) - NOT-FOR-US: SAP -CAN-2005-1690 - REJECTED -CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...) - {DSA-757-1} - - krb5 1.3.6-4 (medium) -CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) - NOTE: Removed from Sarge due to intransparent handling of security issues by upstream - - wordpress 1.5.1-1 -CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) - NOTE: Removed from Sarge due to intransparent handling of security issues by upstream - - wordpress 1.5.1-1 -CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) - {DSA-753-1} - NOTE: Only exploitable under rare circumstances - - gedit 2.10.3-1 (low) -CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) - NOT-FOR-US: episodex -CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) - NOT-FOR-US: episodex -CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...) - NOT-FOR-US: Solstice Internet Mail Server -CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...) - NOT-FOR-US: phpATM -CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...) - NOT-FOR-US: D-Link hardware -CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) - - picasm 1.12c-1 -CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) - NOT-FOR-US: Groove -CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) - NOT-FOR-US: Groove -CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...) - NOT-FOR-US: Groove -CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) - NOT-FOR-US: Groove -CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...) - NOT-FOR-US: Help Center Live -CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...) - NOT-FOR-US: Help Center Live -CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...) - NOT-FOR-US: Help Center Live -CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...) - NOT-FOR-US: Yahoo Messenger -CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) - NOT-FOR-US: Extreme BlackDiamond hardware -CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) - NOT-FOR-US: Opera -CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) - NOT-FOR-US: YusASP Web Asset Manager -CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) - NOT-FOR-US: DataTrac Activity Console -CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...) - NOT-FOR-US: Orenosv -CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...) - NOT-FOR-US: Microsoft -CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...) - NOT-FOR-US: Microsoft -CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...) - NOT-FOR-US: Jeuce Personal Web Server -CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...) - NOT-FOR-US: Jeuce Personal Web Server -CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...) - NOT-FOR-US: Jeuce Personal Web Server -CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...) - NOT-FOR-US: EZGuestbook -CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...) - NOT-FOR-US: MyServer -CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...) - NOT-FOR-US: MyServer -CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) - NOT-FOR-US: Mercur Messaging -CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...) - NOT-FOR-US: Mercur Messaging -CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) - NOT-FOR-US: Hosting Controller -CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) - - rsync 2.6.1-1 -CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...) - NOT-FOR-US: InoculateIT -CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...) - NOT-FOR-US: Microsoft -CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) - NOT-FOR-US: Microsoft -CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Matrix FTP Server -CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...) - NOT-FOR-US: Sophos -CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...) - NOT-FOR-US: SandSurfer -CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) - NOT-FOR-US: Sambar -CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) - NOT-FOR-US: phpcodeCabinet -CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...) - NOT-FOR-US: JShop -CAN-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...) - NOT-FOR-US: Opera -CAN-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...) - NOT-FOR-US: Sami FTP Server -CAN-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...) - NOT-FOR-US: Sami FTP Server -CAN-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...) - NOT-FOR-US: Red-Alert -CAN-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...) - NOT-FOR-US: Red-Alert -CAN-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...) - NOT-FOR-US: Red-Alert -CAN-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...) - NOT-FOR-US: Nadeo -CAN-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...) - NOT-FOR-US: Jelsoft Bulletin -CAN-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Sophos -CAN-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...) - NOT-FOR-US: Dream FTP -CAN-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...) - - kernel-patch-vserver 1.9.4-1 -CAN-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...) - NOT-FOR-US: Mambo -CAN-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...) - NOT-FOR-US: Macallan -CAN-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) - NOT-FOR-US: VisualShapers -CAN-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...) - NOT-FOR-US: MaxWebPortal -CAN-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...) - NOT-FOR-US: MaxWebPortal -CAN-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...) - NOT-FOR-US: PHP-Nuke -CAN-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...) - NOT-FOR-US: MaxWebPortal -CAN-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...) - NOT-FOR-US: Monkey -CAN-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...) - NOT-FOR-US: Oracle -CAN-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...) - NOT-FOR-US: Crob -CAN-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...) - NOT-FOR-US: Crob -CAN-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...) - NOT-FOR-US: Crob -CAN-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) - NOT-FOR-US: Mambo -CAN-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...) - NOT-FOR-US: Mambo -CAN-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...) - NOT-FOR-US: Monkey -CAN-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) - NOT-FOR-US: Mambo -CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...) - NOT-FOR-US: Caucho Technology Resin -CAN-2005-XXXX [Two DoS condition in ekg] - - ekg 1:1.5+20050411-3 -CAN-2005-XXXX [lcrash affected by libbfd integer overflows] - - lcrash 7.0.0.pre.cvs.20050322-3 -CAN-2005-XXXX [Multiple security problems in lbreakout2] - - lbreakout2 2.5.2-2 -CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) - NOT-FOR-US: Woppoware -CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) - NOT-FOR-US: Woppoware -CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) - NOT-FOR-US: Woppoware -CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) - NOT-FOR-US: Woppoware -CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) - NOT-FOR-US: Windows -CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) - NOT-FOR-US: GASoft -CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) - NOT-FOR-US: GASoft -CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) - NOT-FOR-US: Fastream NETFile -CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) - NOT-FOR-US: Keyvan1 Gallery -CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) - NOT-FOR-US: Livre d'Or -CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) - NOT-FOR-US: Zoidcom -CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) - NOT-FOR-US: Woltlab Burning Board -CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) - NOT-FOR-US: Ignition Project -CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) - NOT-FOR-US: Ignition Project -CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) - NOT-FOR-US: Sigma -CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) - NOT-FOR-US: SafeHTML -CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) - NOT-FOR-US: NPDS -CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...) - {DSA-783-1} - - mysql-dfsg 4.0.12-2 (bug #319526; low) -CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) - NOT-FOR-US: JGS-Portal -CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) - NOT-FOR-US: JGS-Portal -CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) - NOT-FOR-US: JGS-Portal -CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) - - cheetah 0.9.16-1 - NOTE: testing approval is waiting on verification that the fix works. - NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html -CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) - NOT-FOR-US: Booby -CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) - NOT-FOR-US: phpbb attachment mod -CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) - NOT-FOR-US: Photopost -CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...) - NOT-FOR-US: WebAPP -CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) - NOTE: The 1.x version in Sarge and sid is not vulnerable -CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) - NOT-FOR-US: Pico Server -CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...) - NOT-FOR-US: Acrobat Reader -CAN-2005-1624 - RESERVED -CAN-2005-1623 - RESERVED -CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) - NOT-FOR-US: MetaCart -CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) - NOT-FOR-US: Postnuke mod -CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) - NOT-FOR-US: Skull-Splitter Guestbook -CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...) - NOT-FOR-US: PHPMyChat -CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) - NOT-FOR-US: Yahoo Messenger -CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) - NOT-FOR-US: Willings WebCAM -CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...) - NOT-FOR-US: OpenBB -CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...) - NOT-FOR-US: OpenBB -CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...) - NOT-FOR-US: Web Crossing -CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) - NOT-FOR-US: Tru-Zone NukeET -CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) - NOT-FOR-US: Sun StorEdge 6130 Arrays -CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...) - NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke -CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...) - NOT-FOR-US: Remote Cart -CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) - NOT-FOR-US: H-Sphere Winbox -CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...) - NOT-FOR-US: guestbook for SiteStudio -CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) - NOT-FOR-US: phpATM -CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...) - NOT-FOR-US: NiteEnterprises Remote File Manager -CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) - NOT-FOR-US: Net56 Browser Based File Manager -CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...) - NOT-FOR-US: MRO Maximo Self Service -CAN-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) - NOT-FOR-US: LibTomCrypt -CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...) - NOT-FOR-US: Kryloff Technologies Subject Search Server -CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...) - NOT-FOR-US: Invision Power Board -CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...) - NOT-FOR-US: Invision Power Board -CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...) - NOT-FOR-US: Fusion SBX -CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...) - NOT-FOR-US: CodeThat ShoppingCart -CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...) - NOT-FOR-US: CodeThat ShoppingCart -CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...) - NOT-FOR-US: CodeThat ShoppingCart -CAN-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...) - NOT-FOR-US: BirdBlog -CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...) - NOT-FOR-US: Solaris -CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...) - NOT-FOR-US: Altiris Client Service for Windows -CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...) - NOT-FOR-US: Altiris Client Service for Windows -CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) - NOT-FOR-US: LedForums -CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: HTTP Commander -CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] - - clamav 0.85.1-1 -CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - - xfree86 4.3.0.dfsg.1-14 (bug #308783) - NOTE: Actually affected package is libxpm4. - NOTE: x11-xorg is not affected (inspected the Subversion tree). -CAN-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...) - NOTE: According to Horms from kernel team 2.6.8 not affected - - kernel-source-2.6.11 2.6.11-5 -CAN-2005-1588 (** DISPUTED ** ...) - NOT-FOR-US: Quick.cart -CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...) - NOT-FOR-US: Quick.cart -CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...) - NOT-FOR-US: Quick.Forum -CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...) - NOT-FOR-US: Quick.Forum -CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) - NOT-FOR-US: Quick.Forum -CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...) - NOT-FOR-US: 1Two News -CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...) - NOT-FOR-US: 1Two News -CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...) - NOT-FOR-US: bug_list.php -CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) - NOT-FOR-US: BoastMachine -CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) - NOT-FOR-US: Apple -CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...) - NOT-FOR-US: EnCase -CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...) - NOT-FOR-US: APG Classmaster -CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) - NOTE: appears windows specific -CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) - NOTE: appears windows specific -CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...) - NOT-FOR-US: Windows -CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...) - NOT-FOR-US: ASP Virtual News Manager -CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: ShowOff -CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...) - NOT-FOR-US: ShowOff -CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...) - NOTE: for-for-us (bttlxeForum) -CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...) - NOT-FOR-US: DirectTopics -CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...) - NOT-FOR-US: DirectTopics -CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...) - NOT-FOR-US: DirectTopics -CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) - NOT-FOR-US: Acrowave AAP-3100AR wireless router -CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) - - bugzilla 2.18-7 (bug #308789; medium) - NOTE: only affects sid -CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) - - bugzilla 2.16.7-7sarge1 -CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...) - - bugzilla 2.16.7-7sarge1 -CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...) - NOT-FOR-US: MaxWebPortal -CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) - NOT-FOR-US: MaxWebPortal -CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) - NOT-FOR-US: Nexusway -CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) - NOT-FOR-US: Nexusway -CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...) - NOT-FOR-US: Nexusway -CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...) - NOT-FOR-US: WebApp Guestbook PRO -CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...) - NOT-FOR-US: Gamespy cd-key validation system -CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) - NOT-FOR-US: JRun -CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) - NOT-FOR-US: WowBB -CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) - NOT-FOR-US: GeoVision Digital Video Surveillance System -CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...) - NOT-FOR-US: GeoVision Digital Video Surveillance System -CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...) - NOT-FOR-US: Sophos Anti-Virus -CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...) - NOT-FOR-US: easy message board -CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) - NOT-FOR-US: easy message board -CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...) - NOT-FOR-US: Advanced Guestbook -CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) - NOT-FOR-US: Bakbone Netvault -CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) - {DSA-743-1} - - ht 0.8.0-2 (bug #308587) -CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) - {DSA-743-1} - - ht 0.8.0-3 (bug #308587) -CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...) - {DSA-755-1} - NOTE: CVE info about vulnerable version number is bogus - - tiff 3.7.2-3 (bug #309739) - NOTE: tiff3g not in testing -CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) - NOT-FOR-US: Novell Zenworks -CAN-2005-1542 - RESERVED -CAN-2005-1541 - RESERVED -CAN-2005-1540 - RESERVED -CAN-2005-1539 - RESERVED -CAN-2005-1538 - RESERVED -CAN-2005-1537 - RESERVED -CAN-2005-1536 - RESERVED -CAN-2005-1535 - RESERVED -CAN-2005-1534 - RESERVED -CAN-2005-1533 - RESERVED -CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) - {DSA-781-1} - - mozilla-firefox 1.0.4 - - mozilla 2:1.7.8 - - mozilla-thunderbird 1.0.6-1 (bug #318728; high) -CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) - - mozilla-firefox 1.0.4 - - mozilla 2:1.7.8 -CAN-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, ...) - NOT-FOR-US: Sophos -CAN-2005-1529 - RESERVED -CAN-2005-1528 - RESERVED -CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...) - - awstats 6.4-1.1 (bug #322591; medium) -CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...) - {DSA-764-1} - - cacti 0.8.6e-1 (bug #315703; high) -CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) - {DSA-764-1} - - cacti 0.8.6e-1 (bug #315703; high) -CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...) - {DSA-764-1} - - cacti 0.8.6e-1 (bug #315703; high) -CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) - {DSA-732-1} - - mailutils 1:0.6.1-3 -CAN-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...) - {DSA-732-1} - - mailutils 1:0.6.1-3 -CAN-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...) - {DSA-732-1} - - mailutils 1:0.6.1-3 -CAN-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...) - {DSA-732-1} - - mailutils 1:0.6.1-3 -CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) - {DSA-751-1} - - squid 2.5.9-9 (bug #309504) -CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...) - NOT-FOR-US: Solaris -CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...) - NOT-FOR-US: Cisco -CAN-2005-XXXX [Buffer overflow in libotr] - - libotr 2.0.2-1 -CAN-2005-XXXX [vpnc: config file path security hole] - NOTE: no bug ever filed for this - - vpnc 0.3.2+SVN20050326-2 -CAN-2005-XXXX [Several buffer overflows in termpkg] - NOTE: Not in Sarge - - termpkg 3.3-2 -CAN-2005-XXXX [Integer overflow in binutils' ELF parsing] - NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's - NOTE: already fixed since 2.15-6 - - binutils 2.15-6 -CAN-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] - - kmd 0.9.19-1.1 -CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] - NOTE: Source package has been renamed from unrar to unrar-free - - unrar-free 1:0.0.1-2 -CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) - NOT-FOR-US: PwsPHP -CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...) - NOT-FOR-US: PwsPHP -CAN-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: PwsPHP -CAN-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...) - NOT-FOR-US: PwsPHP -CAN-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...) - NOT-FOR-US: PwsPHP -CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) - NOT-FOR-US: WebSTAR -CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...) - NOT-FOR-US: CJ Ultra Plus -CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...) - NOT-FOR-US: MacOS -CAN-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...) - NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit -CAN-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...) - NOT-FOR-US: MidiCart -CAN-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...) - NOT-FOR-US: MidiCart -CAN-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...) - NOT-FOR-US: MidiCart -CAN-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...) - NOT-FOR-US: myBloggie -CAN-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...) - NOT-FOR-US: myBloggie -CAN-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...) - NOT-FOR-US: myBloggie -CAN-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...) - NOT-FOR-US: myBloggie -CAN-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...) - NOT-FOR-US: Oracle -CAN-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...) - NOT-FOR-US: Oracle -CAN-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...) - NOT-FOR-US: MegaBook -CAN-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...) - NOT-FOR-US: SimpleCam -CAN-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...) - NOT-FOR-US: Gossamer Threads Links -CAN-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...) - NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CAN-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...) - NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CAN-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...) - NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CAN-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...) - NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CAN-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...) - NOT-FOR-US: FishCart -CAN-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...) - NOT-FOR-US: FishCart -CAN-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...) - NOT-FOR-US: Golden FTP Server Pro -CAN-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) - NOT-FOR-US: Golden FTP Server Pro -CAN-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...) - NOT-FOR-US: ArticleLive -CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...) - NOT-FOR-US: ArticleLive -CAN-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...) - NOT-FOR-US: ASP Inline Corporate Calendar -CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...) - NOT-FOR-US: RaidenFTPD -CAN-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...) - NOT-FOR-US: JGS-Portal -CAN-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...) - NOT-FOR-US: DMail -CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...) - NOT-FOR-US: DMail -CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...) - NOTE: not in testing - NOTE: non-free - NOTE: minor issues - - qmail-src 1.03-38 -CAN-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...) - - qmail-src 1.03-38 -CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...) - - qmail-src 1.03-38 -CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...) - NOT-FOR-US: JAWS -CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...) - NOT-FOR-US: LinPHA -CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) - - dansguardian 2.5.2-0-0.1 -CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...) - NOT-FOR-US: lostBook -CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) - NOT-FOR-US: AntiBoard -CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...) - NOT-FOR-US: AntiBoard -CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) - NOT-FOR-US: RiSearch -CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...) - NOT-FOR-US: ASPRunner -CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...) - NOTE: not-for-us -CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...) - NOTE: not-for-us -CAN-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...) - NOTE: not-for-us -CAN-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...) - NOTE: not-for-us -CAN-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) - - phpbb2 2.0.10-1 -CAN-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...) - - phpbb2 2.0.10-1 -CAN-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...) - NOTE: not-for-us -CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...) - NOTE: not-for-us -CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...) - NOT-FOR-US: no_package -CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) - NOT-FOR-US: no_package -CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) - NOT-FOR-US: no_package -CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...) - NOT-FOR-US: no_package -CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) - NOT-FOR-US: no_package -CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...) - NOT-FOR-US: no_package -CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) - NOT-FOR-US: no_package -CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...) - NOT-FOR-US: no_package -CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...) - NOT-FOR-US: no_package -CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) - NOT-FOR-US: no_package -CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...) - NOT-FOR-US: no_package -CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) - NOT-FOR-US: no_package -CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) - NOT-FOR-US: no_package -CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) - NOT-FOR-US: no_package -CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) - NOT-FOR-US: no_package -CAN-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) - NOT-FOR-US: no_package -CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: no_package -CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...) - NOT-FOR-US: no_package -CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...) - NOT-FOR-US: no_package -CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) - NOT-FOR-US: no_package -CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...) - NOT-FOR-US: no_package -CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...) - NOT-FOR-US: no_package -CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...) - NOT-FOR-US: no_package -CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...) - NOT-FOR-US: no_package -CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...) - - icecast2 2.0.1.debian-1 -CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) - - pound 1.7-1 -CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) - NOT-FOR-US: no_package -CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...) - NOT-FOR-US: no_package -CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) - NOT-FOR-US: no_package -CAN-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...) - NOT-FOR-US: various perls on Windows -CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) - NOT-FOR-US: osCommerce -CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...) - NOT-FOR-US: php-nuke -CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) - NOT-FOR-US: php-nuke -CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...) - NOT-FOR-US: php-nuke -CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) - NOT-FOR-US: Turbo Traffic Trader C (TTT-C) -CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...) - NOT-FOR-US: netchat -CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) - NOT-FOR-US: WebCT -CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) - - wget 1.9.1-12 -CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) - NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok -CAN-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) - NOT-FOR-US: NetBSD -CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) - NOT-FOR-US: MSIE -CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...) - NOT-FOR-US: phpShop -CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) - NOT-FOR-US: NukeJokes -CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) - NOT-FOR-US: NukeJokes -CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...) - NOT-FOR-US: NukeJokes -CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) - NOT-FOR-US: OfficeScan -CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...) - NOT-FOR-US: Eudora -CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) - NOT-FOR-US: SUSE Live CD -CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...) - NOT-FOR-US: DeleGate -CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...) - NOT-FOR-US: IRIX -CAN-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...) - NOT-FOR-US: IRIX -CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...) - NOT-FOR-US: Php-Nuke -CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) - NOT-FOR-US: Windows -CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...) - NOT-FOR-US: php-nuke -CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...) - NOT-FOR-US: kolab -CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) - NOT-FOR-US: Simple Machines Forum -CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) - NOT-FOR-US: FuseTalk -CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...) - NOT-FOR-US: FuseTalk -CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...) - NOT-FOR-US: omail -CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...) - NOT-FOR-US: Serv-U -CAN-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...) - NOT-FOR-US: aweb -CAN-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) - NOT-FOR-US: aweb -CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...) - NOT-FOR-US: Coppermine -CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...) - NOT-FOR-US: Coppermine -CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) - NOT-FOR-US: Coppermine -CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...) - NOT-FOR-US: Coppermine -CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) - NOT-FOR-US: Coppermine -CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) - NOT-FOR-US: Coppermine -CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...) - NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax - NOTE: but only for 2.4. -CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...) - NOT-FOR-US: YaBB -CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) - NOT-FOR-US: Crystal Reports -CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...) - NOT-FOR-US: PROPS -CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...) - NOT-FOR-US: PROPS -CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) - - moodle 1.3 -CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) - NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager -CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...) - NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR -CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...) - NOT-FOR-US: paFileDB -CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) - NOT-FOR-US: paFileDB -CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...) - NOT-FOR-US: DiGi Web Server -CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...) - NOT-FOR-US: Samsung SmartEther SS6215Sswitch -CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) - NOT-FOR-US: OpenBB -CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) - NOT-FOR-US: OpenBB -CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...) - NOT-FOR-US: OpenBB -CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) - NOT-FOR-US: OpenBB -CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...) - NOT-FOR-US: OpenBB -CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...) - NOT-FOR-US: Network Query Tool (NQT) -CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...) - NOT-FOR-US: Network Query Tool (NQT) -CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...) - NOT-FOR-US: Protector System -CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...) - NOT-FOR-US: Protector System -CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...) - NOT-FOR-US: Protector System -CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...) - NOT-FOR-US: Protector System -CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...) - NOT-FOR-US: Unreal engine -CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) - NOT-FOR-US: PostNuke -CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...) - NOT-FOR-US: PostNuke -CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) - NOT-FOR-US: phProfession -CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...) - NOT-FOR-US: phProfession -CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) - NOT-FOR-US: phProfession -CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...) - NOT-FOR-US: Advanced Guestbook -CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...) - - xine-ui 0.99.1 -CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...) - - phpbb2 2.0.9 -CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...) - NOT-FOR-US: PostNuke -CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...) - NOTE: nonsense, all command line passwords can be intercepted at least sometimes -CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...) - NOT-FOR-US: bitdefender -CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...) - - cherokee 0.4.21b01-1 -CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) - NOT-FOR-US: Kinesphere eXchange POP3 -CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) - NOT-FOR-US: Eudora -CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...) - NOT-FOR-US: phpbb as modified by przemo -CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) - NOT-FOR-US: Solaris -CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...) - NOT-FOR-US: Fastream NETFile FTP/Web Server -CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...) - - kphone 1:4.0.2 -CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...) - NOT-FOR-US: Zaep -CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...) - NOT-FOR-US: Phorum -CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...) - NOT-FOR-US: Nuked-KlaN -CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...) - NOT-FOR-US: ZoneAlarm -CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) - NOT-FOR-US: SCT Campus Pipeline -CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...) - NOT-FOR-US: Gemitel -CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) - NOT-FOR-US: Citadel -CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...) - NOT-FOR-US: PhpNuke -CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) - NOT-FOR-US: PhpNuke -CAN-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...) - NOT-FOR-US: PhpNuke -CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...) - NOT-FOR-US: tikiwiki -CAN-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) - NOT-FOR-US: tikiwiki -CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) - NOT-FOR-US: tikiwiki -CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...) - NOT-FOR-US: tikiwiki -CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...) - NOT-FOR-US: tikiwiki -CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) - NOT-FOR-US: tikiwiki -CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) - NOT-FOR-US: MSIE -CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...) - NOT-FOR-US: X-Micro WLAN 11b Broadband Router -CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) - NOT-FOR-US: X-Micro WLAN 11b Broadband Router -CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) - NOT-FOR-US: Crackalaka -CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: rsniff -CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...) - - lcdproc 0.4.5 -CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...) - - lcdproc 0.4.5 -CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...) - - lcdproc 0.4.5 -CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...) - NOT-FOR-US: phpnuke -CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...) - NOT-FOR-US: phpnuke -CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) - NOT-FOR-US: phpnuke -CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...) - NOT-FOR-US: AzDGDatingLite -CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) - NOT-FOR-US: Symantec -CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) - - clamav 0.68.1 -CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...) - NOT-FOR-US: Mcafee FreeScan -CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...) - NOT-FOR-US: Kerio Personal Firewall -CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Mcafee FreeScan -CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) - NOT-FOR-US: Panda ActiveScan -CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) - NOT-FOR-US: Panda ActiveScan -CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...) - NOT-FOR-US: blaxxun -CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...) - NOT-FOR-US: Citrix MetaFrame Password Manager -CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...) - NOT-FOR-US: gentoo portage -CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...) - NOT-FOR-US: IGI 2 Covert Strike server -CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) - - monit 1:4.2.1 -CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) - - monit 1:4.2.1-1 -CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) - - monit 1:4.2.1-1 -CAN-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...) - NOT-FOR-US: no_package -CAN-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...) - NOT-FOR-US: no_package -CAN-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...) - NOT-FOR-US: no_package -CAN-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) - NOT-FOR-US: no_package -CAN-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...) - NOT-FOR-US: no_package -CAN-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...) - NOT-FOR-US: no_package -CAN-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) - NOT-FOR-US: no_package -CAN-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) - NOT-FOR-US: no_package -CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...) - NOT-FOR-US: no_package -CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...) - NOT-FOR-US: no_package -CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) - NOT-FOR-US: no_package -CAN-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) - NOT-FOR-US: no_package -CAN-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) - NOT-FOR-US: no_package -CAN-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...) - NOT-FOR-US: no_package -CAN-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...) - NOT-FOR-US: no_package -CAN-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) - NOT-FOR-US: no_package -CAN-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...) - - openldap2 2.1.17-1 -CAN-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) - NOT-FOR-US: no_package -CAN-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...) - NOT-FOR-US: no_package -CAN-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...) - NOT-FOR-US: no_package -CAN-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) - - clamav 0.70-1 -CAN-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...) - NOT-FOR-US: no_package -CAN-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) - NOT-FOR-US: no_package -CAN-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...) - NOT-FOR-US: no_package -CAN-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) - NOT-FOR-US: no_package -CAN-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) - NOT-FOR-US: no_package -CAN-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) - NOT-FOR-US: no_package -CAN-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...) - NOT-FOR-US: no_package -CAN-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...) - NOT-FOR-US: no_package -CAN-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...) - NOT-FOR-US: no_package -CAN-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) - - nstx 1.1-beta4-1 -CAN-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...) - NOT-FOR-US: no_package -CAN-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...) - NOT-FOR-US: no_package -CAN-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...) - NOT-FOR-US: no_package -CAN-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...) - NOT-FOR-US: no_package -CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...) - NOT-FOR-US: no_package -CAN-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...) - NOT-FOR-US: no_package -CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...) - NOT-FOR-US: no_package -CAN-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) - NOT-FOR-US: no_package -CAN-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...) - NOT-FOR-US: no_package -CAN-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) - NOT-FOR-US: no_package -CAN-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...) - NOT-FOR-US: no_package -CAN-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) - NOT-FOR-US: no_package -CAN-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) - NOT-FOR-US: no_package -CAN-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...) - NOT-FOR-US: no_package -CAN-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...) - NOT-FOR-US: no_package -CAN-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: no_package -CAN-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...) - NOT-FOR-US: no_package -CAN-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) - NOT-FOR-US: no_package -CAN-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) - NOT-FOR-US: no_package -CAN-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) - NOT-FOR-US: no_package -CAN-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...) - NOT-FOR-US: no_package -CAN-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...) - NOT-FOR-US: no_package -CAN-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...) - NOT-FOR-US: no_package -CAN-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...) - NOT-FOR-US: no_package -CAN-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...) - NOT-FOR-US: no_package -CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) - NOT-FOR-US: no_package -CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) - NOT-FOR-US: no_package -CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...) - NOT-FOR-US: no_package -CAN-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...) - NOT-FOR-US: no_package -CAN-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...) - NOT-FOR-US: no_package -CAN-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...) - - apache2 2.0.53-1 -CAN-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...) - NOT-FOR-US: no_package -CAN-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...) - NOT-FOR-US: no_package -CAN-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...) - NOT-FOR-US: no_package -CAN-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...) - NOT-FOR-US: no_package -CAN-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...) - NOT-FOR-US: no_package -CAN-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...) - NOT-FOR-US: no_package -CAN-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...) - NOT-FOR-US: no_package -CAN-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...) - NOT-FOR-US: no_package -CAN-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...) - NOT-FOR-US: no_package -CAN-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...) - NOT-FOR-US: no_package -CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...) - NOT-FOR-US: no_package -CAN-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...) - NOT-FOR-US: no_package -CAN-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...) - NOT-FOR-US: no_package -CAN-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...) - NOT-FOR-US: no_package -CAN-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...) - NOT-FOR-US: no_package -CAN-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...) - NOT-FOR-US: no_package -CAN-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...) - NOT-FOR-US: no_package -CAN-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...) - NOT-FOR-US: no_package -CAN-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...) - NOT-FOR-US: no_package -CAN-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...) - NOT-FOR-US: no_package -CAN-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...) - NOT-FOR-US: no_package -CAN-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...) - NOT-FOR-US: no_package -CAN-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...) - NOT-FOR-US: no_package -CAN-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...) - - phpbb2 2.0.10-1 - NOTE: probably fixed in 2.0.6d-3 -CAN-2004-1808 (Extcompose in metamail does not verify the output file before writing ...) - NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail - NOTE: see bug #308875 -CAN-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...) - NOT-FOR-US: no_package -CAN-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...) - NOT-FOR-US: no_package -CAN-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...) - NOT-FOR-US: no_package -CAN-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...) - NOT-FOR-US: no_package -CAN-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...) - NOT-FOR-US: no_package -CAN-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...) - NOT-FOR-US: no_package -CAN-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...) - NOT-FOR-US: no_package -CAN-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...) - NOT-FOR-US: no_package -CAN-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: no_package -CAN-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) - NOT-FOR-US: no_package -CAN-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...) - NOT-FOR-US: no_package -CAN-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...) - NOT-FOR-US: no_package -CAN-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...) - NOT-FOR-US: no_package -CAN-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...) - NOT-FOR-US: no_package -CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) - NOT-FOR-US: Edimax Router -CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...) - NOT-FOR-US: Edimax Router -CAN-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...) - NOT-FOR-US: ZyWALL -CAN-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...) - NOT-FOR-US: ASP-Nuke -CAN-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...) - NOT-FOR-US: PostCalendar -CAN-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) - NOT-FOR-US: PortalApp -CAN-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...) - NOT-FOR-US: Invision Power Board -CAN-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...) - NOT-FOR-US: web server of Webcam Watchdog -CAN-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...) - NOT-FOR-US: Net2Soft Flash FTP Server -CAN-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...) - NOT-FOR-US: Athena Web Registration -CAN-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...) - NOT-FOR-US: Info Touch Surfnet kiosk -CAN-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) - NOT-FOR-US: Info Touch Surfnet kiosk -CAN-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...) - NOT-FOR-US: ThWboard -CAN-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...) - NOT-FOR-US: omail webmail -CAN-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...) - - openldap2 2.1.17-1 -CAN-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...) - NOT-FOR-US: MDaemon -CAN-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...) - NOT-FOR-US: MyProxy -CAN-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...) - - cherokee 0.4.21b01-1 -CAN-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...) - NOT-FOR-US: VieBoard -CAN-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...) - NOT-FOR-US: VieBoard -CAN-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...) - NOT-FOR-US: Booby -CAN-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...) - NOT-FOR-US: Portal DB -CAN-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...) - NOT-FOR-US: IA WebMail Server -CAN-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) - NOT-FOR-US: e107 -CAN-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) - NOT-FOR-US: PHPRecipeBook -CAN-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...) - NOT-FOR-US: Nokia IPSO -CAN-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...) - NOT-FOR-US: Unichat -CAN-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...) - NOT-FOR-US: PHPKIT -CAN-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...) - NOT-FOR-US: TelCondex SimpleWebServer -CAN-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...) - NOT-FOR-US: ThWboard -CAN-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...) - NOT-FOR-US: ThWboard -CAN-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...) - NOT-FOR-US: Oracle Collaboration Suite -CAN-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...) - NOT-FOR-US: MPM Guestbook -CAN-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Advanced Poll -CAN-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) - NOT-FOR-US: Advanced Poll -CAN-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...) - NOT-FOR-US: Advanced Poll -CAN-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...) - NOT-FOR-US: Advanced Poll -CAN-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) - NOT-FOR-US: MERCUR Mailserver -CAN-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...) - NOT-FOR-US: Web Wiz Forums -CAN-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...) - NOT-FOR-US: Sympoll -CAN-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) - NOT-FOR-US: NullSoft Shoutcast Server -CAN-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) - NOT-FOR-US: Centrinity FirstClass -CAN-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...) - NOT-FOR-US: Apache Software Foundation Cocoon -CAN-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...) - - libapache-mod-security 1.8.4-1 -CAN-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) - NOT-FOR-US: kpopup -CAN-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) - NOT-FOR-US: DATEV Nutzungskontrolle -CAN-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...) - NOT-FOR-US: kpopup -CAN-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...) - NOT-FOR-US: HTTP Commander -CAN-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...) - NOT-FOR-US: BRS WebWeaver -CAN-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...) - - mldonkey 2.5.11-1 -CAN-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...) - NOT-FOR-US: Ganglia gmond -CAN-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) - NOT-FOR-US: Tritanium Bulletin Board -CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) - NOTE: ancient and unreleased source code with backdoor -CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...) - NOT-FOR-US: FlexWATCH -CAN-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...) - NOT-FOR-US: Plug and Play Web Server -CAN-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...) - NOT-FOR-US: Plug and Play Web Server -CAN-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...) - NOT-FOR-US: Citrix -CAN-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...) - NOT-FOR-US: Sun JRE/SDK -CAN-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...) - - xcdroast 0.98+0alpha15-1 (bug #310046) - NOTE: woody seems to be vulnerable (see bug #310046) -CAN-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...) - NOT-FOR-US: MAILsweeper -CAN-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) - NOT-FOR-US: byteHoard -CAN-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) - NOT-FOR-US: WebTide -CAN-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...) - NOT-FOR-US: Fastream -CAN-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) - NOT-FOR-US: Novell portmapper -CAN-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...) - NOT-FOR-US: Symantec Norton Internet Security -CAN-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...) - NOT-FOR-US: Les Visiteurs -CAN-2003-1147 - REJECTED -CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) - NOT-FOR-US: Easy PHP Photo Album -CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...) - NOT-FOR-US: OpenAutoClassifieds -CAN-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...) - NOT-FOR-US: Perception LiteServe -CAN-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) - NOT-FOR-US: Croteam Serious Sam demo -CAN-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) - NOT-FOR-US: NIPrint LPD-LPR -CAN-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...) - NOT-FOR-US: NIPrint LPD-LPR -CAN-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...) - NOT-FOR-US: Musicqueue -CAN-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...) - NOT-FOR-US: Musicqueue -CAN-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...) - - apache2 <not-affected> (Red Hat specific default config) -CAN-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...) - NOT-FOR-US: sh-httpd -CAN-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...) - NOT-FOR-US: Chi Kien Uong Guestbook -CAN-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...) - NOT-FOR-US: Yahoo! Messenger -CAN-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) - NOT-FOR-US: Sun JVM -CAN-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...) - NOT-FOR-US: The Bat! -CAN-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...) - NOT-FOR-US: vBulletin -CAN-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...) - NOT-FOR-US: PortalApp -CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...) - NOT-FOR-US: BEA Tuxedo -CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) - - mozilla-firefox 1.0.4-1 -CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) - - mozilla-firefox 1.0.4-1 - TODO: check mozilla too -CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) - NOT-FOR-US: Opera -CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) - NOT-FOR-US: Apple -CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) - NOT-FOR-US: Apple -CAN-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) - NOT-FOR-US: Apple -CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) - NOT-FOR-US: RSA SecurID Web Agent -CAN-2005-XXXX [race condition with a buffered temp file] - NOTE: no bug ever filed for this one - - pysvn 1.1.2-3 -CAN-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] - - mailutils 1:0.6.1-2 -CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] - - maradns 1.0.27-1 -CAN-2005-2352 [Temp file races in gs-gpl addons scripts] - RESERVED - - gs-gpl <unfixed> (bug #291373; low) -CAN-2005-XXXX [Possible SQL injection in freeradius] - - freeradius 1.0.2-4 -CAN-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...) - - mozilla-thunderbird 1.0.6-1 (bug #306893; low) -CAN-2005-XXXX [Directory traversal in unzoo] - - unzoo 4.4-4 -CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] - - syslog-ng 1.6.5-2.1 -CAN-2005-XXXX [trackballs: Follows symlinks as gid games] - - trackballs <unfixed> (bug #302454; medium) - NOTE: CVE request sent to mitre - TODO: check possibility of exploitation via scripting language, - TODO: as mentioned in the bug report as a separate issue -CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it] - - pwgen 2.04-1 -CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber] - - gabber <unfixed> (bug #177776; low) -CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...) - - ethereal 0.10.10-2sarge2 -CAN-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...) - - freeradius 1.0.2-4 -CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...) - - freeradius 1.0.2-4 -CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...) - - leafnode 1.11.2.rel-1 -CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...) - - openssh 1:3.8p1 -CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...) - NOT-FOR-US: Leafnode2 development branch -CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...) - NOT-FOR-US: Leafnode2 development branch -CAN-2005-XXXX [Missing input validation in xtradius] - NOTE: not shipped in deb - - xtradius 1.2.1-beta2-2 (bug #307796; low) -CAN-2005-XXXX [fai tempfile vulnerability] - - fai 2.8.2 -CAN-2005-2354 [nvu uses old copy of mozilla xpcom] - RESERVED - NOTE: have not checked to see which security holes are in it exactly - NOTE: Has been removed from Sarge - - nvu <unfixed> (bug #306822; medium) -CAN-2005-XXXX [eskuel: arbitrary file retreiving] - - eskuel 1.0.5-3.1 (bug #307270; low) -CAN-2005-2356 [eskuel: No authentication at all] - RESERVED - - eskuel <unfixed> (bug #163653; low) -CAN-2005-XXXX [Buffer overflow in elog's header buffer] - - elog 2.5.7+r1558-3 -CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] - - ipsec-tools 1:0.5.2-1 -CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...) - NOT-FOR-US: Serendipity -CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) - NOT-FOR-US: Serendipity -CAN-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) - NOT-FOR-US: Serendipity -CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...) - NOT-FOR-US: Serendipity -CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) - NOT-FOR-US: Serendipity -CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...) - NOT-FOR-US: SitePanel -CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) - NOT-FOR-US: SitePanel -CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...) - NOT-FOR-US: SitePanel -CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) - NOT-FOR-US: SitePanel -CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) - NOT-FOR-US: Invision Power Board -CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) - NOT-FOR-US: Lotus Domino -CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...) - NOT-FOR-US: Lotus Domino -CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...) - NOT-FOR-US: ViArt Shop -CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) - NOT-FOR-US: osTicket -CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...) - NOT-FOR-US: osTicket -CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) - NOT-FOR-US: osTicket -CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) - NOT-FOR-US: osTicket -CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...) - NOTE: Was once part of Debian, but has been removed -CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) - NOT-FOR-US: HP OpenView -CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...) - NOT-FOR-US: HP OpenView -CAN-2005-1432 - RESERVED -CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) - - gnutls11 1.0.16-13.1 (bug #309111; bug #307641) -CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) - NOT-FOR-US: Mac OS X -CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) - NOT-FOR-US: WWWguestbook -CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) - NOT-FOR-US: Uapplication Uphotogallery -CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) - NOT-FOR-US: Uapplication Uphotogallery -CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...) - NOT-FOR-US: Uapplication Ublog -CAN-2005-1425 (Uapplication Uguestbook stores the database under the web document ...) - NOT-FOR-US: Uapplication Uguestbook -CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) - NOT-FOR-US: GoText -CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) - NOT-FOR-US: 602 LAN SUITE -CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) - NOT-FOR-US: Raysoft Video Cam Server -CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) - NOT-FOR-US: Raysoft Video Cam Server -CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) - NOT-FOR-US: Raysoft Video Cam Server -CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...) - NOT-FOR-US: Ocean12 Mailing list manager -CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) - NOT-FOR-US: Netleaf -CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) - NOT-FOR-US: MaxWebPortal -CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...) - NOT-FOR-US: 04WebServer -CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...) - NOT-FOR-US: GlobalSCAPE Secure FTP Server -CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...) - NOT-FOR-US: FilePocket -CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...) - NOT-FOR-US: enVivo -CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...) - NOT-FOR-US: ECommPro -CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...) - NOT-FOR-US: ICUII -CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...) - - postgresql 7.4.7-6 -CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) - - postgresql 7.4.7-6 -CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) - NOT-FOR-US: Apple -CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) - NOT-FOR-US: Skype -CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) - - kfreebsd5-source 5.3-10 -CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) - NOT-FOR-US: Lotus Domino -CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) - NOT-FOR-US: MyPHP Forum -CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...) - NOT-FOR-US: JW Amazon Web Store -CAN-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) - NOT-FOR-US: NeL libarary -CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) - NOT-FOR-US: Mtp-Target -CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...) - - kfreebsd5-source 5.3-10 -CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...) - - kfreebsd5-source 5.3-10 -CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) - NOT-FOR-US: Skype -CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) - NOT-FOR-US: Skype -CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) - NOT-FOR-US: PHPCart -CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) - NOT-FOR-US: PHPCalender -CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) - NOT-FOR-US: ARPUS Ceterm -CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) - NOT-FOR-US: ARPUS Ceterm -CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) - NOT-FOR-US: ArcGIS -CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) - NOT-FOR-US: ArcGIS -CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) - NOTE: In Debian this is only part of the examples in share/doc, any admin will - NOTE: have to modify it for his purposes anyway, so there's no security problem -CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) - - pound 1.8.2-1.1 (bug #307852; bug #311548; medium) -CAN-2005-1390 - REJECTED -CAN-2005-1389 - REJECTED -CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) - NOT-FOR-US: SURVIVOR -CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) - NOT-FOR-US: Mac OS X -CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Safari -CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) - NOT-FOR-US: phpCoin -CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) - NOT-FOR-US: Oracle -CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) - NOT-FOR-US: Oracle -CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) - NOT-FOR-US: Oracle -CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) - NOT-FOR-US: BEA Weblogic -CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) - NOT-FOR-US: Mandrake specific packaging flaw -CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) - NOT-FOR-US: phpbb mod -CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...) - NOT-FOR-US: Claroline -CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) - NOT-FOR-US: Claroline -CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...) - NOT-FOR-US: Claroline -CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...) - NOT-FOR-US: Claroline -CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) - NOT-FOR-US: Koobi CMS -CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) - NOT-FOR-US: NetVault -CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) - NOT-FOR-US: NetVault -CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) - NOT-FOR-US: HP OpenView -CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) - NOTE: does not affect 2.4.27 per horms - - kernel-source-2.6.8 2.6.8-16 - - kernel-source-2.6.11 2.6.11-4 -CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) - NOTE: does not affect 2.6.8, 2.4.27 per horms - - kernel-source-2.6.11 2.6.11-4 -CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) - NOT-FOR-US: pServ -CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) - NOT-FOR-US: pServ -CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) - NOT-FOR-US: pServ -CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd] - NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8) -CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw] - NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u - - shadow 1:4.0.3-33 -CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...) - NOT-FOR-US: MetaBid Auctions -CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...) - NOT-FOR-US: MetaCart -CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...) - NOT-FOR-US: MetaCart -CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...) - NOT-FOR-US: MetaCart -CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...) - NOT-FOR-US: GrayCMS -CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...) - NOT-FOR-US: text.cgi -CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...) - NOT-FOR-US: text.cgi -CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) - NOT-FOR-US: text.cgi -CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...) - NOT-FOR-US: includer.cgi -CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) - NOT-FOR-US: includer.cgi -CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...) - NOT-FOR-US: forum.pl -CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...) - NOT-FOR-US: forum.pl -CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...) - NOT-FOR-US: ad.cgi -CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...) - NOT-FOR-US: ad.cgi -CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...) - NOT-FOR-US: ad.cgi -CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...) - {DSA-727-1} - - libconvert-uulib-perl 1.0.5.1 -CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) - NOT-FOR-US: MailEnable -CAN-2005-1347 (** UNVERIFIABLE ** ...) - NOT-FOR-US: acrobat -CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) - NOT-FOR-US: Symantec -CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...) - {DSA-721-1} - - squid 2.5.9-7 -CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...) - - apache2 2.0.54-3 (bug #322604) -CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...) - NOT-FOR-US: vpnd for Mac OS X -CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...) - NOT-FOR-US: Apple Terminal -CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...) - NOT-FOR-US: Apple Terminal -CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...) - NOT-FOR-US: Mac OS X -CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...) - NOTE: verified that our lukemftpd uses pw->pw_name when - NOTE: checking /etc/ftpchroot. -CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...) - NOT-FOR-US: Mac OS X -CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...) - NOT-FOR-US: Mac OS X -CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...) - NOT-FOR-US: Mac OS X -CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...) - NOT-FOR-US: Mac OS X -CAN-2005-1334 - REJECTED -CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...) - NOT-FOR-US: Mac OS X -CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...) - NOT-FOR-US: Mac OS X -CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...) - NOT-FOR-US: Mac OS X -CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...) - NOT-FOR-US: Mac OS X -CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...) - NOT-FOR-US: OneWorldStore -CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...) - NOT-FOR-US: OneWorldStore -CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...) - NOT-FOR-US: Woltlab Burning Board -CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...) - NOT-FOR-US: VooDoo cIRCle BOTNET -CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...) - NOT-FOR-US: phpMyVisites -CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) - NOT-FOR-US: phpMyVisites -CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) - NOT-FOR-US: NetTerm -CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) - - nag 1.1-3.1 (bug #307173) -CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) - - sork-vacation 2.2.2-1 -CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...) - - mnemo 1.1-2.1 (bug #307180) - TODO: check whether nmeno2 is affected as well -CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...) - NOTE: imp4 is not affected - - imp3 3.2.8-1 (bug #328218; low) -CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...) - - sork-forwards 2.2.2-1 -CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...) - NOT-FOR-US: Hord Chora module -CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...) - - sork-accounts 2.1.2-1 -CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...) - NOTE: Maintainer is checking whether turba2 needs fixing as well - - turba 1.2.5-1 -CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...) - - kronolith 1.1.4-1 -CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) - - sork-passwd 2.2.2-1 -CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...) - NOT-FOR-US: Yappa-NG -CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) - NOT-FOR-US: Yappa-NG -CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) - NOT-FOR-US: bBlog -CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) - NOT-FOR-US: bBlog -CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) - NOTE: upstream says attack won't work, see bug 307575 -CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) - NOT-FOR-US: Adobe Version Cue -CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...) - NOT-FOR-US: Adobe Reader 7 -CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) - NOT-FOR-US: hyper.cgi -CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) - NOT-FOR-US: citat.pl -CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...) - NOT-FOR-US: citat.pl -CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) - NOT-FOR-US: Confixx -CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) - NOT-FOR-US: nProtect:Netizen -CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...) - NOT-FOR-US: inserter.cgi -CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...) - NOT-FOR-US: inserter.cgi -CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...) - NOT-FOR-US: inserter.cgi -CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...) - NOT-FOR-US: include.cgi -CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...) - NOT-FOR-US: include.cgi -CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) - NOT-FOR-US: include.cgi -CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...) - - affix-kernel 2.1.1-1.1 -CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...) - NOT-FOR-US: StorePortal -CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...) - NOT-FOR-US: CartWIZ ASP Cart -CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) - NOT-FOR-US: CartWIZ ASP Cart -CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) - - phpbb2 2.0.13-6sarge1 (low) -CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) - NOT-FOR-US: E-Cart -CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) - NOT-FOR-US: ACS Blog -CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...) - NOT-FOR-US: BK Forum -CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...) - NOT-FOR-US: Bitdefender -CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...) - NOT-FOR-US: Woltlab Burning Board -CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...) - NOT-FOR-US: Argosoft Mail Server Pro -CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...) - NOT-FOR-US: Argosoft Mail Server Pro -CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...) - NOT-FOR-US: Argosoft Mail Server Pro -CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) - - ethereal 0.10.10-2 -CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...) - - ethereal 0.10.10-2 - - tcpdump 3.8.3-4 -CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) - {DSA-850-1} - - tcpdump 3.8.3-4 -CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) - - tcpdump 3.8.3-4 -CAN-2005-1277 - REJECTED -CAN-2005-1276 - RESERVED -CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) - - imagemagick 6:6.0.6.2-2.3 (bug #306424) -CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) - - maxdb-7.5.00 7.5.00.24-3 -CAN-2005-1273 - RESERVED -CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...) - NOT-FOR-US: Backup Agent for Microsoft SQL -CAN-2005-1271 - REJECTED -CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...) - - rkhunter 1.2.7-14 (medium) -CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...) - - apache 1.3.31-1 -CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - - libconvert-uulib-perl 1.0.5.1-1 -CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) - {DSA-734-1} - - gaim 1:1.3.1-1 (bug #315356; low) -CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...) - {DSA-805-1} - NOTE: This is from latest Trustix advisory, exploitation would require to trick - NOTE: someone into using a maliciously crafted certificate revocation list - - apache2 2.0.54-5 (bug #320048; bug #320063; low) -CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) - {DSA-854-1} - - tcpdump 3.9.0.cvs.20050614-1 (medium) -CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...) - {DSA-736-2 DSA-736-1} - - spamassassin 3.0.4-1 (bug #314447; medium) -CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) - - kernel-source-2.6.8 2.6.8-17 - - linux-2.6 2.6.12-1 -CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) - - kernel-source-2.6.8 2.6.8-16 - - kernel-source-2.6.11 2.6.11-5 -CAN-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...) - - kernel-source-2.6.11 2.6.11-4 - - kernel-source-2.6.8 2.6.8-16 - - kernel-source-2.4.27 2.4.27-10 - NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H -CAN-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...) - NOTE: see http://gaim.sourceforge.net/security/ - - gaim 1:1.2.1-1.1 -CAN-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...) - NOTE: see http://gaim.sourceforge.net/security/ - - gaim 1:1.2.1-1.1 -CAN-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...) - {DSA-741-1} - - bzip2 1.0.2-7 -CAN-2005-1259 - RESERVED -CAN-2005-1258 - RESERVED -CAN-2005-1257 - RESERVED -CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) - NOT-FOR-US: IMail -CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) - NOT-FOR-US: IMail -CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) - NOT-FOR-US: IMail -CAN-2005-1253 - RESERVED -CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) - NOT-FOR-US: IMail -CAN-2005-1251 - RESERVED -CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...) - NOT-FOR-US: IpSwitch -CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) - NOT-FOR-US: IMail -CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) - NOT-FOR-US: Apple iTunes -CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) - NOT-FOR-US: Novell Nsure Audit -CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...) - NOT-FOR-US: snmppd -CAN-2005-XXXX [Multiple security problems in Quake 2] - NOTE: this release added lots of warnings about the security problems - - quake2 1:0.3-1.1 - - quake2 <unfixed> (bug #280573; low) - NOTE: CVE id requested from mitre -CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2005-1244 (** DISPUTED ** ...) - NOT-FOR-US: AS/400 FTP server addon -CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...) - NOT-FOR-US: AS/400 FTP server addon -CAN-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) - NOT-FOR-US: AS/400 FTP server addon -CAN-2005-1241 (Directory traversal vulnerability in the third party tool from ...) - NOT-FOR-US: AS/400 FTP server addon -CAN-2005-1240 (Directory traversal vulnerability in the third party tool from ...) - NOT-FOR-US: AS/400 FTP server addon -CAN-2005-1239 (Directory traversal vulnerability in the third party tool from ...) - NOT-FOR-US: AS/400 FTP server addon -CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) - NOT-FOR-US: AS/400 FTP server -CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...) - NOT-FOR-US: FlexPHPNews -CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...) - NOT-FOR-US: DUPortal -CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...) - NOT-FOR-US: phpbb-Auction -CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) - NOT-FOR-US: phpbb-Auction -CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...) - NOT-FOR-US: PHP Labs proFile -CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) - NOT-FOR-US: Sun ONE Proxy Server -CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...) - NOT-FOR-US: JAWS -CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) - NOT-FOR-US: Yawcan -CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) - {DSA-846-1} - - cpio 2.6-6 (bug #306693; medium) -CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) - {DSA-752-1} - - gzip 1.3.5-10 -CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) - NOT-FOR-US: PHPProjekt -CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...) - NOT-FOR-US: Coppermine Photo Gallery -CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) - NOT-FOR-US: Coppermine Photo Gallery -CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...) - NOT-FOR-US: DUPortal -CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) - NOT-FOR-US: Ocean12 Calender manager -CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...) - NOT-FOR-US: Annuaire Netref -CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) - NOT-FOR-US: ECommPro -CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...) - NOT-FOR-US: Shoutbox -CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...) - NOT-FOR-US: Microsoft Color Management Module -CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...) - NOT-FOR-US: Microsoft Color Management Module -CAN-2005-1217 - RESERVED -CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...) - NOT-FOR-US: Microsoft -CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...) - NOT-FOR-US: Microsoft -CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...) - NOT-FOR-US: Microsoft -CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...) - NOT-FOR-US: Microsoft -CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...) - NOT-FOR-US: Microsoft -CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2005-1210 - RESERVED -CAN-2005-1209 - RESERVED -CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...) - NOT-FOR-US: Microsoft -CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) - NOT-FOR-US: Microsoft -CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...) - NOT-FOR-US: Microsoft -CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...) - NOT-FOR-US: Microsoft -CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) - NOTE: This is not a real world problem; it's only applicable in rare circurstances - NOTE: like someone analysing stolen user database information and even then the gain - NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. -CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] - - libpam-ssh 1.91.0-9 -CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...) - NOT-FOR-US: Desktop Rover -CAN-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...) - - egroupware 1.0.0.007-2.dfsg-1 -CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...) - - egroupware 1.0.0.007-2.dfsg-1 -CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) - NOT-FOR-US: AZbb -CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...) - NOT-FOR-US: AZbb -CAN-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...) - NOT-FOR-US: UBB.threads -CAN-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...) - NOT-FOR-US: Anaconda Foundation Directory -CAN-2005-1197 (SQL injection vulnerability in the ...) - NOT-FOR-US: Oracle -CAN-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...) - NOT-FOR-US: PHPBB Knowledgebase Mod -CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...) - NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian - - xine-lib 1.0.1-1 -CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) - - nasm 0.98.38-1.2 (bug #309049) -CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) - - phpbb2 2.0.13-6sarge1 (medium) -CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) - NOT-FOR-US: HP-UX -CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...) - NOT-FOR-US: Cisco -CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...) - NOT-FOR-US: Cisco -CAN-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) - NOT-FOR-US: Cisco -CAN-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" ...) - NOT-FOR-US: Commercial SSH -CAN-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...) - NOT-FOR-US: Commercial SSH -CAN-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...) - NOT-FOR-US: Commercial SSH -CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...) - NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol -CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...) - - phpbb2 2.0.6c-1 -CAN-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...) - - phpbb2 2.0.6c-1 -CAN-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...) - NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol -CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...) - NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol -CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...) - NOT-FOR-US: phpSecurePages -CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...) - NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn't seem - NOTE: to seed at all; my tests indicate it generates no dups in - NOTE: some 100000 passwords. -CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...) - NOT-FOR-US: VanDyke SecureCRT -CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...) - NOT-FOR-US: SurfControl SuperScout -CAN-2001-1464 (Crystal Reports, when displaying data for a password protected ...) - NOT-FOR-US: Crystal Reports -CAN-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...) - NOT-FOR-US: RhinoSoft Serv-U -CAN-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...) - NOT-FOR-US: RSA Security SecurID -CAN-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...) - NOT-FOR-US: RSA Security SecurID -CAN-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...) - NOT-FOR-US: PostNuke -CAN-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...) - - openssh 1:3.0.1p1-1 -CAN-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...) - NOT-FOR-US: Novell Groupwise -CAN-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...) - NOT-FOR-US: CrazyWWWBoard -CAN-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...) - NOT-FOR-US: Gauntlet Firewall -CAN-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...) - NOT-FOR-US: Netegrity SiteMinder -CAN-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...) - - mysql-dfsg 3.23.33-1 -CAN-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...) - - mysql-dfsg 3.23.33-1 -CAN-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...) - NOT-FOR-US: Windows -CAN-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...) - NOT-FOR-US: Windows -CAN-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...) - NOT-FOR-US: Windows -CAN-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...) - NOT-FOR-US: Mandrake specific packaging flaw -CAN-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...) - NOT-FOR-US: Magic eDeveloper -CAN-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...) - NOT-FOR-US: Windows -CAN-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...) - NOT-FOR-US: MacOS X -CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...) - NOT-FOR-US: Lotus Domino -CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...) - NOTE: Generic protocol flaw -CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...) - NOTE: Generic protocol flaw -CAN-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...) - - inn2 2.3.3+20020922-1 - - innfeed 0.10.1.7-7 -CAN-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...) - NOT-FOR-US: VisualAge for Java -CAN-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...) - NOT-FOR-US: AIX -CAN-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...) - NOT-FOR-US: HP-UX -CAN-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...) - NOT-FOR-US: Handspring Visor -CAN-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...) - NOT-FOR-US: easyScripts easyNews -CAN-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...) - NOT-FOR-US: Dallas Semiconductor iButton DS1991 -CAN-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...) - NOT-FOR-US: Tru64 UNIX -CAN-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...) - NOT-FOR-US: IOS -CAN-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...) - NOT-FOR-US: Quikstore Shopping Cart -CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...) - NOT-FOR-US: AIX -CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) - - lpr 1:0.48-1 -CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) - - lpr 1:0.48-1 -CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...) - - gcc-3.3 1:3.3.4-1 -CAN-2000-1218 (The default configuration for the domain name resolver for Microsoft ...) - NOT-FOR-US: Windows -CAN-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...) - NOT-FOR-US: Windows -CAN-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...) - NOT-FOR-US: AIX -CAN-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...) - NOT-FOR-US: Lotus Domino -CAN-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...) - NOT-FOR-US: AIX -CAN-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...) - NOT-FOR-US: Cisco PIX -CAN-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...) - NOT-FOR-US: Windows -CAN-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...) - NOT-FOR-US: Sun's sendmail -CAN-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...) - NOT-FOR-US: Windows -CAN-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...) - NOT-FOR-US: Windows -CAN-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...) - NOT-FOR-US: Windows -CAN-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...) - NOT-FOR-US: Acrobat Reader -CAN-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...) - NOT-FOR-US: Kodak/Wang tools for IE -CAN-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...) - NOT-FOR-US: AIX -CAN-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) ...) - NOT-FOR-US: HP-UX -CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...) - NOT-FOR-US: Windows -CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: WebcamXP -CAN-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...) - NOT-FOR-US: WebcamXP -CAN-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...) - NOT-FOR-US: ComersusCart -CAN-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...) - NOT-FOR-US: WinHex -CAN-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...) - NOT-FOR-US: Musicmatch -CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...) - NOT-FOR-US: Musicmatch -CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...) - NOTE: This looks rather obscure -jmm - TODO: check -CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...) - NOT-FOR-US: mvnForum -CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...) - NOT-FOR-US: iSeries OS -CAN-2005-1181 (** DISPUTED ** ...) - NOT-FOR-US: Ariadne CMS -CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...) - NOT-FOR-US: Xerox -CAN-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...) - NOT-FOR-US: Oracle -CAN-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...) - NOTE: According to maintainer posting in debian-release this does only affect 1.190 - NOTE: and not the version in Sarge -CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) - NOT-FOR-US: AIX -CAN-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...) - {DSA-757-1} - TODO: check krb4 - - krb5 1.3.6-4 (bug #318437; medium) -CAN-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...) - {DSA-757-1} - TODO: check krb4 - - krb5 1.3.6-4 (bug #318437; medium) -CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...) - NOT-FOR-US: Oracle -CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...) - NOT-FOR-US: PMSoftware Simple Web Server -CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...) - NOT-FOR-US: Coppermine Photo Gallery -CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...) - NOT-FOR-US: moddb phpbb2 add-on -CAN-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...) - NOT-FOR-US: moddb phpbb2 add-on -CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...) - NOT-FOR-US: Mafia Blog -CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...) - NOT-FOR-US: Musicmatch -CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...) - NOT-FOR-US: Musicmatch -CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...) - NOT-FOR-US: Dameware -CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: Yager game -CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: Yager game -CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...) - NOT-FOR-US: Yager game -CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...) - NOT-FOR-US: OneWorldStore -CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...) - NOT-FOR-US: OneWorldStore -CAN-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...) - {DSA-781-1} - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 - - mozilla-thunderbird 1.0.6-1 (bug #318728; high) -CAN-2005-1159 (The native implementations of InstallTrigger and other functions in ...) - {DSA-781-1} - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 - - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CAN-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow ...) - - mozilla-firefox 1.0.3-1 -CAN-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 -CAN-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 -CAN-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...) - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 -CAN-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...) - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 -CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...) - - mozilla-firefox 1.0.3-1 - - mozilla 2:1.7.7-1 -CAN-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...) - {DSA-728-1} - - qpopper 4.0.5-4sarge1 -CAN-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...) - {DSA-728-1} - - qpopper 4.0.5-4sarge1 -CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) - NOT-FOR-US: Sun Java -CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...) - NOT-FOR-US: ACNews -CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...) - NOT-FOR-US: CalenderScript -CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...) - NOT-FOR-US: CalenderScript -CAN-2005-1146 (** DISPUTED ** ...) - NOT-FOR-US: CalenderScript -CAN-2005-1145 (** DISPUTED ** ...) - NOT-FOR-US: CalenderScript -CAN-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...) - NOT-FOR-US: EasyPHPCalender -CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...) - NOT-FOR-US: EasyPHPCalender -CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...) - - gocr 0.39-5 -CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) - - gocr 0.39-5 -CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...) - NOT-FOR-US: MyBloggie -CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...) - NOT-FOR-US: Opera -CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...) - NOT-FOR-US: Kerio -CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...) - NOT-FOR-US: sphpBlog -CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...) - NOT-FOR-US: sphpBlog -CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) - NOT-FOR-US: sphpBlog -CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) - NOT-FOR-US: Serendipity -CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) - NOT-FOR-US: AS/400 system software -CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...) - NOT-FOR-US: LG mobile phone -CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) - NOT-FOR-US: Veritas Focalpoint Server -CAN-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) - NOT-FOR-US: PinnacleCart -CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...) - - egroupware 1.0.0.007-2.dfsg-1 -CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...) - NOT-FOR-US: VHCS -CAN-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...) - NOT-FOR-US: Free BSD -CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...) - NOT-FOR-US: Free BSD -CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...) - NOTE: Has been removed from Sarge - - libsafe <unfixed> (bug #305070; medium) -CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) - NOT-FOR-US: Solaris -CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) - NOT-FOR-US: monkeyd -CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...) - NOT-FOR-US: monkeyd -CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...) - {DSA-726-1} - NOTE: Not part of Sarge due to FTBFS on ia64 and alpha - - oops <unfixed> (bug #307360; high) -CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) - - ilohamail <unfixed> (bug #304525; medium) -CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) - - sudo <unfixed> (bug #283161; low) -CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) - NOT-FOR-US: RSA authentication agent -CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...) - NOT-FOR-US: All4WWW Homepage creator -CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) - NOT-FOR-US: phpbb2 calendar addon -CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) - NOT-FOR-US: Photo Album -CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...) - NOT-FOR-US: Photo Album -CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) - NOT-FOR-US: PhpBB Plus -CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) - NOT-FOR-US: IBM Websphere -CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) - {DSA-846-1} - - cpio 2.6-6 (bug #305372; low) -CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) - NOT-FOR-US: Sumus web server -CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) - {DSA-713-1} - NOTE: only part of Woody, has been removed from Sarge and sid - NOT-FOR-US: Junkbuster - NOTE: checked privoxy, is not vulnerable -CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...) - {DSA-713-1} - NOTE: only part of Woody, has been removed from Sarge and sid - NOT-FOR-US: Junkbuster - NOTE: checked privoxy, is not vulnerable -CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...) - NOT-FOR-US: McAfee -CAN-2005-XXXX [Remote DoS vulnerabilities in postgrey] - - postgrey 1.21-1 -CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) - NOT-FOR-US: Windows -CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) - NOTE: api vulnerablity - - libgnumail-java <unfixed> (bug #304712; low) -CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) - NOT-FOR-US: Centra -CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) - NOT-FOR-US: Sygate Secure Enterprise -CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - NOTE: Upstream developers don't consider this an issue, see bug #304468 -CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) - NOT-FOR-US: Lotus Domino Server -CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) - - postfix-gld 1.5-1 -CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) - - postfix-gld 1.5-1 -CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) - NOT-FOR-US: GetDataBack for NTFS (Windows) -CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) - NOT-FOR-US: Rebrand P2P Share Spy -CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...) - NOT-FOR-US: Ocean12 Membership Manager Pro -CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...) - NOT-FOR-US: Ocean12 Membership Manager Pro -CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...) - NOT-FOR-US: FTP Now -CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...) - NOT-FOR-US: Miranda IM -CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...) - NOT-FOR-US: DeluxeFTP -CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...) - NOT-FOR-US: Maxthon -CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...) - NOT-FOR-US: Maxthon -CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...) - NOT-FOR-US: DC++ -CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...) - NOT-FOR-US: DameWare NT Utilities and Mini Remote Control -CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...) - NOT-FOR-US: AN HTTPD -CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...) - NOT-FOR-US: AN HTTPD -CAN-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...) - NOT-FOR-US: aeDating -CAN-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...) - NOT-FOR-US: aeDating -CAN-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...) - NOT-FOR-US: aeDating -CAN-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...) - NOT-FOR-US: AtDGDatingPlatinum -CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...) - NOT-FOR-US: AtDGDatingPlatinum -CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...) - NOT-FOR-US: JAR in J2SE SDK - TODO: check jar extractors in Debian just to be safe -CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...) - NOT-FOR-US: zOOm Media Gallery -CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...) - NOT-FOR-US: XAMPP Apache distribution specific issue -CAN-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...) - NOT-FOR-US: XAMPP Apache distribution specific issue -CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...) - NOT-FOR-US: WebCT -CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...) - NOT-FOR-US: RadScripts RadBids Gold -CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...) - NOT-FOR-US: RadScripts RadBids Gold -CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...) - NOT-FOR-US: RadScripts RadBids Gold -CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...) - NOT-FOR-US: PunBB -CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...) - NOT-FOR-US: JPortal -CAN-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...) - NOT-FOR-US: Invision Power Board -CAN-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...) - NOT-FOR-US: sCssBoard -CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...) - NOT-FOR-US: sCssBoard -CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...) - NOT-FOR-US: Access_user class -CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...) - NOTE: the affected binary is not included in pine binary packages - NOTE: and the maintainer refuses to maintain code that is not - NOTE: see bug #304547 -CAN-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...) - NOTE: we do not seem to be vulnerable; /var/cache/fonts is not - NOTE: writiable by normal users in Debian, only by root. -CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...) - - rsnapshot 1.2.1-1 -CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) - NOT-FOR-US: Kerio -CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) - NOT-FOR-US: Kerio -CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...) - - logwatch 5.0-1 -CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...) - NOT-FOR-US: Novell Netware -CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...) - NOT-FOR-US: Linksys WET11 -CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...) - NOT-FOR-US: Cisco -CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...) - NOT-FOR-US: Cisco -CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...) - NOT-FOR-US: HP OpenView Network Node Manager -CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...) - NOT-FOR-US: TowerBlog -CAN-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...) - NOT-FOR-US: ModernBill -CAN-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) - NOT-FOR-US: ModernBill -CAN-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...) - NOT-FOR-US: Microsoft -CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...) - NOT-FOR-US: PunBB -CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...) - NOT-FOR-US: PostNuke -CAN-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...) - NOT-FOR-US: PostNuke -CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...) - NOT-FOR-US: PostNuke -CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...) - NOT-FOR-US: PunBB -CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...) - {DSA-714-1} - - kdelibs 4:3.3.2-6 -CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...) - NOT-FOR-US: OpenText -CAN-2005-1044 - REJECTED -CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...) - - php4 4:4.3.10-10 (bug #306003) -CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...) - - php4 4:4.3.10-10 (bug #306003) -CAN-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...) - - kernel-source-2.6.11 2.6.11-1 - - kernel-source-2.6.8 2.6.8-16 - NOTE: does not affect 2.4.27 per horms -CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) - NOTE: Debian is not affected; see bug # 310833 -CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) - - coreutils <unfixed> (bug #304556; low) -CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) - NOTE: long fixed in Debian's cron -CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) - NOT-FOR-US: AIX -CAN-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...) - NOT-FOR-US: FreeBSD -CAN-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...) - - pavuk 0.9.32-1 -CAN-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: SurgeFTP -CAN-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: CubeCart -CAN-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...) - NOT-FOR-US: LiteCommerce -CAN-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...) - NOT-FOR-US: exoops -CAN-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...) - NOT-FOR-US: Active Auction House -CAN-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...) - NOT-FOR-US: Active Auction House -CAN-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...) - NOT-FOR-US: SnailSource phpBB mod -CAN-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...) - NOT-FOR-US: IBM -CAN-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...) - NOT-FOR-US: ColdFusion -CAN-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...) - NOT-FOR-US: IOS -CAN-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...) - NOT-FOR-US: IOS -CAN-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...) - NOT-FOR-US: Aeon -CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...) - NOT-FOR-US: CA ArcServe Backup -CAN-2005-XXXX [Some security issues in mod_security] - NOTE: I don't understand mod_security fully, so I'm not entirely sure which of - NOTE: the changelog entries matches the security criteria, but the changelog - NOTE: claims so. - - libapache-mod-security 1.8.7-1 -CAN-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] - NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix - - imms 2.0.3-1 -CAN-2005-XXXX [Multiple non-descript problems in PHP4] - NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the - NOTE: details before July 12th. The security fixes are accompanied by dozens of - NOTE: non-security bugfixes, so it's not obvious from the diff either. -CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] - - smarty 2.6.9-1 -CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] - - obexftp 0.10.7-3 -CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in ...) - NOT-FOR-US: MaxWebPortal -CAN-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...) - NOT-FOR-US: MaxWebPortal -CAN-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...) - NOT-FOR-US: MailEnable -CAN-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...) - NOT-FOR-US: MailEnable -CAN-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...) - NOT-FOR-US: MailEnable -CAN-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...) - NOT-FOR-US: SiteEnable -CAN-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...) - NOT-FOR-US: SiteEnable -CAN-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...) - NOT-FOR-US: ComersusCart -CAN-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...) - NOT-FOR-US: NetVault -CAN-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...) - NOT-FOR-US: XM Forum -CAN-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...) - NOT-FOR-US: CommuniGate Pro -CAN-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...) - NOT-FOR-US: SonicWALL -CAN-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...) - NOT-FOR-US: PayProCart -CAN-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...) - NOT-FOR-US: PayProCart -CAN-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...) - NOT-FOR-US: PayProCart -CAN-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...) - NOT-FOR-US: LOG-FT File Transfer -CAN-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...) - NOT-FOR-US: ProductCart -CAN-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...) - NOT-FOR-US: ProductCart -CAN-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...) - NOT-FOR-US: SCO -CAN-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) - - phpmyadmin 3:2.6.2-rc1-1 -CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...) - NOT-FOR-US: AIX -CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...) - - sharutils 1:4.2.1-13 -CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...) - {DSA-781-1} - - mozilla 2:1.7.7-1 (bug #306001) - - mozilla-firefox 1.0.2-3 - - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...) - {DSA-752-1} - - gzip 1.3.5-10 - NOTE: Essentially the same as CAN-2005-0953 -CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) - NOT-FOR-US: IRC Services NickServ -CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...) - NOT-FOR-US: Lotus Domino -CAN-2005-0985 - RESERVED -CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...) - NOT-FOR-US: Star Wars game -CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...) - NOT-FOR-US: Quake 3 based games -CAN-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...) - NOT-FOR-US: Yet Another Forum.net -CAN-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) - NOT-FOR-US: Alstrasoft EPay -CAN-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...) - NOT-FOR-US: Alstrasoft EPay -CAN-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...) - NOT-FOR-US: Rumba -CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...) - NOT-FOR-US: IVT BlueSoleil -CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...) - - kernel-source-2.6.8 2.6.8-16 (bug #303177) -CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) - NOT-FOR-US: Apple -CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) - NOT-FOR-US: Apple -CAN-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...) - NOT-FOR-US: Apple -CAN-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...) - NOT-FOR-US: Apple -CAN-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...) - NOT-FOR-US: Apple -CAN-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...) - NOT-FOR-US: Apple -CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) - NOT-FOR-US: Apple -CAN-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...) - NOT-FOR-US: Apple -CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) - NOT-FOR-US: CA eTrust IDS -CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...) - - gaim 1:1.2.1-1 -CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] - NOTE: Was once part of Debian, but has been removed -CAN-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...) - - gaim 1:1.2.1-1 (bug #303581) -CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...) - - gaim 1:1.2.1-1 (bug #303581) -CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...) - NOT-FOR-US: Kerio firewall -CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...) - NOT-FOR-US: ACPI BIOS hardware issue -CAN-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...) - NOT-FOR-US: SquirrelCart -CAN-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...) - - horde3 3.0.4-1 - - horde2 2.2.8-1 -CAN-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...) - NOT-FOR-US: OpenBSD -CAN-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...) - NOT-FOR-US: YepYep mtftpd -CAN-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...) - NOT-FOR-US: YepYep mtftpd -CAN-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...) - NOT-FOR-US: BayTech RPC -CAN-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...) - NOT-FOR-US: InterAKT MX Kart -CAN-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...) - NOT-FOR-US: InterAKT MX Shop -CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...) - NOT-FOR-US: Windows -CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) - {DSA-730-1} - - bzip2 1.0.2-6 - NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) - NOTE: attacker would have to exploit the minimal time span between uncompressing - NOTE: the file and chmodding it to delete the file and place a hardlink to another - NOTE: file of the "attacked" user. Additionally the attacker needs write permissions - NOTE: to the directory where the file is being uncompressed, ruling out /~ etc. -CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...) - NOT-FOR-US: PafileDB -CAN-2005-0951 - REJECTED -CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...) - NOT-FOR-US: FastStone 4in1 Browser -CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...) - NOT-FOR-US: PortalApp -CAN-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...) - NOT-FOR-US: PortalApp -CAN-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...) - NOT-FOR-US: phpCoin -CAN-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...) - NOT-FOR-US: phpCoin -CAN-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...) - NOT-FOR-US: ACS Blog -CAN-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll), ...) - NOT-FOR-US: Microsoft -CAN-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...) - NOT-FOR-US: Cisco Hardware issue -CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) - NOT-FOR-US: Sybase ASE -CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) - - openoffice.org 1.1.3-9 -CAN-2005-0939 - RESERVED -CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...) - NOT-FOR-US: UBlog -CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...) - - kernel-source-2.6.8 2.6.8-16 -CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] - - freeciv 2.0.1-1 -CAN-2005-XXXX [mailscanner: lock/pid file location symlink attack] - - mailscanner 4.40.11-1 -CAN-2005-XXXX [KDE Kopete ICQ remote DoS] - - kdenetwork 4:3.3.2-2 -CAN-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...) - NOT-FOR-US: ESMI PayPal Storefront -CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...) - NOT-FOR-US: ESMI PayPal Storefront -CAN-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...) - NOT-FOR-US: WackoWiki -CAN-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...) - NOT-FOR-US: phpCOIN -CAN-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...) - NOT-FOR-US: phpCOIN -CAN-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...) - NOT-FOR-US: The Includer -CAN-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...) - NOT-FOR-US: Chatness -CAN-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...) - NOT-FOR-US: PhotoPost PHP Pro -CAN-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) - NOT-FOR-US: PhotoPost PHP Pro -CAN-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...) - NOT-FOR-US: WebAPP -CAN-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...) - - sylpheed 1.0.4-1 - - sylpheed-claws 1.0.4-1 -CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...) - NOT-FOR-US: Uapplication Ublog -CAN-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...) - NOT-FOR-US: Adventia E-Data -CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...) - NOT-FOR-US: Norton AntiVirus -CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...) - NOT-FOR-US: Norton AntiVirus -CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...) - NOT-FOR-US: Lotus -CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...) - NOT-FOR-US: Bugtracker.NET -CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...) - NOT-FOR-US: Adventia E-Data -CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) - NOT-FOR-US: Adobe SVG Viewer -CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...) - NOT-FOR-US: EncapsBB -CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) - - kernel-source-2.6.8 2.6.8-16 - NOTE: 2.4 doesn't seem to be vulnerable -CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...) - NOT-FOR-US: Webmasters-Debutants WD Guestbook -CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...) - NOT-FOR-US: CPG Dragonfly -CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...) - - smarty 2.6.8-1 -CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...) - NOT-FOR-US: deplate -CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...) - NOT-FOR-US: exoops -CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) - NOT-FOR-US: exoops -CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...) - NOT-FOR-US: THai's Shoutbox -CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) - NOT-FOR-US: Valdersoft Shopping Cart -CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) - NOT-FOR-US: Valdersoft Shopping Cart -CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...) - NOT-FOR-US: Tincat network library -CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) - NOT-FOR-US: Maxthon -CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...) - NOT-FOR-US: Microsoft -CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...) - NOT-FOR-US: QuickTime PictureViewer -CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...) - NOT-FOR-US: NukeBookmarks for php-nuke -CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...) - NOT-FOR-US: NukeBookmarks for php-nuke -CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) - NOT-FOR-US: NukeBookmarks for php-nuke -CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...) - NOT-FOR-US: AS/400 running OS400 -CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) - NOT-FOR-US: E-Store Kit-2 PayPal Edition -CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...) - NOT-FOR-US: E-Store Kit-2 PayPal Edition -CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) - NOT-FOR-US: phpMyDirectory -CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) - NOT-FOR-US: Netcomm 1300NB DSL Modem -CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) - - openmosixview 1.5-7 -CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...) - - smail <unfixed> (bug #301428; medium) - NOTE: no patch known at this time. -CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) - {DSA-722-1} - - smail 3.2.0.115-7 -CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) - NOTE: The description is wrong; 2.6 is affected as well - - gtk+2.0 2.6.4-1 - - gdk-pixbuf 0.22.0-7.1 -CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) - - sharutils 1:4.2.1-12 -CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) - - sharutils 1:4.2.1-11 -CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...) - NOT-FOR-US: X-News -CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...) - NOT-FOR-US: Netscape Enterprise Server -CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...) - NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server -CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...) - - cryptcat 20031202-2 - NOTE: don't know when it was fixed, verified above version is ok -CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...) - - cgiemail 1.6-14 -CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) - NOT-FOR-US: Verity Search97 -CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...) - - squirrelmail 1:1.2.3 -CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...) - - squirrelmail 1:1.2.3 -CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) - - squirrelmail 1:1.2.3 -CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) - - slash <unfixed> (bug #160579; low) -CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) - NOT-FOR-US: commercial ssh -CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...) - NOT-FOR-US: commercial ssh -CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...) - NOT-FOR-US: commercial ssh -CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...) - NOT-FOR-US: RealNetworks Helix Universal Server -CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...) - - postgresql 7.2.3 -CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...) - NOT-FOR-US: Oracle -CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...) - NOT-FOR-US: Oracle -CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) - NOT-FOR-US: Oracle -CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...) - NOT-FOR-US: Oracle -CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...) - NOT-FOR-US: Oracle -CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) - NOT-FOR-US: Oracle -CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...) - NOT-FOR-US: Oracle -CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...) - NOT-FOR-US: NetWare -CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) - NOT-FOR-US: QNX -CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...) - NOT-FOR-US: Oracle -CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) - NOT-FOR-US: Oracle -CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...) - NOT-FOR-US: Oracle -CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) - NOT-FOR-US: Multi-Tech ProxyServer -CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...) - NOT-FOR-US: Dream4 Koobi CMS -CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) - NOT-FOR-US: Dream4 Koobi CMS -CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - NOTE: the hole was introduced in 0.9.4.3; I suppose that having - NOTE: this package be orphaned and not get updated for years from 0.9.2 - NOTE: is good for _something_ after all :-P -CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...) - - dcl 1:0.9.4.4-1 -CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) - NOT-FOR-US: Invision Power Board -CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) - NOT-FOR-US: XMB Forum -CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...) - NOT-FOR-US: DigitalHive -CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...) - NOT-FOR-US: DigitalHive -CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) - NOT-FOR-US: BirdBlog -CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...) - NOT-FOR-US: Interspire ArticleLive -CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...) - NOT-FOR-US: Vortex Portal -CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...) - NOT-FOR-US: Vortex Portal -CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) - NOT-FOR-US: MercuryBoard -CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...) - - dnsmasq 2.21 -CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) - - dnsmasq 2.21 -CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) - NOT-FOR-US: Trillian plugin -CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) - NOT-FOR-US: Trillian plugin -CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...) - NOT-FOR-US: Oracle -CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) - NOT-FOR-US: Topic Calendar phpbb2 plugin -CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) - NOT-FOR-US: Topic Calendar phpbb2 plugin -CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) - {DSA-724-1} - - phpsysinfo 2.3-3 -CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) - NOTE: phpsysinfo maintainer does not consider path disclosure to - NOTE: be a bug. See bug #301118. -CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) - NOTE: checked tn5250, apparently the only AS/400 emulator in debian - NOTE: cannot find STRPCO or STRPCCMD in tn5250. -CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) - NOTE: According to Horms from the Debian kernel team 2.6.8 and 2.6.11 are not - NOTE: affected, 2.4 doesn't include sysfs anyway, see 306137 -CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) - - cdrtools 4:2.01+01a01-4 -CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...) - NOT-FOR-US: Scalable OGo (SOGo) -CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...) - NOT-FOR-US: Mike Spice Mike's Vote CGI -CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) - NOT-FOR-US: Mike Spice Quiz CGI -CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) - NOT-FOR-US: Mike Spice My Calendar -CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) - NOTE: fixed in macromedia flash shortly after discovery 3 years ago - NOTE: did not check the other flash players in debian for this -CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...) - NOT-FOR-US: Lotus Domino -CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...) - NOT-FOR-US: General protocol flaw, cannot be fixed -CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...) - NOT-FOR-US: AIX -CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) - NOT-FOR-US: AIX -CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...) - NOT-FOR-US: AIX -CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...) - NOT-FOR-US: AIX -CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) - NOT-FOR-US: Samsung ADSL modems -CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) - NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago -CAN-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) - NOT-FOR-US: PHPOpenChat -CAN-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...) - NOT-FOR-US: PHPOpenChat -CAN-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) - NOT-FOR-US: Delegate -CAN-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...) - NOT-FOR-US: TRG News Script -CAN-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...) - NOT-FOR-US: CzarNews -CAN-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) - NOT-FOR-US: CoolForum -CAN-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...) - NOT-FOR-US: CoolForum -CAN-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) - NOT-FOR-US: CoolForum -CAN-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...) - NOT-FOR-US: CoolForum -CAN-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...) - NOT-FOR-US: betaparticle blog -CAN-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...) - NOT-FOR-US: betaparticle blog -CAN-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...) - NOT-FOR-US: Microsoft Windows -CAN-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...) - NOT-FOR-US: FileZilla FTP server -CAN-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...) - NOT-FOR-US: FileZilla FTP server -CAN-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) - NOT-FOR-US: Multiple commercial games by FUN Labs -CAN-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) - NOT-FOR-US: Multiple commercial games by FUN Labs -CAN-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Code Ocean FTP Server -CAN-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...) - NOT-FOR-US: HP-UX -CAN-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) - NOT-FOR-US: GoAhead Web Server -CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) - NOTE: HAVE_BRAILLE not set in binary build -CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) - NOT-FOR-US: SurgeMail -CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) - NOT-FOR-US: SurgeMail -CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...) - NOT-FOR-US: Nortel Contivity -CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) - NOT-FOR-US: Phorum -CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) - NOT-FOR-US: Kayako eSupport -CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) - NOT-FOR-US: phpmyfamily -CAN-2005-0840 - REJECTED -CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) - - kernel-source-2.6.8 2.6.8-16 -CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) - - icecast2 <unfixed> (bug #301368; low) -CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) - - icecast2 <unfixed> (bug #301368; low) -CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) - NOT-FOR-US: Java Web Start for proprietary Sun Java -CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) - NOT-FOR-US: Belkin 54G router -CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) - NOT-FOR-US: Belkin 54G router -CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) - NOT-FOR-US: Belkin 54G router -CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) - NOT-FOR-US: PHP-Post -CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) - NOT-FOR-US: PHP-Post -CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) - NOT-FOR-US: Xzabite DynDNS Updater -CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) - NOT-FOR-US: PHP-Fusion Addon -CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) - NOT-FOR-US: e-Xoops based products -CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) - NOT-FOR-US: e-Xoops based products -CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: OllyDbg MS Windows debugger -CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) - - ltris 1.0.6-1.1 (bug #291620) -CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) - - mathopd 1.5p5-1 -CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...) - NOT-FOR-US: Cherokee -CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...) - NOT-FOR-US: Cherokee -CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) - NOT-FOR-US: Nokia Firewall appliances -CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) - NOT-FOR-US: Cayman DSL router -CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) - NOTE: I could track this down to this posting - NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html - NOTE: This looks very obscure an does not contain useful information on how this - NOTE: was triggered and even then it's not a problem, as mcedit usage does not - NOTE: have a remote impact and is not suid -CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) - NOT-FOR-US: IPC@CHIP Embedded web server -CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) - NOT-FOR-US: ColdFusion -CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) - NOT-FOR-US: Alcatel Speed Touch -CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...) - NOT-FOR-US: Alcatel Speed Touch -CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) - NOT-FOR-US: Alcatel Speed Touch -CAN-2005-XXXX [Various /tmp related security issues in cernlib] - - cernlib 2004.11.04-3 -CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...) - NOT-FOR-US: iSnooker -CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...) - NOT-FOR-US: Citrix -CAN-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...) - NOT-FOR-US: Citrix -CAN-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...) - NOT-FOR-US: MS Office -CAN-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...) - NOT-FOR-US: Novell Netware -CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) - NOT-FOR-US: Pun BB -CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...) - NOT-FOR-US: Symantec Gateway -CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) - NOT-FOR-US: Solaris -CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...) - - kernel-source-2.4.27 2.4.27-10 (bug #300783; medium) - - linux-2.6 2.6.12-1 (bug #300783; medium) - - kernel-source-2.6.8 2.6.8-16 - NOTE: Fixed upstream in 2.6.12-rc1 -CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) - {DSA-717-1} - - lsh-utils 2.0.1-1 -CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...) - NOT-FOR-US: ir -CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) - NOT-FOR-US: NotifyLink -CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) - NOT-FOR-US: NotifyLink -CAN-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...) - NOT-FOR-US: NotifyLink -CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...) - NOT-FOR-US: NotifyLink -CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) - NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/ -CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) - NOT-FOR-US: Cain & Abel -CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) - - evolution 2.0.4-2 - - evolution-data-server 1.2.2-1 -CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...) - NOT-FOR-US: Subdreamer -CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) - NOT-FOR-US: MailEnable -CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...) - NOT-FOR-US: Windows -CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) - NOT-FOR-US: ACS Blog -CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) - NOT-FOR-US: The Includer -CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...) - NOT-FOR-US: mcNews -CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) - NOT-FOR-US: MySQL on Windows -CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) - NOT-FOR-US: Novell iChain -CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...) - NOT-FOR-US: Novell iChain -CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...) - NOT-FOR-US: Hola CMS -CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) - NOT-FOR-US: Hola CMS -CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) - NOT-FOR-US: ZPanel -CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...) - NOT-FOR-US: ZPanel -CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) - NOT-FOR-US: ZPanel -CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...) - NOT-FOR-US: phpAdsNew -CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: phpAdsNew -CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...) - NOT-FOR-US: SimpGB -CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...) - NOT-FOR-US: YaBB -CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...) - NOT-FOR-US: Phorum -CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...) - NOT-FOR-US: Phorum -CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...) - NOT-FOR-US: paFileDB -CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) - NOT-FOR-US: paFileDB -CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) - NOT-FOR-US: paFileDB -CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...) - NOT-FOR-US: PlatinumFTP -CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...) - NOT-FOR-US: PhotoPost -CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) - NOT-FOR-US: PhotoPost -CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...) - NOT-FOR-US: PhotoPost -CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...) - NOT-FOR-US: PhotoPost -CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) - NOT-FOR-US: PhotoPost -CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...) - NOT-FOR-US: VERITAS Backup Exec -CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...) - NOT-FOR-US: VERITAS Backup Exec -CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...) - NOT-FOR-US: VERITAS Backup Exec -CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) - NOT-FOR-US: IDA Pro -CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) - NOT-FOR-US: GoodTech Telnet Server -CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...) - - kernel-source-2.6.8 2.6.8-15 -CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...) - - ethereal 0.10.10-1 -CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) - - ethereal 0.10.10-1 -CAN-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...) - - rxvt-unicode 5.3-1 -CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...) - {DSA-698-1} - NOTE: Seems to be a "fix the fix", correcting a previous DSA. - NOTE: Mainline mc is apparently not affected. -CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...) - {DSA-702-1} - - imagemagick 5:6.0.0-1 - NOTE: Does only affect imagemagick releases prior to 6 -CAN-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...) - - imagemagick 5:6.0.2.5 (bug #301110) -CAN-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...) - {DSA-702-1} - - imagemagick 5:6.0.0-1 - NOTE: Does only affect imagemagick releases prior to 6 -CAN-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...) - {DSA-702-1} - - imagemagick 5:6.0.0-1 - NOTE: Does only affect imagemagick releases prior to 6 -CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) - NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 - - gzip 1.3.5-10 - - bzip2 1.0.2-8.1 (bug #321286; medium) -CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - - kernel-source-2.4.27 2.4.27-11 (bug #311164) - - kernel-source-2.6.8 2.6.8-17 - - linux-2.6 2.6.12-1 -CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) - - kernel-source-2.4.27 2.4.27-11 (medium) - - kernel-source-2.6.8 2.6.8-17 (medium) - - kernel-source-2.6.11 2.6.11-7 (medium) - - linux-2.6 2.6.12-1 (medium) - NOTE: Commited to kernel 2.6 git on 2005-05-20, between .12-rc4 and .12-rc5 -CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - - helix-player 1.0.4-1 -CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...) - - kdewebdev 4:3.3.2-6 -CAN-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...) - {DSA-742-1} - - cvs 1:1.12.9-13 -CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...) - - mozilla-firefox 1.0.3-1 -CAN-2005-0751 - REJECTED -CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...) - - kernel-source-2.4.27 2.4.27-10 - - kernel-source-2.6.8 2.6.8-16 -CAN-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...) - - kernel-source-2.6.8 2.6.8-16 - - kernel-source-2.4.27 2.4.27-10 -CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...) - NOT-FOR-US: ActiveCampaign KnowledgeBuilder -CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...) - NOT-FOR-US: Adobe PhotoDeluxe -CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...) - NOT-FOR-US: Advanced Poll -CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...) - NOT-FOR-US: WinVNC -CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...) - NOT-FOR-US: no_package - NOTE: Debian's nvi recover script is very different -CAN-2005-XXXX [Connection related DoS possibility in OmniORB 4] - - omniorb4 4.0.5-2 -CAN-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...) - NOT-FOR-US: not part of Woody, has been removed from sarge/sid -CAN-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...) - NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable -CAN-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...) - - wine 0.0.20050310-1.1 -CAN-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...) - - openslp 1.0.11a-2 -CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...) - NOT-FOR-US: WEBInsta -CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...) - NOT-FOR-US: ApplyYourself -CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...) - NOT-FOR-US: Novell iChain -CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...) - NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor -CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...) - NOT-FOR-US: Novell iChain -CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...) - NOT-FOR-US: XOOPS -CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) - NOT-FOR-US: Sun Java System Application Server -CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...) - NOT-FOR-US: YaBB -CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...) - NOT-FOR-US: OpenBSD -CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...) - {DSA-718-1} - - ethereal 0.10.10-1 -CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...) - NOT-FOR-US: Microsoft -CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...) - NOT-FOR-US: Yahoo Messenger -CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...) - NOTE: 2.6 through .11 - NOTE: There is no epoll in 2.4 - - kernel-source-2.6.8 2.6.8-14 -CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...) - NOT-FOR-US: newsscript -CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) - NOT-FOR-US: PY Software Active Webcam WebServer -CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) - NOT-FOR-US: PY Software Active Webcam WebServer -CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) - NOT-FOR-US: PY Software Active Webcam WebServer -CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) - NOT-FOR-US: PY Software Active Webcam WebServer -CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) - NOT-FOR-US: PY Software Active Webcam WebServer -CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...) - NOT-FOR-US: Xpand Rally -CAN-2005-0728 - REJECTED -CAN-2005-0727 - REJECTED -CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...) - NOT-FOR-US: UBB.threads -CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...) - NOT-FOR-US: wfsections -CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) - NOT-FOR-US: paFileDB -CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...) - NOT-FOR-US: paFileDB -CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...) - NOT-FOR-US: eXPerience2 -CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...) - NOT-FOR-US: eXPerience2 -CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...) - NOT-FOR-US: mcNews -CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...) - NOT-FOR-US: Tru64 -CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...) - - squid 2.5.8 (bug #305605) -CAN-2005-0717 - RESERVED -CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) - NOT-FOR-US: Mac OS -CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...) - NOT-FOR-US: Mac OS -CAN-2005-0714 - REJECTED -CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...) - NOT-FOR-US: Mac OS -CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...) - NOT-FOR-US: Mac OS -CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...) - {DSA-707-1} - - mysql-dfsg 4.0.24 - - mysql-dfsg-4.1 4.1.10a -CAN-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) - {DSA-707-1} - - mysql-dfsg 4.0.24 - - mysql-dfsg-4.1 4.1.10a -CAN-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) - {DSA-707-1} - - mysql-dfsg 4.0.24 - - mysql-dfsg-4.1 4.1.10a -CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...) - NOT-FOR-US: FreeBSD -CAN-2003-1130 - REJECTED -CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...) - NOT-FOR-US: Yahoo Audio Conferencing ActiveX control -CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) - NOT-FOR-US: X2 XMMS Remote -CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) - NOT-FOR-US: e-Gap -CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) - NOT-FOR-US: SunOne/iPlanet -CAN-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...) - NOT-FOR-US: SunOne -CAN-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) - NOT-FOR-US: Sun Management Center -CAN-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) - NOT-FOR-US: Sun JRE -CAN-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...) - NOT-FOR-US: ScriptLogic -CAN-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) - NOT-FOR-US: ScriptLogic -CAN-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) - NOT-FOR-US: SSH Tectia Server -CAN-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...) - NOTE: does not affect openssh -CAN-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) - - setiathome 3.04 -CAN-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) - NOT-FOR-US: RealSystem Server -CAN-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) - NOT-FOR-US: Oracle E-Business Suite -CAN-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...) - NOT-FOR-US: Nortel Networks Succession Communication Server -CAN-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...) - NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways -CAN-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...) - NOT-FOR-US: IPTel SIP Express Router -CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...) - NOT-FOR-US: Ingate Firewall and Ingate SIParator -CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...) - NOT-FOR-US: dynamicsoft -CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...) - NOT-FOR-US: Columbia SIP User Agent -CAN-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) - NOT-FOR-US: Cisco -CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...) - NOT-FOR-US: Alcatel -CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) - NOT-FOR-US: Microsoft -CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...) - NOT-FOR-US: MSIE -CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...) - NOT-FOR-US: IBM Tivoli Firewall Toolbox -CAN-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) - NOT-FOR-US: Hummingbird CyberDOCS -CAN-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...) - NOT-FOR-US: Hummingbird CyberDOCS -CAN-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...) - NOT-FOR-US: Hummingbird CyberDOCS -CAN-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...) - NOT-FOR-US: Hummingbird CyberDOCS -CAN-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...) - NOT-FOR-US: shar on HP-UX -CAN-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) - NOT-FOR-US: HP-UX) -CAN-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) - NOT-FOR-US: HP-UX) -CAN-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...) - NOT-FOR-US: Mike Spice's My Classifieds -CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) - - dansguardian 2.4.5-1 -CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...) - NOT-FOR-US: Computer Associates MLink -CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) - NOT-FOR-US: Cisco -CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) - NOT-FOR-US: Cisco -CAN-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...) - NOT-FOR-US: Cisco -CAN-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...) - NOTE: our pwck and grpck do not overflow and are not suid -CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...) - - apache2 2.0.42 -CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...) - - apache2 2.0.36 -CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) - NOT-FOR-US: AIM in MSIE -CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...) - NOT-FOR-US: Ipswitch Collaboration Suite -CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) - NOTE: Sarge version of gnome-vfs2 does not install the module with the vulnerable code - NOTE: fixed in gnome-vfs2 2.10 long ago too. - - grip 3.2.0-4 (low) - - libcdaudio 0.99.9-2.1 (bug #304799; low) - - gnome-vfs 1.0.5-5.1 (bug #305163; low) -CAN-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...) - - ethereal 0.10.10-1 -CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...) - - ethereal 0.10.10-1 -CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...) - NOT-FOR-US: not our cpanel -CAN-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...) - NOT-FOR-US: not our cpanel -CAN-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...) - NOT-FOR-US: Symantec Brightmail AntiSpam -CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...) - NOT-FOR-US: Solaris -CAN-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...) - NOT-FOR-US: NetScreen-Security Manager -CAN-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...) - NOTE: only seems to affect 1.7.4, not the newer branch in debian -CAN-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...) - NOT-FOR-US: HP-UX -CAN-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...) - NOT-FOR-US: hsrun.exe -CAN-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...) - NOT-FOR-US: F-Secure Anti-Virus -CAN-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...) - - ethereal 0.10.3 -CAN-2004-1760 (The default installation of Cisco IBM Director agent does not require ...) - NOT-FOR-US: Cisco -CAN-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...) - NOT-FOR-US: Cisco -CAN-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...) - NOT-FOR-US: Cisco -CAN-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) - - file 3.4.1 -CAN-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...) - NOT-FOR-US: Apple QuickTime/Darwin Streaming Server -CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...) - NOT-FOR-US: AbsoluteTelnet -CAN-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...) - NOT-FOR-US: Xerox MicroServer Web Server -CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...) - NOT-FOR-US: phpMyFAQ -CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...) - NOT-FOR-US: Oracle -CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...) - NOT-FOR-US: Aztek -CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...) - - ethereal 0.10.9-2 -CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...) - NOT-FOR-US: PHPWebLog -CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...) - NOT-FOR-US: CopperExport -CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...) - NOT-FOR-US: ArGoSoft -CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...) - NOT-FOR-US: Hosting Controller -CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...) - NOT-FOR-US: Hosting Controller -CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...) - NOT-FOR-US: JoWood Chaser (for Windows) -CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...) - NOT-FOR-US: PHP-Fusion -CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...) - NOT-FOR-US: SocialMPN -CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) - NOT-FOR-US: Gene6 FTP Server for Win -CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...) - NOT-FOR-US: The Includer -CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...) - NOT-FOR-US: Windows -CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...) - NOTE: hashcash 1.13 (which is in Debian) is not vulnerable - NOTE: hashcash 1.17 is also ok -CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...) - - mlterm 2.9.2 - NOTE: see bug #298621, was stalled in NEW, now accepted -CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...) - NOT-FOR-US: OutStart Participate Enterprise -CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...) - - maxdb-7.5.00 7.5.00.24-3 -CAN-2005-0683 - REJECTED -CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...) - - drupal 4.5.2 -CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Nokia -CAN-2005-0680 (PHP remote code injection vulnerability in ...) - NOT-FOR-US: Download Center Lite -CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...) - NOT-FOR-US: Tell A Friend Script -CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...) - NOT-FOR-US: Form Mail Script -CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) - NOT-FOR-US: Zorum -CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...) - NOT-FOR-US: Zorum -CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...) - NOT-FOR-US: Zorum -CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) - NOT-FOR-US: Pabox for PHPNuke -CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...) - - phpbb2 2.0.13-2 -CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...) - NOT-FOR-US: Ca3DE -CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...) - NOT-FOR-US: Ca3DE -CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...) - NOT-FOR-US: phpCOIN -CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...) - NOT-FOR-US: phpCOIN -CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...) - NOT-FOR-US: HAVP -CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...) - - sylpheed 1.0.3-1 - - sylpheed-claws 1.0.3-1 -CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...) - - kernel-patch-adamantix 1.7 -CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...) - NOT-FOR-US: XV -CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...) - {DSA-709-1} - - libexif 0.6.9-5 -CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...) - NOT-FOR-US: Mercury Board -CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...) - NOT-FOR-US: Mercury Board -CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...) - NOT-FOR-US: Woltlab Burning Board -CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...) - NOT-FOR-US: D-Forum -CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...) - NOTE: This is not a security issue as the installation path is known. -CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) - NOT-FOR-US: Typo3 -CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...) - NOT-FOR-US: Computalynx CProxy -CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...) - NOT-FOR-US: auraCMS -CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: auraCMS -CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...) - NOTE: this is not a security issue according to maintainer -CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...) - - phpmyadmin 3:2.6.1-pl3-1 -CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...) - NOT-FOR-US: OpenVMS -CAN-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...) - NOT-FOR-US: ProjectBB -CAN-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...) - NOT-FOR-US: ProjectBB -CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...) - NOT-FOR-US: Pixel-Apes SafeHTML -CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...) - NOT-FOR-US: Pixel-Apes SafeHTML -CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...) - NOT-FOR-US: paNews -CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...) - NOT-FOR-US: paNews -CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...) - NOT-FOR-US: CuteNews -CAN-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) - NOT-FOR-US: McAfee Virus Scanners -CAN-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) - NOT-FOR-US: McAfee Virus Scanners -CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...) - NOT-FOR-US: Computer Associates UAM -CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) - NOT-FOR-US: Computer Associates UAM -CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) - NOT-FOR-US: Computer Associates UAM -CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) - {DSA-695-1 DSA-694-1} - - xloadimage 4.1-14.2 - - xli 1.17.0-17 -CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) - {DSA-695-1 DSA-694-1} - - xli 1.17.0-18 - - xloadimage 4.1-14.1 (bug #298926) -CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...) - NOT-FOR-US: OpenBSD -CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) - NOT-FOR-US: Foxmail -CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...) - NOT-FOR-US: Foxmail -CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...) - NOT-FOR-US: Golden FTP Server -CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) - NOT-FOR-US: Trillian -CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...) - NOT-FOR-US: PHPNews -CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...) - NOT-FOR-US: PBLang -CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...) - NOT-FOR-US: PBLang -CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) - NOT-FOR-US: 427BB -CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...) - NOT-FOR-US: Forumwa -CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...) - NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since - NOTE: Martin Loschwitz maintain it. -CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...) - NOT-FOR-US: Symantec DNSd -CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) - NOT-FOR-US: Zorum -CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...) - NOT-FOR-US: Zorum -CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...) - - squid 2.5.9-2 -CAN-2005-0940 - REJECTED -CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) - - reportbug 3.8 -CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) - - reportbug 3.8 -CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) - NOT-FOR-US: RaidenHTTPD -CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) - NOT-FOR-US: RaidenHTTPD -CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: Scrapland -CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) - NOT-FOR-US: Einstein -CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) - NOT-FOR-US: Einstein -CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) - NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware -CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) - NOT-FOR-US: PostNuke -CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...) - NOT-FOR-US: PostNuke -CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...) - NOT-FOR-US: PostNuke -CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) - - phpbb2 2.0.13-1 -CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) - NOT-FOR-US: FCKeditor -CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) - NOT-FOR-US: Cisco -CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) - NOT-FOR-US: Real -CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) - NOT-FOR-US: FreeBSD portupgrade -CAN-2005-0609 - RESERVED -CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) - NOT-FOR-US: Half Life WebMod -CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) - NOT-FOR-US: CubeCert -CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...) - NOT-FOR-US: CubeCert -CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...) - {DSA-723-1} - NOTE: lesstif2 - - lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236) - NOTE: lesstif1 - - lesstif1-1 1:0.93.94-11.3 (bug #300421) - NOTE: libxmp4 is the real culprit, but there are different - NOTE: source packages for it (xorg-x11 and xfree86). xorg-x11 - NOTE: in unstable is not affected (was fixed before the upload). - - xfree86 4.3.0.dfsg.1-13 - NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 (bug #308819; medium) -CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) - NOT-FOR-US: GFI Languard Network Security Scanner -CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) - - phpbb2 2.0.13-1 -CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) - - unzip 5.52-1 - NOTE: um, tar does this too, not really considered a security hole -CAN-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) - NOT-FOR-US: Cisco -CAN-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) - NOT-FOR-US: Cisco -CAN-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) - NOT-FOR-US: Cisco -CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) - NOT-FOR-US: Real -CAN-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) - NOT-FOR-US: Cisco -CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...) - NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037 - - php4 4:4.3.8-1 -CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...) - NOT-FOR-US: BadBlue -CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...) - NOT-FOR-US: Apple -CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) - - mozilla-firefox 1.0.1 - - mozilla 2:1.7.6-1 -CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...) - - mozilla-firefox 1.0.1 - - mozilla 2:1.7.6-1 - - mozilla-thunderbird 1.0.2-1 -CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) - - mozilla-firefox 1.0.1 -CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...) - - mozilla-firefox 1.0.1 - - mozilla-thunderbird 1.0.2-1 -CAN-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...) - - mozilla-firefox 1.0.1 -CAN-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...) - - mozilla-firefox 1.0.1 - - mozilla 2:1.7.6-1 -CAN-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) - NOTE: windows only -CAN-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) - - mozilla-firefox 1.0.1 - - mozilla 2:1.7.6-1 -CAN-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...) - - mozilla-firefox 1.0.1 - - mozilla 2:1.7.6-1 -CAN-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...) - - mozilla-firefox 1.0.1 - - mozilla 2:1.7.6-1 -CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) - NOT-FOR-US: Computer Associates (CA) License Client -CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...) - NOT-FOR-US: Computer Associates (CA) License Client -CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...) - NOT-FOR-US: Computer Associates (CA) License Client -CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) - NOT-FOR-US: cmd5checkpw -CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) - NOT-FOR-US: FreeNX -CAN-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) - - mozilla-firefox 1.0.1-1 -CAN-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) - NOT-FOR-US: MKBold-MKItalic -CAN-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) - NOT-FOR-US: STSF in Solaris -CAN-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) - NOT-FOR-US: Stormy Studios Knet -CAN-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...) - NOT-FOR-US: CIS Webserver -CAN-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...) - NOTE: don't know if we are vulnerable, I've mailed maintainers -- Djoume - TODO: check -CAN-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) - NOT-FOR-US: phpWebSite -CAN-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...) - NOT-FOR-US: PunBB -CAN-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...) - NOT-FOR-US: PunBB -CAN-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...) - NOT-FOR-US: PunBB -CAN-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) - NOT-FOR-US: Soldier of Fortune II -CAN-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...) - - phpmyadmin 3:2.6.1-pl2-1 -CAN-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...) - NOT-FOR-US: Golden FTP Server -CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...) - NOT-FOR-US: phpWebSite -CAN-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...) - NOT-FOR-US: Microsoft Word -CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...) - NOT-FOR-US: Microsoft -CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) - NOT-FOR-US: MSN Messenger -CAN-2005-0561 - RESERVED -CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...) - NOT-FOR-US: Exchange server -CAN-2005-0559 - RESERVED -CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...) - NOT-FOR-US: Microsoft Word -CAN-2005-0557 - RESERVED -CAN-2005-0556 - RESERVED -CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) - NOT-FOR-US: MSIE -CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...) - NOT-FOR-US: MSIE -CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...) - NOT-FOR-US: MSIE -CAN-2005-0552 - RESERVED -CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...) - NOT-FOR-US: Microsoft -CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) - NOT-FOR-US: Microsoft -CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) - NOT-FOR-US: Solaris -CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) - NOT-FOR-US: Solaris -CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) - NOT-FOR-US: Apple Java plugin -CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...) - NOT-FOR-US: Gaucho -CAN-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...) - NOT-FOR-US: Ground Control II -CAN-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: RealVNC -CAN-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...) - NOT-FOR-US: Attack Mitigator IPS 5500 -CAN-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...) - NOT-FOR-US: NtRegmon -CAN-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...) - NOT-FOR-US: NetworkEverywhere NR041 -CAN-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...) - NOT-FOR-US: PHP Code Snippet Library -CAN-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...) - NOT-FOR-US: Painkiller -CAN-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...) - NOT-FOR-US: ESF Webserver -CAN-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...) - NOT-FOR-US: ESF Webserver -CAN-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...) - NOT-FOR-US: WebAPP -CAN-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) - NOT-FOR-US: musicd -CAN-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) - NOT-FOR-US: musicd -CAN-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Bird Chat -CAN-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...) - NOT-FOR-US: JShop -CAN-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...) - - cacti 0.8.5a-5 -CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) - - cacti 0.8.5a-5 -CAN-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) - - sympa 4.1.5-4 (bug #298105; low) -CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...) - - mantis 0.19.2-1 -CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) - NOT-FOR-US: MyDMS -CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...) - NOT-FOR-US: MyDMS -CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...) - - mantis 0.19.0-1 -CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...) - - mantis 0.19.0-1 -CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) - NOT-FOR-US: Nihuo Web Log Analyzer -CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) - NOT-FOR-US: sarad -CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: BadBlue -CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...) - NOT-FOR-US: XV -CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...) - NOT-FOR-US: XV -CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) - NOT-FOR-US: PHP-Fusion -CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) - NOT-FOR-US: PHP-Fusion -CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...) - NOT-FOR-US: Merak Webmail Server -CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...) - NOT-FOR-US: IPD -CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...) - - gv 1:3.6.1-1 -CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) - NOT-FOR-US: PForum -CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) - NOT-FOR-US: MIMEsweeper -CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...) - NOT-FOR-US: BlackICE PC Protection -CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...) - NOT-FOR-US: PRM on HP-UX -CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...) - NOT-FOR-US: TypePad -CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) - - moodle 1.4-1 -CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) - NOT-FOR-US: page.cgi -CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) - NOT-FOR-US: Datakey Rainbow iKey2032 USB token -CAN-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Webbsyte -CAN-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...) - NOT-FOR-US: Oracle -CAN-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...) - NOT-FOR-US: U.S. Robotics wireless access point -CAN-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) - NOT-FOR-US: Citadel/UX -CAN-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...) - NOT-FOR-US: WpQuiz -CAN-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) - NOT-FOR-US: Fusion News -CAN-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...) - NOT-FOR-US: Lexar Safe Guard -CAN-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) - NOT-FOR-US: diagmond on HP-UX -CAN-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...) - NOT-FOR-US: ftpd on HP-UX -CAN-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...) - - cyrus21-imapd 2.1.18-1 -CAN-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...) - NOT-FOR-US: MS Office -CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...) - - phpmyadmin 3:2.6.1-pl2-1 -CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...) - - phpmyadmin 3:2.6.1-pl2-1 -CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...) - NOT-FOR-US: Cyclades AlterPath Manager -CAN-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...) - NOT-FOR-US: Cyclades AlterPath Manager -CAN-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...) - NOT-FOR-US: Cyclades AlterPath Manager -CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) - NOT-FOR-US: IBM -CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...) - NOT-FOR-US: ginp -CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) - NOT-FOR-US: iGeneric (iG) Shop -CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...) - NOT-FOR-US: Trend Micro AntiVirus -CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) - - kernel-source-2.6.8 2.6.8-14 - NOTE: 2.4.27 seems to be unaffected -CAN-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...) - - kernel-source-2.6.8 2.6.8-14 - - kernel-source-2.4.27 2.4.27-9 -CAN-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...) - - kernel-source-2.6.8 2.6.8-14 - NOTE: affects only 2.6 (see #296906) -CAN-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...) - - kernel-source-2.6.8 2.6.8-14 - NOTE: 2.4.27 seems to be unaffected -CAN-2005-0528 - RESERVED -CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) - - mozilla-firefox 1.0.1 - NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - - mozilla 2:1.7.6 -CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) - NOT-FOR-US: PBLang -CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) - {DSA-729-1 DSA-708-1} - - php4 4:4.3.10-10 - - php3 3:3.0.18-31 -CAN-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) - NOTE: php3 not affected - - php4 4:4.3.10-10 -CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) - {DSA-719-1} - - prozilla 1:1.3.7.4-1 -CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...) - NOT-FOR-US: Chat Anywhere -CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...) - NOT-FOR-US: SendLink -CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...) - NOT-FOR-US: ArGoSoft -CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...) - NOT-FOR-US: ArGoSoft -CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) - NOT-FOR-US: eXeem -CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...) - NOT-FOR-US: PeerFTP -CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...) - NOT-FOR-US: ImageGalleryPlugin for Twiki -CAN-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...) - NOT-FOR-US: My Firewall Plus -CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...) - NOT-FOR-US: Verity Ultraseek -CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...) - NOT-FOR-US: pMachine -CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...) - NOT-FOR-US: Mambo -CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...) - NOT-FOR-US: vBulletin -CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...) - NOT-FOR-US: pMachine -CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) - NOT-FOR-US: fallback-reboot -CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) - NOTE: default config of Mono not vulnerable - - mono 1.1.6-4 (medium) -CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) - - batik 1.5.1-1 -CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) - NOT-FOR-US: SD Server -CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...) - NOT-FOR-US: Avaya IP Office Phone Manager -CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) - - irm 1.5.3.1-1 -CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) - - kernel-source-2.6.8 2.6.8-12 - - kernel-source-2.6.9 2.6.9-5 - - kernel-source-2.6.10 2.6.10-2 - - kernel-source-2.4.27 2.4.27-8 -CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...) - - uim 1:0.4.6beta2-1 -CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) - NOT-FOR-US: Xinkaa -CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...) - NOT-FOR-US: Bontago -CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) - NOT-FOR-US: MSIE6 -CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...) - NOT-FOR-US: Gigafast router -CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...) - NOT-FOR-US: Gigafast router -CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...) - NOT-FOR-US: ADP Elite System -CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...) - NOT-FOR-US: Arkeia Network Backup -CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...) - NOT-FOR-US: ZeroBoard -CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...) - NOT-FOR-US: Thomson TCW690 cable modem -CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...) - NOT-FOR-US: Biz Mail From -CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...) - NOT-FOR-US: Acrobat Reader -CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...) - NOT-FOR-US: Arkeia Server Backup -CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...) - - curl 7.13.0-2 -CAN-2005-0489 - RESERVED -CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...) - - cfengine2 2.1.8-1 -CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...) - - cfengine2 2.1.8-1 -CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...) - NOT-FOR-US: Pinnacle ShowCenter -CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...) - NOT-FOR-US: Pinnacle ShowCenter -CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...) - NOT-FOR-US: PopMessenger -CAN-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) - NOT-FOR-US: Computer Associates Unicenter Management Portal -CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) - NOT-FOR-US: EmuLive Server4 -CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) - NOT-FOR-US: EmuLive Server4 -CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...) - NOT-FOR-US: Symantec -CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...) - NOT-FOR-US: Mambo -CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...) - NOT-FOR-US: Mambo -CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...) - NOT-FOR-US: DNS4Me -CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...) - NOT-FOR-US: DNS4Me -CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...) - - sudo 1.6.8p3-1 -CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: Pigeon Server -CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...) - NOT-FOR-US: Snitz Forums -CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...) - NOT-FOR-US: MSIE -CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...) - NOT-FOR-US: SMC router -CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...) - NOT-FOR-US: Zyxel -CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...) - NOT-FOR-US: crrtrap -CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...) - NOT-FOR-US: QNX FTP -CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...) - NOT-FOR-US: QNX -CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...) - NOT-FOR-US: Pingtel Xpressa -CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...) - NOT-FOR-US: TwinFTP -CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...) - NOT-FOR-US: PerlDesk -CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...) - NOT-FOR-US: PerlDesk -CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...) - NOT-FOR-US: Serv-U FTP -CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...) - NOT-FOR-US: Merak Mail Server -CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...) - NOT-FOR-US: Subjects -CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...) - NOT-FOR-US: Halo Combat Evolved -CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...) - NOT-FOR-US: Trillian -CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...) - NOT-FOR-US: PsNews -CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...) - NOT-FOR-US: Call of Duty -CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...) - NOT-FOR-US: Engenio/LSI Logic storage controllers -CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: YaBB -CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...) - NOT-FOR-US: MailWorks -CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...) - NOT-FOR-US: CuteNews -CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...) - NOT-FOR-US: CuteNews -CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...) - NOT-FOR-US: Kerio Personal Firewall -CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...) - NOT-FOR-US: DasBlog -CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...) - NOT-FOR-US: Comersus Shopping Cart -CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...) - NOT-FOR-US: phpWebsite -CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...) - NOT-FOR-US: phpWebsite -CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...) - - ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed") - NOTE: See bug #296547 for details -CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...) - NOT-FOR-US: phpScheduleIt -CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - NOT-FOR-US: phpScheduleIt -CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...) - NOT-FOR-US: D-Link DCS-900 -CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...) - NOT-FOR-US: Msinfo32.exe -CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...) - NOT-FOR-US: Password Protect -CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...) - NOT-FOR-US: Password Protect -CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...) - NOT-FOR-US: Xedus -CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...) - NOT-FOR-US: Xedus -CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...) - NOT-FOR-US: Xedus -CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...) - NOT-FOR-US: WS_FTP -CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...) - NOT-FOR-US: WS_FTP -CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...) - NOT-FOR-US: Titan -CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...) - NOT-FOR-US: XOOPS -CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) - NOT-FOR-US: Thomson cable modem -CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) - TODO: check heimdal, netkit-telnet-ssl - - krb4 <unfixed> (low) - - krb5 <unfixed> (low) - - netkit-telnet <not-affected> (netkit-telnet is not affected) -CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) - NOTE: This is not a real security issue; it just describes the fact that the Gecko - NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks - NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed - NOTE: during transfer any user will cancel the transfer and if you load it from the - NOTE: hard disc, well than you have "DoSed" yourself, congratulations. - NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers - NOTE: generally try to make sense of anything even remotely resembling HTML. - TODO: This is still a bug (maybe not a security one) - TODO: and needs fixing. (IMHO, fw) -CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) - NOT-FOR-US: mailcarrier -CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...) - NOT-FOR-US: Hawking Technologies HAR11A modem/router -CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...) - NOT-FOR-US: WvTftp -CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...) - NOTE: does not affect older 2.16.7 in sid. -CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...) - NOTE: does not affect older 2.16.7 in sid. -CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) - - bugzilla 2.16.7 -CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) - - moniwiki 1.0.9 -CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...) - NOT-FOR-US: Open WorkFlow Engine -CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...) - NOT-FOR-US: Open WorkFlow Engine -CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) - NOT-FOR-US: Dwc_articles -CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...) - - rssh 2.2.2 -CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) - NOT-FOR-US: ability server -CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...) - NOT-FOR-US: ability server -CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) - NOT-FOR-US: pGina -CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...) - NOT-FOR-US: Carbon Copy -CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...) - NOT-FOR-US: UBB.threads -CAN-2004-1621 (** DISPUTED ** ...) - NOT-FOR-US: Lotus Notes -CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...) - NOT-FOR-US: Serendipity -CAN-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...) - NOT-FOR-US: Privateer's Bounty: Age of Sail II -CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: Tonecast -CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...) - NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there - - lynx <unfixed> (bug #296340; low) -CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) - - links 0.99+1.00pre12-1 (bug #296341; low) -CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) - NOT-FOR-US: Opera -CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...) - NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6 - NOTE: mozilla-browser 1.7.5-1 also ok -CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...) - NOTE: example page did not bother firefox 1.0+dfsg.1-6 - NOTE: mozilla-browser 1.7.5-1 also ok -CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...) - NOT-FOR-US: SalesLogix -CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...) - NOT-FOR-US: SalesLogix -CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...) - NOT-FOR-US: SalesLogix -CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...) - NOT-FOR-US: SalesLogix -CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) - NOT-FOR-US: SalesLogix -CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...) - NOT-FOR-US: SalesLogix -CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) - NOT-FOR-US: SalesLogix -CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...) - NOT-FOR-US: SalesLogix -CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...) - NOT-FOR-US: not our cpanel -CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...) - NOT-FOR-US: not our cpanel -CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...) - - proftpd 1.2.10-4 -CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) - NOT-FOR-US: coolphp -CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) - NOT-FOR-US: CoolPHP -CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...) - NOT-FOR-US: CoolPHP -CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...) - NOT-FOR-US: Acrobat -CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...) - NOT-FOR-US: RIM Blackberry -CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...) - NOT-FOR-US: 3COM router -CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...) - NOT-FOR-US: ShixxNote -CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) - NOT-FOR-US: FuseTalk -CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) - NOT-FOR-US: SCT email client -CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...) - NOT-FOR-US: ocPortal -CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) - NOT-FOR-US: Micronet Wireless Router -CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) - NOT-FOR-US: clientexec -CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...) - NOT-FOR-US: GoSmart -CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...) - NOT-FOR-US: GoSmart -CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) - NOT-FOR-US: Monolith Games -CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...) - NOT-FOR-US: Flash Messaging -CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) - NOT-FOR-US: Flash Messaging -CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...) - - wordpress 1.2.1-1.1 -CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) - NOT-FOR-US: FTP server in TriDComm -CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...) - NOT-FOR-US: BlackBoard -CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) - NOT-FOR-US: BlackBoard -CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) - NOT-FOR-US: CubeCart -CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) - NOT-FOR-US: CubeCart -CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...) - NOT-FOR-US: Invision Power Board -CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...) - NOT-FOR-US: phplinks -CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...) - NOT-FOR-US: Judge Dredd -CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) - - xerces25 2.5.0-4 - - xerces24 2.4.0-4 - NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432) - NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466) -CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...) - NOT-FOR-US: Vypress -CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...) - NOT-FOR-US: AJ-Fork -CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) - NOT-FOR-US: AJ-Fork -CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) - NOT-FOR-US: AJ-Fork -CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...) - NOT-FOR-US: bBlog -CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...) - NOT-FOR-US: dbPowerAmp -CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) - NOT-FOR-US: Parachat -CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) - NOT-FOR-US: Silent Storm Portal -CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) - NOT-FOR-US: Silent Storm Portal -CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) - NOT-FOR-US: w-Agora -CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) - NOT-FOR-US: w-Agora -CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...) - NOT-FOR-US: w-Agora -CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) - NOT-FOR-US: w-Agora -CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...) - - icecast2 2.0.2.debian-1 -CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Microsoft SQL Server -CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...) - - wordpress 1.2.2-1.1 -CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...) - NOT-FOR-US: YahooPOPS -CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...) - NOT-FOR-US: MyWebServer -CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: MyWebServer -CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) - NOT-FOR-US: BroadBoard Instant ASP Message Board -CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...) - NOT-FOR-US: @lex GuestBook -CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) - NOT-FOR-US: aspWebAlbum -CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) - NOT-FOR-US: aspWebCalendar -CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...) - NOT-FOR-US: PafileDB -CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...) - NOT-FOR-US: Motorola Router -CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...) - NOT-FOR-US: ActivePost -CAN-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...) - NOT-FOR-US: ActivePost -CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) - NOT-FOR-US: ActivePost -CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...) - NOT-FOR-US: MDaemon -CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) - - moniwiki 1.0.9-4 -CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...) - NOT-FOR-US: Kyako ESupport -CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...) - NOT-FOR-US: Tarantella Secure Global Desktop -CAN-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...) - NOT-FOR-US: paNews -CAN-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) - NOT-FOR-US: GProFTPD -CAN-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...) - NOT-FOR-US: Glftpd -CAN-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) - NOT-FOR-US: TrackerCam -CAN-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) - NOT-FOR-US: TrackerCam -CAN-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...) - NOT-FOR-US: TrackerCam -CAN-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...) - NOT-FOR-US: TrackerCam -CAN-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...) - NOT-FOR-US: TrackerCam -CAN-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...) - NOT-FOR-US: Invision Power Board -CAN-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...) - NOT-FOR-US: hpm_guestbook.cgi -CAN-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...) - NOT-FOR-US: paFAQ -CAN-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...) - - webcalendar 0.9.45-3 -CAN-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...) - - gaim 1:1.1.3-1 -CAN-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...) - {DSA-716-1} - - gaim 1:1.1.3-1 -CAN-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...) - NOT-FOR-US: SUN JRE -CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...) - - wpasupplicant 0.3.8-1 -CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...) - {DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1} - - krb4 1.2.2-11.2 (bug #306141) - - krb5 1.3.6-2 - - netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036) - - netkit-telnet 0.17-28 - - heimdal 0.6.3-10 -CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) - {DSA-731-1 DSA-703-1} - - krb5 1.3.6-2 - - krb4 1.2.2-11.2 (bug #306141) - TODO: check netkit-telnet, netkit-telnet-ssl -CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...) - - putty 0.57-1 -CAN-2005-0466 - RESERVED -CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...) - NOT-FOR-US: SGI IRIX -CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...) - NOT-FOR-US: SGI IRIX -CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) - - jspwiki 2.0.52-8 -CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) - NOT-FOR-US: KorWeblog -CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) - NOT-FOR-US: Soldier of Fortune -CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) - NOT-FOR-US: SecureCRT -CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) - NOT-FOR-US: ZyXEL Routers -CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) - NOT-FOR-US: Halo: Combat Evolved -CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) - NOT-FOR-US: PHPKIT -CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) - NOT-FOR-US: PHPKIT -CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) - NOT-FOR-US: Invision Power Board -CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...) - NOT-FOR-US: Cash Mod module of phpbb2 -CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) - NOT-FOR-US: ZoneAlarm -CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) - NOT-FOR-US: DMS POP3 -CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) - NOT-FOR-US: AppServ -CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) - NOT-FOR-US: Invision Power Board -CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) - NOT-FOR-US: PHP-Nuke -CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) - NOT-FOR-US: MSIE -CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) - NOT-FOR-US: Hired Team -CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) - NOT-FOR-US: Hired Team -CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) - NOT-FOR-US: Hired Team -CAN-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) - NOT-FOR-US: Hired Team -CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) - NOT-FOR-US: Army Men RTS -CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) - NOT-FOR-US: Eudora -CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) - NOT-FOR-US: IPSwitch IMail -CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) - NOT-FOR-US: phpBugTracker -CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) - NOT-FOR-US: Phorum -CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) - NOT-FOR-US: Zone Labs IMsecure -CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) - NOT-FOR-US: phpWebSite -CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) - NOT-FOR-US: vBulletin -CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: 04Webserver -CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) - NOT-FOR-US: 04Webserver -CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) - NOT-FOR-US: 04Webserver -CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) - NOT-FOR-US: Hotfoon -CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) - - webcalendar 0.9.45-1 -CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) - - webcalendar 0.9.45-1 -CAN-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) - - webcalendar 0.9.45-1 -CAN-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) - - webcalendar 0.9.45-1 -CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) - - webcalendar 0.9.45-1 -CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) - NOT-FOR-US: JAF -CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) - NOT-FOR-US: JAF -CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) - NOT-FOR-US: Sun JRE -CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) - NOT-FOR-US: 602 Lan Suite -CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) - NOT-FOR-US: 602 Lan Suite -CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) - NOT-FOR-US: Lithtech -CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) - NOT-FOR-US: HELM -CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) - NOT-FOR-US: HELM -CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) - NOT-FOR-US: Web Forums Server -CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) - NOT-FOR-US: Web Forums Server -CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) - NOT-FOR-US: WinRAR -CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) - NOT-FOR-US: XDICT -CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) - NOT-FOR-US: Master of Orion -CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) - NOT-FOR-US: Master of Orion -CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) - NOT-FOR-US: ulog-php -CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) - NOT-FOR-US: MercuryBoard -CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...) - NOT-FOR-US: NewsBruiser -CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...) - NOT-FOR-US: MercuryBoard -CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...) - NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> : - NOTE: I think it is not a problem on Debian as far as everybody knows the full - NOTE: path of phpMyAdmin is /usr/share/phpmyadmin. -CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...) - NOT-FOR-US: oscommerce -CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...) - NOT-FOR-US: Opera -CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...) - NOT-FOR-US: Opera -CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...) - NOT-FOR-US: Opera -CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) - NOT-FOR-US: Opera -CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...) - NOT-FOR-US: Opera -CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) - NOT-FOR-US: Real -CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) - NOT-FOR-US: DCP-Portal -CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) - NOT-FOR-US: Lighttpd -CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Sami HTTP Server -CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...) - NOT-FOR-US: Sami HTTP Server -CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) - NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html - NOTE: The vulnerable code has been removed from the kernel in favor of a better - NOTE: fix between 2.6.11 and 2.6.12, see - NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82" - - kernel-source-2.6.8 2.6.8-14 (bug #295949; high) - - linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12) -CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) - {DSA-696-1} - - perl 5.8.4-7 -CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...) - NOT-FOR-US: Quake3 -CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Solaris -CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...) - {DSA-688-1} - - squid 2.5.8-3 -CAN-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...) - NOTE: Not in testing, only sid - NOTE: Was once part of Debian, but has been removed -CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...) - NOT-FOR-US: VMware -CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...) - NOT-FOR-US: CubeCart -CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...) - NOT-FOR-US: CubeCart -CAN-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...) - NOT-FOR-US: Sybase -CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...) - - elog 2.5.7+r1558-1 -CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...) - - elog 2.5.7+r1558-1 -CAN-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...) - - awstats 6.3-1 -CAN-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...) - - awstats 6.3-1 -CAN-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...) - - awstats 6.3-1 -CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...) - - awstats 6.3-1 -CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...) - NOT-FOR-US: PHP-Nuke -CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...) - NOT-FOR-US: Barracuda Spam Firewall -CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...) - NOT-FOR-US: vBulletin -CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) - - pdns 2.9.16-6 -CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...) - - webmin 1.180-1 -CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...) - NOT-FOR-US: Solaris -CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...) - NOT-FOR-US: Websphere -CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...) - NOT-FOR-US: ASPjar Guestbook -CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...) - NOT-FOR-US: ASPjar Guestbook -CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...) - NOT-FOR-US: DelphiTurk -CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...) - NOT-FOR-US: DelphiTurk -CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...) - NOT-FOR-US: Microsoft -CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...) - NOT-FOR-US: 3com -CAN-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) - NOT-FOR-US: Sun Java -CAN-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...) - NOT-FOR-US: IBM DB2 -CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) - NOT-FOR-US: Windows -CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...) - NOT-FOR-US: Emdros -CAN-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...) - NOT-FOR-US: MercuryBoard -CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...) - NOT-FOR-US: MyPHP Forum -CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...) - NOT-FOR-US: Spidean PostWrap -CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) - NOT-FOR-US: CitrusDB -CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...) - NOT-FOR-US: CitrusDB -CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...) - NOT-FOR-US: CitrusDB -CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) - NOT-FOR-US: CitrusDB -CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) - NOT-FOR-US: Openconf -CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) - TODO: check all softwares that modifies JPEG images in Debian... - - imagemagick <unfixed> (bug #298051; low) -CAN-2005-0405 - RESERVED -CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) - NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html - NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 - NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html - NOTE: see http://secunia.com/advisories/14925 - NOTE: kde maintainers informed of it by security team - - kdepim <unfixed> (bug #305601; medium) - NOTE: On woody, kmail is part of kdenetwork, but there is no GnuPG - NOTE: support, so this issue is not very important. -CAN-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...) - - glibc <not-affected> (Specific to the NPTL backport for RHEL 3) -CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) - - mozilla-firefox 1.0.2-1 -CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...) - - mozilla-firefox 1.0.2-1 - - mozilla-thunderbird 1.0.2-1 -CAN-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...) - - kernel-source-2.4.27 2.4.27-10 (bug #303294) - - kernel-source-2.6.8 2.6.8-16 (bug #303294) -CAN-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...) - - mozilla-firefox 1.0.2-1 - - mozilla-thunderbird 1.0.2-1 -CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...) - - racoon 1:0.5-5 -CAN-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...) - {DSA-702-1} - - imagemagick 6:6.0.6.2-2.2 (bug #297990) -CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...) - NOTE: fix in -4 was broken - - kdelibs 4:3.3.2-6 -CAN-2005-0395 - REJECTED -CAN-2005-0394 - RESERVED -CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...) - {DSA-733-1} - TODO: check -CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...) - {DSA-725-2 DSA-725-1} - TODO: check -CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) - {DSA-712-1} - - geneweb 4.10-7 (bug #304405) -CAN-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...) - {DSA-706-1} - - axel 1.0b-1 -CAN-2005-0389 - REJECTED -CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...) - {DSA-704-1} - - remstats 1.0.13a-5 -CAN-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...) - {DSA-704-1} - - remstats 1.0.13a-5 -CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) - {DSA-700-1} - - mailreader 2.3.29-11 -CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...) - {DSA-693-1} - - luxman 0.41-20 (bug #299857) -CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...) - - kernel-source-2.6.8 2.6.8-15 - - kernel-source-2.4.27 2.4.27-9 -CAN-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...) - - wget 1.9.1-11 -CAN-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...) - - wget 1.9.1-11 -CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...) - NOT-FOR-US: Trend Micro Control Manager -CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: Breed game -CAN-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...) - NOT-FOR-US: forumKIT -CAN-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...) - NOT-FOR-US: ZeroBoard -CAN-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...) - NOT-FOR-US: ZeroBoard -CAN-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...) - NOTE: horde 2.0 not vulnerable -CAN-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) - NOT-FOR-US: sgallery -CAN-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...) - NOT-FOR-US: sgallery -CAN-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...) - NOT-FOR-US: sgallery -CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...) - NOT-FOR-US: bitboard -CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...) - NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details - NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there - NOTE: cyrus-sasl2 already has patch applied - NOTE: cyrus-sasl code seems too old for any of the problems to apply -CAN-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...) - {DSA-686-1} - - gftp 2.0.18-1 - NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong. -CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) - - armagetron <unfixed> (bug #296840; low) -CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) - - armagetron 0.2.7.0-1 -CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) - - armagetron 0.2.7.0-1 -CAN-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...) - NOT-FOR-US: CMScore -CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...) - NOT-FOR-US: ArGoSoft Mail Server -CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...) - - gnupg 1.4.1-1 -CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...) - NOT-FOR-US: bind on hp-ux -CAN-2005-0361 - RESERVED -CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...) - NOT-FOR-US: Microsoft -CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...) - NOT-FOR-US: EMC Legato -CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...) - NOT-FOR-US: EMC Legato -CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...) - NOT-FOR-US: EMC Legato -CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) - NOTE: linux is not vulnerable, see #310804 - - kfreebsd5-source 5.3-15 (medium) -CAN-2005-0355 - RESERVED -CAN-2005-0354 - RESERVED -CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...) - NOT-FOR-US: Sentinel License Manager -CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...) - NOT-FOR-US: Servers Alive -CAN-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...) - NOT-FOR-US: SCO OpenServer -CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...) - NOT-FOR-US: F-Secure Anti-Virus -CAN-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...) - NOT-FOR-US: BrightStor ARCserve Backup -CAN-2004-9999 - REJECTED -CAN-2004-9998 - REJECTED -CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...) - NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux -CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...) - NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped - NOTE: atftp checks h_length - NOTE: netkit-tftp not vulnerable - - tftpd-hpa <unfixed> (bug #295297; unimportant) - NOTE: The address length comes from libc, not the network. -CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...) - - socat 1.4.0.3-1 -CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) - NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series -CAN-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...) - NOT-FOR-US: BNC irc proxy -CAN-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...) - NOT-FOR-US: Real -CAN-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...) - NOT-FOR-US: HP StorageWorks Command View XP -CAN-2004-1479 - REJECTED -CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...) - NOT-FOR-US: JRun -CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) - NOT-FOR-US: JRun -CAN-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...) - - xine-lib 1-rc6 - - libcdio 0.69 -CAN-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...) - - xine-lib 1-rc6 -CAN-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) - NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances -CAN-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) - NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances -CAN-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) - NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances -CAN-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...) - - cvs 1:1.12.9 -CAN-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...) - NOT-FOR-US: snipsnap -CAN-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...) - NOT-FOR-US: SUS -CAN-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...) - - webmin 1.160 - - usermin 1.090 -CAN-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...) - - egroupware 1.0.00.004 -CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...) - - gallery 1.4.4-pl2 -CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...) - NOT-FOR-US: WinZip -CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...) - NOT-FOR-US: Cisco -CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) - - moin 1.2.3-1 -CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...) - - moin 1.2.3-1 -CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...) - NOT-FOR-US: Cisco -CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...) - NOT-FOR-US: Cisco -CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...) - NOT-FOR-US: Cisco -CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...) - NOT-FOR-US: Cisco -CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...) - NOT-FOR-US: Novell -CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...) - - cvstrac 1.1.4-1 -CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...) - - xine-lib 1-rc5-1.1 -CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) - NOT-FOR-US: Cisco -CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...) - NOTE: according to GOTO Masanori this is not a security problem - NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210 -CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...) - NOT-FOR-US: Gentoo specific -CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...) - NOTE: mozilla 2:1.6-1 -CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) - - mozilla 2:1.7.1-1 -CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...) - - mozilla 2:1.7-1 -CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...) - NOT-FOR-US: Jetbox One -CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...) - NOT-FOR-US: Jetbox One -CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...) - NOT-FOR-US: ScreenOS -CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...) - - nessus-core 2.0.12-1 -CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) - - roundup 0.7.3-1 -CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) - - imp3 3.2.5-1 -CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) - NOT-FOR-US: db2www -CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...) - NOT-FOR-US: Board Power -CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...) - - putty 0.56-1 -CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...) - NOT-FOR-US: BlackJumboDog -CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...) - - subversion 1.0.6-1 -CAN-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...) - - pavuk 0.9pl28-3.1 -CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...) - NOT-FOR-US: Cisco -CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - NOT-FOR-US: Cisco -CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - NOT-FOR-US: Cisco -CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - NOT-FOR-US: Cisco -CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - NOT-FOR-US: Cisco -CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) - NOT-FOR-US: FormMail.php != nms-formmail -CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...) - NOT-FOR-US: Arcade.php -CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...) - NOT-FOR-US: ArGoSoft -CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) - NOT-FOR-US: ArGoSoft -CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...) - NOT-FOR-US: KorWeblog -CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) - NOT-FOR-US: KorWeblog -CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) - - moodle 1.4.3-1 -CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) - - moodle 1.4.3-1 -CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...) - NOT-FOR-US: PHP-Calendar -CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) - NOT-FOR-US: WHM AutoPilot -CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...) - NOT-FOR-US: WHM AutoPilot -CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) - NOT-FOR-US: WHM AutoPilot -CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...) - NOT-FOR-US: ZeroBoard -CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) - NOT-FOR-US: WPKontakt -CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...) - NOT-FOR-US: PsychoStats -CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...) - NOT-FOR-US: RealOne IE plugin -CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...) - NOT-FOR-US: 2Bgal -CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...) - NOT-FOR-US: Kayako -CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) - NOT-FOR-US: Kayako -CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...) - NOT-FOR-US: Image Gallery Web Application -CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...) - NOT-FOR-US: Image Gallery Web Application -CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...) - NOT-FOR-US: Image Gallery Web Application -CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) - NOT-FOR-US: Ikonboard -CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) - - mediawiki 1.4.9 (bug #276057) -CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) - NOT-FOR-US: Attachment Mod for phpBB -CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...) - NOT-FOR-US: GNUBoard -CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) - NOT-FOR-US: iWebNegar -CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...) - NOT-FOR-US: Asp-rider -CAN-2004-1400 (The control panel in ASP Calendar does not require authentication to ...) - NOT-FOR-US: ASP Calendar -CAN-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) - NOT-FOR-US: Attachment Mod for phpBB -CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...) - NOT-FOR-US: MacOSX -CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...) - - usemod-wiki 1.0-6 -CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...) - NOT-FOR-US: Winamp -CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) - NOT-FOR-US: Lithtech engine -CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) - - monit 1:4.2.1-1 -CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...) - - monit 1:4.2.1-1 -CAN-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...) - - kdelibs 4:3.3.2-2 -CAN-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...) - {DSA-682-1} - - awstats 6.2-1.2 -CAN-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...) - - awstats 6.2-1.2 - NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff - NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf -CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...) - NOT-FOR-US: Woltlab Burning Book -CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...) - NOT-FOR-US: RealArcade -CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...) - NOT-FOR-US: RealArcade -CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) - NOT-FOR-US: SafeNet -CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...) - NOT-FOR-US: php-fusion -CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...) - NOT-FOR-US: 602LAN SUITE -CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) - NOT-FOR-US: PerlDesk -CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...) - NOT-FOR-US: Apple -CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...) - NOT-FOR-US: Apple -CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...) - NOT-FOR-US: Apple -CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...) - NOT-FOR-US: Foxmail -CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...) - NOT-FOR-US: Savant Web Server -CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...) - - postfix 2.1.4-5 -CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...) - NOT-FOR-US: eMotion MediaPartner -CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...) - NOT-FOR-US: eMotion MediaPartner -CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) - NOT-FOR-US: Linksys -CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...) - NOT-FOR-US: LanChat -CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...) - NOT-FOR-US: DeskNow Mail server -CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) - NOT-FOR-US: Winrar -CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...) - NOT-FOR-US: Painkiller -CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) - NOT-FOR-US: ZipGenius -CAN-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...) - NOT-FOR-US: Netgear -CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...) - NOT-FOR-US: PafileDB -CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) - NOT-FOR-US: PafileDB -CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...) - NOT-FOR-US: Xpand Rally -CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...) - NOT-FOR-US: Infinite Mobile Delivery Webmail -CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...) - NOT-FOR-US: Infinite Mobile Delivery Webmail -CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...) - NOT-FOR-US: Merak Mail server -CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...) - NOT-FOR-US: Merak Mail server -CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...) - NOT-FOR-US: Merak Mail server -CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...) - NOT-FOR-US: Webadmin -CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...) - NOT-FOR-US: Webadmin -CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...) - NOT-FOR-US: Webadmin -CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) - NOT-FOR-US: WebWasher -CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) - NOT-FOR-US: Magic Winmail -CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) - NOT-FOR-US: Magic Winmail -CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...) - NOT-FOR-US: Magic Winmail -CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...) - NOT-FOR-US: WarFTPD under NT -CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) - NOT-FOR-US: Ingate -CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: Exponent -CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) - NOT-FOR-US: Exponent -CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...) - NOT-FOR-US: W32Dasm -CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - NOT-FOR-US: MercuryBoard -CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...) - NOT-FOR-US: MercuryBoard -CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...) - NOT-FOR-US: Siteman -CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...) - NOT-FOR-US: DivX Player -CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - NOT-FOR-US: BackOffice Lite -CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) - NOT-FOR-US: BackOffice Lite -CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...) - NOT-FOR-US: BackOffice Lite -CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) - - jsboard 2.0.10-1 -CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...) - - gforge 3.1-26 -CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...) - NOT-FOR-US: Oracle -CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...) - NOT-FOR-US: Oracle -CAN-2005-0296 (** DISPUTED ** ...) - NOT-FOR-US: Novell -CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...) - NOT-FOR-US: nProtect -CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Minis -CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...) - NOT-FOR-US: Minis -CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...) - NOT-FOR-US: phpGiftReg -CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) - NOT-FOR-US: NetGear -CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...) - NOT-FOR-US: NetGear -CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...) - NOT-FOR-US: Apple -CAN-2005-0288 (The change password functionality in Bottomline Webseries Payment ...) - NOT-FOR-US: BottomLine WebSeries -CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...) - NOT-FOR-US: BottomLine WebSeries -CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) - NOT-FOR-US: eMotion MediaPartner -CAN-2005-0285 (Webseries Payment Application does not properly restrict privileged ...) - NOT-FOR-US: BottomLine WebSeries -CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) - NOT-FOR-US: QwikiWiki -CAN-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) - NOT-FOR-US: MyBB -CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) - NOT-FOR-US: Soldner Secret -CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...) - NOT-FOR-US: Soldner Secret -CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...) - NOT-FOR-US: Soldner Secret -CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) - NOT-FOR-US: 3COM 3CDaemon -CAN-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...) - NOT-FOR-US: 3COM 3CDaemon -CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...) - NOT-FOR-US: 3COM 3CDaemon -CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) - NOT-FOR-US: 3COM 3CDaemon -CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) - NOT-FOR-US: PhotoPost -CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) - NOT-FOR-US: PhotoPost -CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...) - NOT-FOR-US: ReviewPost -CAN-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...) - NOT-FOR-US: ReviewPost -CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) - NOT-FOR-US: ReviewPost -CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...) - NOT-FOR-US: GNUBoard -CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...) - NOT-FOR-US: FlatNuke -CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...) - NOT-FOR-US: FlatNuke -CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) - NOT-FOR-US: SugerCRM -CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...) - NOT-FOR-US: OWL intranet -CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...) - NOT-FOR-US: OWL intranet -CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...) - NOT-FOR-US: AIX -CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...) - NOT-FOR-US: AIX -CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...) - NOT-FOR-US: AIX -CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...) - NOT-FOR-US: ARCserve Backup -CAN-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...) - - phpbb2 2.0.12-1 -CAN-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...) - - phpbb2 2.0.12-1 -CAN-2005-0257 - RESERVED -CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...) - {DSA-705-1} - - wu-ftpd 2.6.2-19 -CAN-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...) - - mozilla-firefox 1.0.1 - NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - - mozilla 2:1.7.6 -CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) - NOT-FOR-US: BibORB -CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) - NOT-FOR-US: BibORB -CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...) - NOT-FOR-US: BibORB -CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...) - NOT-FOR-US: BibORB -CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...) - NOT-FOR-US: AIX -CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...) - NOT-FOR-US: Symantec AntiVirus Library -CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...) - NOT-FOR-US: Solaris -CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...) - {DSA-683-1} - - postgresql 7.4.7-2 -CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...) - - postgresql 7.4.7-1 -CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...) - {DSA-683-1} - - postgresql 7.4.7-1 -CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) - - postgresql 7.4.7-1 -CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) - NOT-FOR-US: Yahoo! Messenger -CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) - NOT-FOR-US: Yahoo! Messenger -CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) - - squid 2.5.7-7 -CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...) - NOT-FOR-US: Solaris -CAN-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...) - NOT-FOR-US: Solaris -CAN-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) - NOT-FOR-US: Solaris -CAN-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) - NOT-FOR-US: Solaris -CAN-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...) - NOT-FOR-US: Solaris -CAN-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...) - NOT-FOR-US: Solaris -CAN-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...) - NOT-FOR-US: Solaris -CAN-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...) - NOT-FOR-US: Solaris -CAN-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) - NOT-FOR-US: Solaris -CAN-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...) - NOT-FOR-US: Solaris -CAN-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...) - NOT-FOR-US: Solaris -CAN-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...) - NOT-FOR-US: Solaris -CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...) - NOT-FOR-US: Solaris -CAN-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...) - NOT-FOR-US: Solaris -CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...) - NOT-FOR-US: Solaris -CAN-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) - NOT-FOR-US: Solaris -CAN-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) - NOT-FOR-US: Solaris -CAN-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...) - NOT-FOR-US: Solaris -CAN-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) - NOT-FOR-US: Solaris -CAN-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...) - NOT-FOR-US: Solaris -CAN-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) - NOT-FOR-US: Solaris -CAN-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...) - NOT-FOR-US: Solaris -CAN-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) - NOT-FOR-US: Solaris -CAN-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) - NOT-FOR-US: Solaris -CAN-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...) - NOT-FOR-US: Solaris -CAN-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...) - NOT-FOR-US: Solaris -CAN-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) - NOT-FOR-US: Solaris -CAN-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...) - NOT-FOR-US: Solaris -CAN-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...) - NOT-FOR-US: Solaris -CAN-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...) - NOT-FOR-US: Solaris -CAN-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...) - NOT-FOR-US: Solaris -CAN-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...) - NOT-FOR-US: Solaris -CAN-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) - NOT-FOR-US: Mailtool for OpenWindows -CAN-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...) - NOT-FOR-US: Solaris -CAN-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...) - NOT-FOR-US: Solaris -CAN-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...) - NOT-FOR-US: Solaris -CAN-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...) - NOT-FOR-US: Solaris -CAN-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...) - NOT-FOR-US: Solaris -CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) - NOT-FOR-US: AIX -CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) - NOT-FOR-US: S/MIME plugin -CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) - NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381 - - epiphany-browser 1.4.8-2 -CAN-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...) - - kdelibs 4:3.3.2-3 -CAN-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...) - NOT-FOR-US: Omniweb -CAN-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...) - NOT-FOR-US: Opera -CAN-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...) - NOT-FOR-US: Safari -CAN-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...) - NOTE: IDN is now disabled by default in firefox, but there may be a more elegant - NOTE: solution in the future - - mozilla-firefox 1.0.1-1 - - mozilla 2:1.7.6-1 -CAN-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...) - - mozilla-firefox 1.0+dfsg.1-6 -CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) - - mozilla-firefox 1.0+dfsg.1-6 -CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) - NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link - NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers - NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser - NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF - NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet. - NOT-FOR-US: Firefox on Windows -CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) - NOT-FOR-US: CitrusDB -CAN-2005-0228 - REJECTED -CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...) - {DSA-668-1} - - postgresql 7.4.7-1 -CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...) - NOT-FOR-US: ngIRCd -CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...) - - firehol 1.214-4 -CAN-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...) - NOT-FOR-US: HP-UX -CAN-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...) - NOT-FOR-US: Java SDK and RTE for Tru64 UNIX -CAN-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...) - - gallery 1.4.4-pl5-1 -CAN-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...) - - gallery 1.4.4-pl5-1 -CAN-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...) - - gallery 1.4.4-pl5-1 -CAN-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...) - - gallery 1.4.4-pl5-1 -CAN-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...) - NOT-FOR-US: Invision Community Blog -CAN-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...) - NOT-FOR-US: Woltlab Burning Board Lite -CAN-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...) - NOT-FOR-US: Mozilla 1.6 for Windows -CAN-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...) - NOT-FOR-US: SPHPBlog -CAN-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...) - NOT-FOR-US: WinHKI -CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...) - NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier -CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...) - {DSA-667-1} - - squid 2.5.7-6 -CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...) - NOTE: fixed in ubuntu kernels - NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant - NOTE: was bug #300838 - - kernel-source-2.6.8 2.6.8-15 - - kernel-source-2.4.27 2.4.27-9 -CAN-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...) - NOTE: <horms> all kernels seem to be clear with regards to 2005-0209 - NOTE: <dilinger> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is in all our kernels - - kernel-source-2.4.27 2.4.27-9 -CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) - - gaim 1:1.1.4 -CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...) - NOTE: this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch - NOTE: http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA - NOTE: fixed in upstream 2.6.10, 2.6.9 is dead - - kernel-source-2.6.8 2.6.8-14 -CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) - NOTE: turns out that xpdf, kpdf, tetex-bin and pdftohtml were patched for CAN-2004-0888 with - NOTE: a fixed patch from the beginning, cupsys doesn't include xpdf code any more - NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 - NOTE: gpdf ok, all implementations seem ok -CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) - {DSA-692-1} - - kdenetwork 4:3.1.6 -CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...) - NOTE: According to a question on linux-kernel 2.6 is not vulnerable - - kernel-source-2.4.27 2.4.27-12 (bug #296700) -CAN-2005-0203 - REJECTED -CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...) - {DSA-674-1} - - mailman 2.1.5-6 -CAN-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...) - - dbus 0.22 -CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) - NOT-FOR-US: TikiWiki -CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...) - NOT-FOR-US: ngIRCd -CAN-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...) - NOT-FOR-US: Cisco -CAN-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...) - NOT-FOR-US: Cisco -CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...) - NOT-FOR-US: Cisco -CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...) - {DSA-667-1} - - squid 2.5.7-7 -CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...) - NOT-FOR-US: mRouter in iSync in OS X -CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...) - NOT-FOR-US: RealPlayer -CAN-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...) - NOT-FOR-US: RealPlayer -CAN-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...) - NOT-FOR-US: RealPlayer -CAN-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...) - NOT-FOR-US: RealPlayer -CAN-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...) - NOT-FOR-US: AtHoc toolbar -CAN-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...) - NOT-FOR-US: AtHoc toolbar -CAN-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...) - NOT-FOR-US: CIsco -CAN-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...) - NOT-FOR-US: NodeManager Professional -CAN-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...) - NOT-FOR-US: vacation plugin -CAN-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...) - NOT-FOR-US: vacation plugin -CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...) - NOT-FOR-US: mod_dosevasive module for apache -CAN-2005-0181 - RESERVED -CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...) - - kernel-source-2.6.8 2.6.8-12 - - kernel-source-2.6.9 2.6.9-5 - - kernel-source-2.6.10 2.6.10-2 -CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...) - NOTE: Does not apply to 2.6.8 - NOTE: Fix in 2.6.9-6 pending upload - - kernel-source-2.6.9 2.6.9-6 - - kernel-source-2.6.10 2.6.10-4 -CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...) - NOTE: see USN-82-1 - NOTE: <horms> hacim: at a cursory glance, 2.4.27 does not seem to have been fixed with regards to that problem - NOTE: <horms> although it was supposed to be fixed in 2.4.25-2 according to my notes - NOTE: <horms> i would try asking marcello - NOTE: reponse from Marcelo: No - v2.4 is safe because back there current->signal was not shared. - - kernel-source-2.6.8 2.6.8-14 - - kernel-source-2.6.9 2.6.9-6 - - kernel-source-2.6.10 2.6.10-6 -CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...) - NOTE: According to joshk, doesn't apply to 2.4.27 - NOTE: see USN-82-1 - - kernel-source-2.6.8 2.6.8-14 - - kernel-source-2.6.9 2.6.9-6 - - kernel-source-2.6.10 2.6.10-6 -CAN-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...) - NOTE: see USN-82-1 - NOTE: only affects 2.6.9 - - kernel-source-2.6.9 2.6.9-6 -CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...) - - php4 4:4.3.10-3 -CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) - NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP -CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...) - NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP -CAN-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...) - NOT-FOR-US: Veritas NetBackup Administrative Assistant -CAN-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...) - - gpsd 2.7-4 -CAN-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) - - apache 1.3.33-3 -CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...) - NOT-FOR-US: TikiWiki -CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...) - - phpgroupware 0.9.16.005-1 -CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...) - - phpgroupware 0.9.16.005-1 -CAN-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) - - phpgroupware 0.9.16.005-1 -CAN-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...) - - glibc 2.3.2.ds1-19 -CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...) - - clamav 0.81 -CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...) - - uw-imap 7:2002edebian1-6 -CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) - {DSA-667-1} - - squid 2.5.7-6 -CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) - - squid 2.5.7-6 -CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...) - {DSA-667-1} - - squid 2.5.7-4 -CAN-2005-0172 - RESERVED -CAN-2005-0171 - RESERVED -CAN-2005-0170 - RESERVED -CAN-2005-0169 - RESERVED -CAN-2005-0168 - RESERVED -CAN-2005-0167 - RESERVED -CAN-2005-0166 - RESERVED -CAN-2005-0165 - RESERVED -CAN-2005-0164 - RESERVED -CAN-2005-0163 - RESERVED -CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...) - - openswan 2.3.0-2 - NOTE: does not seem to affect freeswan -CAN-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...) - - unace 1.2b-3 -CAN-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...) - - unace 1.2b-3 -CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...) - {DSA-679-1} - - toolchain-source 3.4-5 -CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) - {DSA-687-1} - - bidwatcher 1.3.17-1 -CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...) - {DSA-720-1} - - smartlist 3.15-18 -CAN-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...) - - perl 5.8.4-6 -CAN-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...) - - perl 5.8.4-6 - - mooix 1.0rc5.pre4 -CAN-2005-0154 - RESERVED -CAN-2005-0153 - RESERVED -CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...) - {DSA-662-1} - NOTE: This bug exists only in version 1.2.6. -CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) - NOT-FOR-US: Adobe License Management Software -CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) - - mozilla-firefox 1.0 -CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) - - mozilla-thunderbird 0.7 - - mozilla 2:1.7.4 -CAN-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...) - NOT-FOR-US: thunderbird on windows -CAN-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2005-0145 (Firefox before 1.0 does not properly distinguish between ...) - - mozilla-firefox 1.0 -CAN-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...) - - mozilla-firefox 1.0 - - mozilla-thunderbird 0.7 - - mozilla 2:1.7.5 -CAN-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) - NOT-FOR-US: PeID -CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...) - NOT-FOR-US: Irix -CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...) - NOT-FOR-US: Irix -CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) - NOTE: Does not affect 2.6 based kernels in Debian - - kernel-source-2.4.27 2.4.27-10 (bug #308584) -CAN-2005-0136 - RESERVED - - kernel-source-2.6.8 2.6.8-14 -CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) - - kernel-source-2.6.8 2.6.8-14 -CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...) - NOT-FOR-US: SCO UnixWare -CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...) - - mozilla-firefox 1.0 - - mozilla 2:1.7.5 -CAN-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...) - - clamav 0.80-0.81rc1-1 -CAN-2005-0132 - RESERVED -CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...) - - konversation 0.15-3 -CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...) - - konversation 0.15-3 -CAN-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) - - konversation 0.15-3 -CAN-2005-0128 - RESERVED -CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) - NOT-FOR-US: MacOS -CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) - NOT-FOR-US: MacOS -CAN-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) - NOT-FOR-US: MacOS -CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) - - kernel-source-2.4.27 2.4.27-8 - NOTE: 2.6.8 apparently ok -CAN-2005-0123 - RESERVED -CAN-2005-0122 - REJECTED -CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) - NOT-FOR-US: golddig -CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...) - NOT-FOR-US: helvis -CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...) - NOT-FOR-US: helvis -CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...) - NOT-FOR-US: helvis -CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...) - - xshisen 1.51-1-1.1 (bug #289784) -CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) - - awstats 6.2-1.1 -CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...) - NOT-FOR-US: DataRescue Interactive Disassembler -CAN-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...) - NOT-FOR-US: ZoneAlarm -CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...) - NOT-FOR-US: IRIX -CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...) - NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point -CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...) - - maxdb-7.5.00 7.5.00.18 -CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) - NOT-FOR-US: MSIE -CAN-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...) - NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical - NOTE: attack, paranoid people should disable hyper threading - - kfreebsd5-source 5.3-11 -CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...) - {DSA-659-1} - - libapache-mod-auth-radius 1.5.7-6 - - libpam-radius-auth 1.3.16-3 -CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...) - {DSA-690-1} - - bsmtpd 2.3pl8b-16 -CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...) - - libnet-ssleay-perl 1.25-1.1 -CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...) - {DSA-684-1} - - typespeed 0.4.4-8 -CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...) - {DSA-662-1} - TODO: check - - squirrelmail 2:1.4.4 -CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...) - - squirrelmail 2:1.4.4-1 -CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...) - {DSA-673-1} - - evolution 2.0.3-1.2 -CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...) - - newspost 2.1.1-2 -CAN-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...) - {DSA-685-1 DSA-671-1 DSA-670-1} - - emacs21 21.3+1-9 - - xemacs21 21.4.16-2 -CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...) - {DSA-691-1} - NOTE: abuse is only in woody. -CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...) - {DSA-691-1} - NOTE: abuse is only in woody. -CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...) - - squid 2.5.7-4 -CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...) - - squid 2.5.7-4 -CAN-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...) - {DSA-651-1} - - squid 2.5.7-4 -CAN-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...) - {DSA-651-1} - - squid 2.5.7-4 -CAN-2005-0093 - REJECTED -CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) - NOTE: apparently specific to redhat hugemem kernel -CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) - NOTE: apparently specific to redhat hugemem kernel -CAN-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) - NOTE: apparently specific to redhat hugemem kernel -CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...) - {DSA-666-1} - - python2.2 2.2.3-14 - - python2.3 2.3.4+2.3.5c1-2 - - python2.4 2.4-5 -CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...) - {DSA-689-1} - - libapache2-mod-python 3.1.3-3 - - libapache-mod-python 2:2.7.10-4 -CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) - NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9 - - alsa-lib 1.0.9-1 -CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) - NOT-FOR-US: redhat specific less bug -CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) - {DSA-680-1} - - htdig 1:3.1.6-11 -CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) - {DSA-653-1} - - ethereal 0.10.9-1 -CAN-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...) - NOTE: advisory is vague but implies non-Windows platforms may be vulnerable. -CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...) - - maxdb-7.5.00 7.5.00.21-1 -CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...) - - maxdb-7.5.00 7.5.00.21-1 -CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...) - {DSA-657-1} - - xine-lib 1-rc6a-1 -CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...) - - jabber 1.4.3-3 - NOTE: We do not ship jadc2s. -CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...) - - a2ps 1:4.13b-4.3 (bug #286387; bug #286385) -CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) - NOT-FOR-US: mod_access_referer -CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...) - - xshisen 1.51-1-1 (bug #213957) -CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) - - mailman 2.1.5-5 -CAN-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...) - {DSA-649-1} - TODO: check -CAN-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...) - {DSA-660-1} - TODO: check -CAN-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...) - {DSA-658-1} - TODO: check -CAN-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...) - {DSA-672-1} - - xview 3.2p1.4-19 -CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...) - - squirrelmail 2:1.4.4-1 -CAN-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...) - {DSA-676-1} - - xpcd 2.08-11.1 -CAN-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...) - {DSA-677-1} - - sympa 4.1.2-2.1 -CAN-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...) - {DSA-655-1} - TODO: check -CAN-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...) - {DSA-656-1} - TODO: check -CAN-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...) - {DSA-681-1} - TODO: check -CAN-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...) - - vim 1:6.3-058+1 -CAN-2005-0068 (The original design of ICMP does not require authentication for ...) - NOTE: general icmp design error -CAN-2005-0067 (The original design of TCP does not require that port numbers be ...) - NOTE: general tcp design error, no indication it affects linux -CAN-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...) - NOTE: general tcp design error -CAN-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) - NOTE: general tcp design error -CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...) - {DSA-648-1 DSA-645-1} - - xpdf 3.00-13 - - gpdf 2.8.2-1.2 - - pdftohtml 0.36-11 - - kdegraphics 4:3.3.2-2 - - tetex-bin 2.0.2-26 - NOTE: only affects source package, not used in binary - - cupsys <unfixed> (bug #324459; unimportant) -CAN-2005-0063 (The document processing application used by the Windows Shell in ...) - NOT-FOR-US: Microsoft -CAN-2005-0062 - RESERVED -CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) - NOT-FOR-US: Microsoft -CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...) - NOT-FOR-US: Microsoft -CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...) - NOT-FOR-US: Microsoft -CAN-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...) - NOT-FOR-US: TAPI for Windows -CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...) - NOT-FOR-US: Microsoft -CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...) - NOT-FOR-US: Microsoft -CAN-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...) - NOT-FOR-US: Microsoft -CAN-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...) - NOT-FOR-US: Microsoft -CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...) - NOT-FOR-US: Microsoft -CAN-2005-0052 - RESERVED -CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...) - NOT-FOR-US: Microsoft -CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...) - NOT-FOR-US: Microsoft -CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...) - NOT-FOR-US: Microsoft -CAN-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...) - NOT-FOR-US: Microsoft -CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) - NOT-FOR-US: Microsoft -CAN-2005-0046 - RESERVED -CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...) - NOT-FOR-US: Microsoft -CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...) - NOT-FOR-US: Microsoft -CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...) - NOT-FOR-US: iTunes -CAN-2005-0042 - RESERVED -CAN-2005-0041 - RESERVED -CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) - NOT-FOR-US: DotNetNuke -CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) - NOTE: These are known issues of IPSEC and basically every VPN system using - NOTE: encryption without authentication. - NOTE: openswan even prevents such configurations -CAN-2005-0038 - RESERVED -CAN-2005-0037 - RESERVED -CAN-2005-0036 - RESERVED -CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...) - NOT-FOR-US: Adobe -CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) - NOTE: only affects bind9 9.3.0, we have an earlier version - NOTE: fixed in 9.3.1 -CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) - - bind 1:8.4.6-1 -CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) - NOT-FOR-US: MSIE -CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) - NOT-FOR-US: HP-UX -CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...) - NOT-FOR-US: NetBSD -CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...) - NOT-FOR-US: Shoutcast -CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...) - NOT-FOR-US: IBM DB2 -CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...) - NOT-FOR-US: Oracle -CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...) - NOT-FOR-US: Oracle -CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...) - NOT-FOR-US: Oracle -CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...) - NOT-FOR-US: Oracle -CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that ...) - NOT-FOR-US: Oracle -CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...) - NOT-FOR-US: Oracle -CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...) - NOT-FOR-US: Oracle -CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...) - NOT-FOR-US: Oracle -CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...) - NOT-FOR-US: Oracle -CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...) - NOT-FOR-US: Oracle -CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...) - NOT-FOR-US: Windows -CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...) - NOT-FOR-US: Solaris -CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...) - NOT-FOR-US: Solaris -CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...) - NOT-FOR-US: Solaris -CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...) - NOT-FOR-US: ssh on Solaris -CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...) - NOT-FOR-US: Solaris -CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...) - NOT-FOR-US: Solaris -CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...) - NOT-FOR-US: Solaris -CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...) - NOT-FOR-US: Solaris -CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...) - NOT-FOR-US: Solaris -CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...) - NOT-FOR-US: Solaris -CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...) - NOT-FOR-US: Sun Java System Web Proxy Server -CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...) - NOT-FOR-US: gzip on Solaris -CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...) - NOT-FOR-US: Solaris -CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) - NOT-FOR-US: xdm on Solaris -CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...) - NOT-FOR-US: Solaris -CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) - NOT-FOR-US: Sun StorEdge Enterprise Storage Manager -CAN-2004-1344 - RESERVED -CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) - {DSA-715-1} - - cvs 1:1.12.9-12 -CAN-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...) - {DSA-715-1} - - cvs 1:1.12.9-12 -CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...) - {DSA-711-1} - - info2www 1.2.2.9-23 (bug #281655) -CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...) - {DSA-659-1} - - libpam-radius-auth 1.3.16-1.1 -CAN-2005-0032 - RESERVED -CAN-2005-0031 - RESERVED -CAN-2005-0030 - RESERVED -CAN-2005-0029 - RESERVED -CAN-2005-0028 - RESERVED -CAN-2005-0027 - RESERVED -CAN-2005-0026 - RESERVED -CAN-2005-0025 - RESERVED -CAN-2005-0024 - RESERVED -CAN-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...) - - gnome-libs <unfixed> (bug #329156) - - vte <unfixed> (bug #330907) -CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...) - - exim4 4.34-10 -CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...) - {DSA-637-1 DSA-635-1} - TODO: check -CAN-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...) - {DSA-641-1} - TODO: check -CAN-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...) - {DSA-675-1} - - hztty 2.0-6.1 -CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...) - {DSA-661-2} - - f2c 20020621-3.4 (bug #292792) -CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...) - {DSA-661-2} - - f2c 20020621-3.4 (bug #292792) -CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...) - {DSA-640-1} - TODO: check -CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...) - {DSA-650-1} - TODO: check -CAN-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...) - - ncpfs 2.2.6-1 -CAN-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...) - {DSA-665-1} - - ncpfs 2.2.6-1 -CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...) - - dillo 0.8.3-1 -CAN-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...) - - kdeedu 4:3.3.2-2 -CAN-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...) - - ethereal 0.10.9-1 -CAN-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...) - - ethereal 0.10.9-1 -CAN-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...) - - ethereal 0.10.9-1 -CAN-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...) - - ethereal 0.10.9-1 -CAN-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...) - - ethereal 0.10.9-1 -CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) - {DSA-646-1} - - imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033) -CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...) - {DSA-647-1} - - mysql-dfsg-4.1 4.1.8a-6 - - mysql-dfsg 4.0.23-3 -CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...) - - kernel-source-2.4.27 2.4.27-9 - - kernel-source-2.6.8 2.6.8-9 - - kernel-source-2.6.9 2.6.9-3 -CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) - NOT-FOR-US: poppassd_pam -CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...) - NOTE: i386 and smp specific - - kernel-source-2.6.8 2.6.8-13 - - kernel-source-2.4.27 2.4.27-8 - - kernel-image-2.4.27-i386 2.4.27-8 - - kernel-image-2.4.27-speakup 2.4.27-1.1 - - kernel-patch-powerpc-2.6.8 2.6.8-10 -CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...) - NOT-FOR-US: oracle -CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) - NOT-FOR-US: oracle -CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) - - kernel-source-2.6.8 2.6.8-14 - - kernel-source-2.6.9 2.6.9-6 - - kernel-source-2.6.10 2.6.10-1 -CAN-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) - - tetex-bin 2.0.2-25 -CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) - NOTE: Fixed in upstream 2.6.10 - - kernel-source-2.6.8 2.6.8-11 - - kernel-source-2.6.9 2.6.9-4 - - kernel-source-2.4.27 2.4.27-9 -CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) - NOTE: apparantly 2.6 only - NOTE: Fixed in upstream 2.6.10 - - kernel-source-2.6.8 2.6.8-11 - - kernel-source-2.6.9 2.6.9-4 -CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) - NOTE: Fixed in upstream 2.6.10 - - kernel-source-2.6.8 2.6.8-11 - - kernel-source-2.6.9 2.6.9-4 - - kernel-source-2.4.27 2.4.27-9 - NOTE: will be fixed in 2.4.27-9 -CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) - NOT-FOR-US: hpux -CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) - NOT-FOR-US: microsoft -CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...) - NOT-FOR-US: AIX -CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...) - NOT-FOR-US: AIX -CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) - NOT-FOR-US: hpux -CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...) - NOT-FOR-US: Crystal FTP client -CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) - NOT-FOR-US: Ultrix -CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...) - NOT-FOR-US: Microsoft -CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) - NOT-FOR-US: Netbsd -CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) - NOT-FOR-US: Microsoft/Cisco -CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) - NOT-FOR-US: Asante FM2008 -CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) - NOT-FOR-US: Asante FM2008 -CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...) - NOT-FOR-US: MSIE -CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...) - {DSA-627-1} - - namazu2 2.0.14 -CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...) - NOTE: apparently only affects netcat in windows -CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...) - - mozilla 2:1.7.5-1 (bug #288047) -CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...) - - phpbb2 2.0.10-3 -CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) - NOT-FOR-US: MacOS -CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) - NOT-FOR-US: My Firewall Plus -CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) - NOT-FOR-US: Microsoft -CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) - NOT-FOR-US: mplayer -CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) - NOT-FOR-US: mplayer -CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) - NOT-FOR-US: mplayer -CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) - {DSA-617-1} - - libtiff4 3.6.1-4 - TODO: other packages containing libtiff code may be vulnerable -CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...) - - tiff 3.7.0 (low) -CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...) - NOT-FOR-US: Windows -CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) - NOT-FOR-US: Microsoft -CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) - - file 4.12 -CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) - NOT-FOR-US: Yanf -CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) - NOT-FOR-US: YAMT -CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) - NOT-FOR-US: xlreader -CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) - - xine-lib 1-rc8-1 -CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) - NOT-FOR-US: vilistextum -CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) - NOT-FOR-US: vb2c -CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) - - unrtf 0.19.3-1.1 (bug #287038) -CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...) - - groff 1.18.1.1-5 -CAN-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) - NOTE: uml_net is only executable by users in group uml-net in Debian - NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit -CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) - - tnftp <unfixed> (bug #285902; medium) -CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) - NOT-FOR-US: rtf2latex2e -CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) - NOT-FOR-US: ringtonetools -CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) - NOT-FOR-US: qwik-smtpd -CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) - NOT-FOR-US: pgn2web -CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) - {DSA-625-1} - - pcal 4.8.0-1 -CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) - NOT-FOR-US: o3read -CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) - {DSA-623-1} - - nasm 0.98.38-1.1 (bug #285889) -CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) - NOT-FOR-US: NapShare -CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) - NOT-FOR-US: mplayer -CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) - NOTE: non-free - NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions - - mpg123 0.59r-20 (bug #287043) -CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) - NOT-FOR-US: mview -CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) - {DSA-632-1} - - linpopup 1.2.0-7 -CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) - NOT-FOR-US: junkie -CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) - NOT-FOR-US: junkie -CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) - NOT-FOR-US: jpegtoavi -CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) - NOT-FOR-US: jcabc2ps -CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) - NOT-FOR-US: IglooFTP -CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) - NOT-FOR-US: IglooFTP -CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) - NOT-FOR-US: html2hdml -CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) - NOT-FOR-US: greed - NOTE: not the game in debian, the file download tool -CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) - NOT-FOR-US: greed - NOTE: not the game in debian, the file download tool -CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) - - filter 2.4.2-1.1 -CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) - NOT-FOR-US: dxfscope -CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) - - cupsys 1.1.22-2 -CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) - - cupsys 1.1.22-2 -CAN-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) - - cupsys 1.1.22-2 -CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) - - cupsys 1.1.22-2 -CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) - NOT-FOR-US: csv2xml -CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) - NOT-FOR-US: Convex -CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) - {DSA-644-1} - - chbg 1.5-4 -CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) - NOT-FOR-US: ChangePassword -CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) - NOT-FOR-US: bsb2ppm -CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) - NOT-FOR-US: asp2php -CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) - NOT-FOR-US: abctab2ps -CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) - NOT-FOR-US: abcpp -CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) - - abcm2ps 4.8.5-1 -CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) - NOT-FOR-US: abc2mtex -CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) - - abcmidi 20050101-1 -CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) - NOT-FOR-US: 2fax -CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) - NOT-FOR-US: WinRAR -CAN-2004-1253 - RESERVED -CAN-2004-1252 - RESERVED -CAN-2004-1251 - RESERVED -CAN-2004-1250 - RESERVED -CAN-2004-1249 - RESERVED -CAN-2004-1248 - RESERVED -CAN-2004-1247 - RESERVED -CAN-2004-1246 - RESERVED -CAN-2004-1245 - RESERVED -CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Microsoft -CAN-2004-1243 - REJECTED -CAN-2004-1242 - REJECTED -CAN-2004-1241 - REJECTED -CAN-2004-1240 - REJECTED -CAN-2004-1239 - REJECTED -CAN-2004-1238 - REJECTED -CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...) - NOTE: apparently redhat specific -CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) - NOT-FOR-US: Netscape Directory Server on HP-UX -CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...) - - linux-2.6 2.6.12-1 (bug #289202; high) - - kernel-source-2.4.27 2.4.27-8 (bug #289202; high) -CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) - NOTE: fixed after 2.4.25 -CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) - NOT-FOR-US: Gadu-Gadu -CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) - NOT-FOR-US: SugarCRM Sugar Sales -CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...) - NOT-FOR-US: SugarCRM Sugar Sales -CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...) - NOT-FOR-US: SugarCRM Sugar Sales -CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...) - NOT-FOR-US: SugarCRM Sugar Sales -CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...) - - mtr 0.67-1 -CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...) - NOT-FOR-US: F-Secure Policy Manager -CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: weblibs.pl -CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) - NOT-FOR-US: weblibs.pl -CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...) - NOT-FOR-US: Battlefield 1942, Battlefield Vietnam -CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...) - NOT-FOR-US: paFileDB -CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Remote Execute -CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) - NOT-FOR-US: Hosting Controller -CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) - NOT-FOR-US: Kreed -CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...) - NOT-FOR-US: Kreed -CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...) - NOT-FOR-US: Kreed -CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...) - NOT-FOR-US: Advanced Guestbook -CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) - NOT-FOR-US: Blog Torrent -CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...) - NOT-FOR-US: Mercury Mail -CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) - NOT-FOR-US: IpCop -CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...) - NOT-FOR-US: Verisign Payflow Link -CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...) - NOT-FOR-US: Orbz -CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...) - NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter -CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...) - NOT-FOR-US: pnTresMailer -CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...) - NOT-FOR-US: pnTresMailer -CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) - NOTE: at best a local DOS by the user running fluxbox. - NOTE: Where's the security hole? - - fluxbox 0.9.11-1 -CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) - NOT-FOR-US: phpCMS -CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) - NOT-FOR-US: phpCMS -CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Opera -CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...) - NOTE: memory leak, doubt it's usefully exploitable - NOTE: did not followup -CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...) - NOT-FOR-US: Safari -CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) - NOT-FOR-US: MSIE -CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) - NOT-FOR-US: inShop -CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) - NOT-FOR-US: Insite Inmail -CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...) - NOT-FOR-US: Star Wars Battlefront -CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) - NOT-FOR-US: Star Wars Battlefront -CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...) - NOT-FOR-US: Prevex Home -CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) - NOT-FOR-US: Citadel/UX -CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) - NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed - - kernel-source-2.6.8 2.6.8-16 - - kernel-source-2.4.27 2.4.27-6 -CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) - NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c - NOTE: has a misleading entry titled "Fix exploitable hole" - NOTE: http://www.securityfocus.com/advisories/7579 - NOTE: http://xforce.iss.net/xforce/xfdb/18370 - NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8 - NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only - NOTE: 2.6.10 is actually fixed, but 2.6.8 is not - - kernel-source-2.6.8 2.6.8-14 -CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) - {DSA-629-1} - TODO: check -CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) - - xine-lib 1-rc8-1 -CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) - - xine-lib 1-rc8-1 -CAN-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...) - {DSA-654-1} - TODO: check -CAN-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...) - {DSA-654-1} - TODO: check -CAN-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...) - {DSA-654-1} - TODO: check -CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...) - {DSA-626-1} - - libtiff-tools 3.6.1-5 -CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" ...) - {DSA-634-1} - TODO: check -CAN-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...) - {DSA-622-1} - NOTE: htmlheadline not in unstable -CAN-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...) - {DSA-678-1} - - netkit-rwho 0.17-8 -CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...) - {DSA-615-1} -CAN-2004-1178 - RESERVED -CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...) - {DSA-674-1} - - mailman 2.1.5-5 -CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...) - {DSA-639-1} - TODO: check -CAN-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...) - {DSA-639-1} - TODO: check -CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...) - {DSA-639-1} - TODO: check -CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) - NOT-FOR-US: MSIE -CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) - NOT-FOR-US: Veritas Backup Exec -CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) - - kdelibs 4:3.3.1-2 - - kdebase 4:3.3.1-3 -CAN-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...) - {DSA-612-1} - - a2ps 1:4.13b-4.2 (bug #283134) -CAN-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) - - maxdb-webtools 7.5.00.19-1 -CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...) - - maxdb-webtools 7.5.00.19-1 -CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...) - NOT-FOR-US: gentoo mirrorselect -CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...) - NOT-FOR-US: Microsoft -CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...) - {DSA-631-1} - TODO: check -CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...) - NOT-FOR-US: Cisco -CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...) - NOT-FOR-US: Cisco -CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...) - - scponly 4.0-1 -CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) - - rssh 2.2.3-1 -CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...) - NOT-FOR-US: Netscape -CAN-2004-1159 - REJECTED -CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...) - - kdelibs 4:3.3.1-3 - - kdebase 4:3.3.1-4 -CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...) - NOT-FOR-US: Opera -CAN-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...) - - mozilla 2:1.7.6-1 - - mozilla-firefox 1.0.1 -CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) - NOT-FOR-US: Microsoft MSIE -CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) - {DSA-701-1} - - samba 3.0.10-1 -CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) - NOT-FOR-US: Adobe Acrobat Reader -CAN-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...) - NOT-FOR-US: Adobe Acrobat Reader -CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) - NOTE: Fixed in upstream 2.6.10 - - kernel-source-2.6.8 2.6.8-11 - - kernel-source-2.6.9 2.6.9-4 -CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...) - NOT-FOR-US: Winamp -CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) - NOT-FOR-US: Computer Associates eTrust EZ Antivirus -CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) - - phpmyadmin 2:2.6.1-rc1-1 -CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) - - phpmyadmin 2:2.6.1-rc1-1 -CAN-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) - - cvstrac 1.1.5 -CAN-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) - - kdelibs 4:3.3.2-1 -CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) - NOTE: amd64 specific - - kernel-source-2.4.27 2.4.27-9 -CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...) - - mailman 2.1.5-5 -CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) - {DSA-613-1} - - ethereal 0.10.8 -CAN-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...) - - ethereal 0.10.8 -CAN-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) - - ethereal 0.10.8 -CAN-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...) - - ethereal 0.10.8 -CAN-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...) - - vim 1:6.3-046+0sarge1 -CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) - - kernel-image-2.4.27-i386 2.4.27-7 -CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...) - NOT-FOR-US: CuteFTP -CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...) - NOT-FOR-US: WS-Ftpd -CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) - NOT-FOR-US: Microsoft -CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) - NOT-FOR-US: Microsoft -CAN-2004-1132 - RESERVED -CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...) - NOT-FOR-US: SCO -CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...) - NOT-FOR-US: CMailServer -CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) - NOT-FOR-US: CMailServer -CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...) - NOT-FOR-US: CMailServer -CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...) - - opendchub 0.7.14-1.1 (bug #284350; bug #283061) -CAN-2004-1126 - RESERVED -CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) - {DSA-621-1 DSA-619-1} - - xpdf 3.00-11 - - cupsys 1.1.22-2 - - tetex-bin 2.0.2-25 - - gpdf 2.8.2-1 - - koffice 1:1.3.5-1 -CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...) - NOT-FOR-US: UnixWare -CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) - NOT-FOR-US: Darwin Streaming Server -CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) - NOT-FOR-US: Safari -CAN-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) - NOT-FOR-US: Safari -CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) - {DSA-663-1} - - prozilla 1:1.3.7.3-1 -CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) - NOT-FOR-US: Winamp -CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...) - NOT-FOR-US: WodFtpDLX.ocx ActiveX component -CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...) - NOT-FOR-US: ChessBrain -CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) - NOT-FOR-US: GIMPS -CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...) - NOTE: gentoo-specific permissions problems in setaiathome -CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...) - NOT-FOR-US: Skype -CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...) - NOT-FOR-US: SQLgrey Postfix greylisting serivce -CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) - NOT-FOR-US: Cisco -CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...) - NOT-FOR-US: Cisco -CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) - - mtink 1.0.5 - NOTE: debian not vulnerable except in edge case -CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...) - NOT-FOR-US: Kerio Personal Firewall -CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...) - NOT-FOR-US: Gentoolkit -CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...) - NOT-FOR-US: Portage -CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...) - {DSA-642-1} - - gallery 1.4.4-pl4-1 -CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...) - NOT-FOR-US: Nortel Networks Contivity VPN Client -CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) - NOT-FOR-US: Microsoft -CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...) - NOT-FOR-US: MailPost -CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) - NOT-FOR-US: MailPost -CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...) - NOT-FOR-US: MailPost -CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...) - NOT-FOR-US: MailPost -CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) - NOT-FOR-US: Cisco -CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) - - mime-tools 5.415-1 -CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...) - NOT-FOR-US: Cherokee -CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) - - libarchive-zip-perl 1.14-1 -CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) - {DSA-608-1} - - zgv 5.7-1.3 (bug #284124) -CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...) - NOT-FOR-US: RealPlayer -CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) - {DSA-639-1} - TODO: check -CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) - {DSA-639-1} - TODO: check -CAN-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) - {DSA-639-1} - TODO: check -CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) - {DSA-639-1} - TODO: check -CAN-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...) - NOT-FOR-US: Apple MacOS -CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) - NOT-FOR-US: Microsoft -CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) - - ncpfs 2.2.5-2 -CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...) - NOT-FOR-US: Citrix -CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...) - NOT-FOR-US: Citrix -CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...) - {DSA-609-1} - - atari800 1.3.2-1 -CAN-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) - - zope-zwiki 0.37.0-1 -CAN-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) - - kernel-source-2.6.8 2.6.8-11 - - kernel-source-2.4.27 2.4.27-7 -CAN-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) - NOTE: fixed in 2.6.8 and 2.4.27 -CAN-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) - NOTE: fixed in 2.6.8 and 2.4.27 -CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) - NOTE: fixed in 2.6.8 and 2.4.27 -CAN-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...) - NOTE: fixed in 2.6.8 and 2.4.27 -CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...) - NOTE: 2.6 only issue - - kernel-source-2.6.8 2.6.8-11 - NOTE: and the binaries built from it -CAN-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) - - kernel-source-2.4.27 2.4.27-7 - - kernel-source-2.6.8 2.6.8-11 - NOTE: and the binary packages built from them -CAN-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...) - NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems - NOTE: to only affect 2.2 series. - NOTE: 1.5.19 also seems ok -CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) - NOT-FOR-US: FreeBSD -CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...) - - php4 4:4.3.10-1 -CAN-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...) - - php4 4:4.3.10-1 -CAN-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...) - - php4 4:4.3.10-1 -CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...) - - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771) -CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...) - - bugzilla 2.16.7-2 -CAN-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) - NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors -CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) - - mnogosearch 3.2.18-2.2 -CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) - NOTE: Fixed in 2.6.10 upstream - - kernel-source-2.6.8 2.6.8-14 - - kernel-source-2.6.9 2.6.9-14 -CAN-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...) - TODO: check back with dilinger about 2.6, previous fix in -9 has regressions - - kernel-source-2.4.27 2.4.27-10 -CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) - - kernel-source-2.4.27 2.4.27-8 - - kernel-image-2.4.27-i386 2.4.27-8 - - kernel-image-2.4.27-alpha 2.4.27-6 - - kernel-image-2.4.27-hppa 2.4.27-3 - - kernel-image-2.4.27-ia64 2.4.27-6 - - kernel-patch-2.4.27-mips 2.4.27-8.040815-1 - - kernel-patch-powerpc-2.4.27 2.4.27-3 - - kernel-image-2.4.27-sparc 2.4.27-2 - NOTE: above should cover 2.4 - - kernel-source-2.6.8 2.6.8-11 - NOTE: and the binaries built from it -CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - - phpmyadmin 2:2.6.0-pl3-1 -CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) - NOT-FOR-US: AIX -CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) - NOT-FOR-US: fetch on FreeBSD -CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) - {DSA-595-1} - NOTE: bnc is not in sarge or unstable (is in woody) -CAN-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...) - {DSA-596-2 DSA-596-1} - - sudo 1.6.8p3-1 -CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2004-1048 - RESERVED -CAN-2004-1047 - RESERVED -CAN-2004-1046 - RESERVED -CAN-2004-1045 - RESERVED -CAN-2004-1044 - RESERVED -CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) - NOT-FOR-US: MSIE -CAN-2004-1042 - RESERVED -CAN-2004-1041 - RESERVED -CAN-2004-1040 - RESERVED -CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...) - NOT-FOR-US: SCO UnixWare -CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...) - NOT-FOR-US: IEEE1394 specification bug, physical security -CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...) - - twiki 20030201-6 -CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...) - - squirrelmail 2:1.4.3a-3 -CAN-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...) - - imapproxy 1.2.2+1.2.3rc2-1 -CAN-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...) - - kaffeine 0.4.3.1-3 - - gxine 0.4-rc1 -CAN-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...) - - fcron 2.9.5.1-1 -CAN-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) - - fcron 2.9.5.1-1 -CAN-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) - - fcron 2.9.5.1-1 -CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) - - fcron 2.9.5.1-1 -CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) - NOT-FOR-US: Sun JRE -CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) - NOT-FOR-US: AIX -CAN-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...) - {DSA-652-1} - NOTE: sarge's unarj is from a different code base, probably not vulnerable -CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) - {DSA-628-1 DSA-618-1} - - imlib 1.9.14-17.1 (bug #284925) - - imlib+png2 1.9.14-16.1 - - imlib2 1.1.2-2.1 -CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...) - {DSA-618-1} - NOTE: fixed in patches for CAN-2004-1026 -CAN-2004-1024 - RESERVED -CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) - NOT-FOR-US: Kerio -CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) - NOT-FOR-US: Kerio -CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...) - NOT-FOR-US: MacOS -CAN-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...) - - php4 4:4.3.10-1 -CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) - - php4 4:4.3.10-1 -CAN-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...) - - php4 4:4.3.10-1 - - php3 3:3.0.18-29 -CAN-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) - - kernel-source-2.4.27 2.4.27-9 -CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) - - kernel-image-2.4.27-i386 2.4.27-7 -CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) - NOTE: cyrus-imapd not vulnerable - NOTE: cyrus21-imapd not vulnerable -CAN-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...) - {DSA-606-1} - - nfs-utils 1:1.0.6-3.1 -CAN-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...) - {DSA-597-1} - - cyrus-imapd 1.5.19-20 - - cyrus21-imapd 2.1.17-1 -CAN-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) - {DSA-597-1} - - cyrus-imapd 1.5.19-20 - - cyrus21-imapd 2.1.17-1 -CAN-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) - NOTE: cyrus-imapd not vulnerable - NOTE: cyrus21-imapd not vulnetale -CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...) - {DSA-624-1} - - zip 2.30-8 -CAN-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) - {DSA-639-1} - TODO: check -CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...) - - putty 0.56-1 -CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...) - - bogofilter 0.92.8-1 -CAN-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) - {DSA-584-1} - - dhcp 2.0pl5-19.1 -CAN-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...) - {DSA-639-1} - TODO: check -CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) - {DSA-639-1} - TODO: check -CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) - NOT-FOR-US: Trend ScanMail -CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...) - - ppp 2.4.2+20040428-3 -CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) - {DSA-585-1} - - shadow 1:4.0.3-30.3 - NOTE: apparently the fix was lost from sarge somehow, see #309587 - - shadow 1:4.0.3-31sarge5 -CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...) - {DSA-630-1} - - lintian 1.23.6 (bug #286379; low) -CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...) - {DSA-608-1} - - zgv 5.7-1.3 (bug #284124) -CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...) - {DSA-616-1} -CAN-2004-0997 - RESERVED -CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) - {DSA-610-1} - - cscope 15.5-1.1 (bug #282815) - NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. -CAN-2004-0995 - RESERVED -CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) - {DSA-614-1} - NOTE: only indication that it's this CAN is in the debian package changelog - - xzgv 0.8-3 -CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) - {DSA-604-1} -CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...) - NOT-FOR-US: Proxytunnel -CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) - - mpg123 0.59r-19 -CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) - {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} - - libgd2 2.0.30-1 - - libgd 1.8.4-36.1 -CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...) - {DSA-582-1} -CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...) - NOT-FOR-US: Apple -CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...) - {DSA-598-1} - - yardradius 1.0.20-15 -CAN-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...) - {DSA-580-1} - - iptables 1.2.11-4 -CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...) - NOT-FOR-US: windows -CAN-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...) - - mailutils 1:0.5-4 -CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) - {DSA-586-1} - - ruby1.8 1.8.1+1.8.2pre2-4 - - ruby1.6 1.6.8-12 -CAN-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) - {DSA-578-1} - - mpg123 0.59r-18 -CAN-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...) - {DSA-593-1} - - imagemagick 6:6.0.6.2-1.5 (bug #278401) -CAN-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...) - {DSA-592-1} - - ez-ipupdate 3.0.11b8-8 -CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) - NOT-FOR-US: windows -CAN-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...) - NOT-FOR-US: windows -CAN-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...) - {DSA-577-1} - - postgresql 7.4.6-1 -CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...) - {DSA-620-1} - - perl 5.8.4-4 -CAN-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) - {DSA-603-1} - - openssl 0.9.7e-3 - NOTE: also includes other security fixes than this CAN -CAN-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...) - NOTE: local; low - - netatalk 1.6.4a-1 -CAN-2004-0973 - REJECTED -CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) - {DSA-583-1} - NOTE: lvmcreate_initrd not in debian -CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) - NOTE: not shipped in deb - - krb5 <unfixed> (bug #278271; low) - - arla 0.36.2-11 -CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...) - {DSA-588-1} - NOTE: sarge is not vulnerable as our version uses set -C -CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...) - - groff 1.18.1.1-2 -CAN-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...) - {DSA-636-1} - - libc6 2.3.2.ds1-19 -CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...) - - gs-common 0.3.6-0.1 - - gs-gpl <unfixed> (bug #291373; low) - NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary -CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) - - gettext 0.14.1-6 -CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) - NOT-FOR-US: HP-UX -CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) - {DSA-587-1} - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - NOTE: DSA says zinf not vulnerable in sarge - - zinf 2.2.5 -CAN-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...) - NOT-FOR-US: windows -CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) - NOT-FOR-US: Apple Remote Desktop Client -CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...) - - freeradius 1.0.1 -CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) - - freeradius 1.0.1 -CAN-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...) - - php4 4:4.3.9 -CAN-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...) - - php4 4:4.3.9 -CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) - {DSA-707-1} - - mysql-dfsg-4.1 4.1.10a-6 - - mysql-dfsg 4.0.24-5 -CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...) - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge -CAN-2004-0955 - REJECTED - {DSA-571-1 DSA-570-1} -CAN-2004-0954 - REJECTED -CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) - NOTE: jabber version 2 is vulnerable, we have an older version that seems not -CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...) - NOT-FOR-US: HP-UX -CAN-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...) - NOT-FOR-US: HP-UX -CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) - NOT-FOR-US: NetOp Host -CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) - NOTE: fixed in 2.4.28, 2.6.9 - TODO: check with kernel people re 2.4.27 -CAN-2004-0948 - REJECTED -CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) - {DSA-652-1} - NOTE: see http://lwn.net/Alerts/110733/ - NOTE: sarge's unarj is from a different code base, probably not vulnerable -CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) - NOTE: does not apply per maintainer -CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) - NOT-FOR-US: Mitel 3300 Integrated Communications Platform -CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) - NOT-FOR-US: Mitel 3300 Integrated Communications Platform -CAN-2004-0943 - RESERVED -CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) - - apache2 2.0.52-2 -CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) - {DSA-602-1 DSA-601-1} - - libgd2 2.0.33-1.1 - - libgd 1.8.4-36.1 -CAN-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...) - {DSA-594-1} - - apache 1.3.33-2 -CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) - NOT-FOR-US: Neoteris Instant Virtual Extranet -CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) - - freeradius 1.0.1 -CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) - NOT-FOR-US: Sophos Anti-Virus -CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...) - NOT-FOR-US: RAV antivirus -CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...) - NOT-FOR-US: Eset anti-virus -CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...) - NOT-FOR-US: Kaspersky antivirus - NOTE: Kaspersky engine is supported by amavas-ng -CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...) - NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus -CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) - NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers -CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...) - - maxdb-7.5.00 7.5.00.18 -CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...) - - samba 3.0.8-1 -CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...) - NOTE: tiff3g was removed from debian -CAN-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...) - NOT-FOR-US: Macromedia -CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...) - NOT-FOR-US: MacOS -CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) - NOT-FOR-US: MacOS -CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...) - NOT-FOR-US: MacOS -CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...) - NOT-FOR-US: MacOS -CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) - {DSA-566-1} -CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) - NOT-FOR-US: MacOS -CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) - NOT-FOR-US: MacOS -CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...) - NOT-FOR-US: norton -CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...) - NOT-FOR-US: FreeBSD -CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...) - {DSA-576-1} - - squid 2.5.7 -CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...) - NOT-FOR-US: Vignette Application Portal -CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...) - {DSA-574-1} - - cabextract 1.1-1 -CAN-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...) - {DSA-605-1} - - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 -CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) - {DSA-607-1} - NOTE: Previous -9 fix had some issues of its own - - xfree86 4.3.0.dfsg.1-14 (bug #309143) - NOTE: lesstif1 and 2 have to be fixed separately - - lesstif1 1:0.93.94-11.3 (bug #294099) - NOTE: but lesstif2 did get fixed for this hole.. - - lesstif2 1:0.93.94-11.2 - NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 (bug #309819; medium) -CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) - {DSA-572-1} - - squid 2.5.6-9 -CAN-2004-0912 - RESERVED -CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) - {DSA-569-1 DSA-556-1} -CAN-2004-0910 - REJECTED -CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...) - NOT-FOR-US: non-debian package issue -CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...) - - mozilla-firefox 0.10.1+1.0PR - - mozilla 2:1.7.3 - - mozilla-thunderbird 0.8 -CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...) - NOT-FOR-US: Microsoft -CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) - NOT-FOR-US: Microsoft -CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) - NOT-FOR-US: Microsoft -CAN-2004-0898 - RESERVED -CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...) - NOT-FOR-US: Windows -CAN-2004-0896 - RESERVED -CAN-2004-0895 - RESERVED -CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...) - NOT-FOR-US: Microsoft -CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...) - NOT-FOR-US: Microsoft -CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...) - NOT-FOR-US: Microsoft -CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...) - - gaim 1:1.0.2 -CAN-2004-0890 - REJECTED -CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...) - {DSA-573-1} -CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) - {DSA-599-1 DSA-581-1 DSA-573-1} - - koffice 1:1.3.4-1 - NOTE: only affects source package, not used in binary - - cupsys <unfixed> (bug #324460; unimportant) -CAN-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) - NOTE: waldi provided this info - - linux-kernel-image-2.6.8-s390 2.6.8-3 - - kernel-source-2.6.8 2.6.8-10 - - kernel-source-2.6.9 2.6.9-3 -CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) - {DSA-567-1} - - kdegraphics 3.3.2-1 -CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) - - apache2 2.0.52-2 -CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) - {DSA-568-1 DSA-563-1} -CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) - - kernel-source-2.4.27 2.4.27-6 - - kernel-source-2.6.8 2.6.8-13 - - kernel-source-2.6.9 2.6.9-3 - - kernel-source-2.6.10 2.6.10-4 -CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...) - NOTE: details http://security.e-matters.de/advisories/132004.html - - samba 3.0.7 -CAN-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) - {DSA-553-1} -CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...) - {DSA-553-1} -CAN-2004-0879 - RESERVED -CAN-2004-0878 - RESERVED -CAN-2004-0877 - RESERVED -CAN-2004-0876 - RESERVED -CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) - - phpgroupware 0.9.16.002 -CAN-2004-0874 - REJECTED -CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...) - NOT-FOR-US: apple -CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...) - NOT-FOR-US: Opera -CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...) - NOTE: upstream knows about the problem, no fix expected - NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 - NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html - NOTE: fix doesn't look likely any time soon - TODO: followup -CAN-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...) - NOTE: upstream knows about the problem, no fix expected - NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 - NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html - NOTE: fix doesn't look likely any time soon - TODO: followup -CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...) - NOT-FOR-US: MSIE -CAN-2004-0868 - REJECTED -CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...) - - mozilla-firefox 0.9.3 -CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...) - NOT-FOR-US: MSIE -CAN-2004-0865 - RESERVED -CAN-2004-0864 - RESERVED -CAN-2004-0863 - RESERVED -CAN-2004-0862 - RESERVED -CAN-2004-0861 - RESERVED -CAN-2004-0860 - RESERVED -CAN-2004-0859 - RESERVED -CAN-2004-0858 - RESERVED -CAN-2004-0857 - RESERVED -CAN-2004-0856 - RESERVED -CAN-2004-0855 - RESERVED -CAN-2004-0854 - RESERVED -CAN-2004-0853 - RESERVED -CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) - {DSA-611-1} -CAN-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...) - {DSA-559-1} -CAN-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...) - - star 1.5a46 -CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - TODO: which radius daemon in debian is "GNU Radius" (if any)? -CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...) - NOT-FOR-US: microsoft -CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) - NOT-FOR-US: microsoft -CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) - NOT-FOR-US: microsoft -CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...) - NOT-FOR-US: microsoft -CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) - NOT-FOR-US: microsoft -CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...) - NOT-FOR-US: microsoft -CAN-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...) - NOT-FOR-US: microsoft -CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...) - NOT-FOR-US: microsoft -CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...) - NOT-FOR-US: microsoft -CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) - NOT-FOR-US: microsoft -CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...) - {DSA-562-2} -CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) - {DSA-562-2} -CAN-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...) - {DSA-562-2} -CAN-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...) - - speedtouch 1.3.1 -CAN-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...) - {DSA-554-1} -CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...) - - squid 2.5.6-8 -CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) - NOT-FOR-US: McAfee -CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) - - samba 2.2.11 -CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) - NOTE: not-fos-us (AIX) -CAN-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...) - {DSA-547-1} - - imagemagick 5:6.0.7.1-1 -CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) - NOT-FOR-US: netscape NSS -CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...) - NOT-FOR-US: Apple -CAN-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...) - NOT-FOR-US: Apple -CAN-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...) - NOT-FOR-US: Apple -CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...) - NOT-FOR-US: Apple -CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...) - NOT-FOR-US: Apple -CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: winamp -CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) - NOT-FOR-US: openbsd -CAN-2004-0818 - RESERVED - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge -CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) - {DSA-548-1} - - imlib+png2 1.9.14-16.2 - - imlib 1.9.14-17 (bug #285025) -CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) - NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes -CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) - {DSA-600-1} - - samba 3.0.6-1 (bug #274342) -CAN-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...) - - kernel-source-2.6.8 2.6.8-8 - - kernel-source-2.4.27 2.4.27-7 - NOTE: and all kernels build from it: -CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...) - NOTE: ide-cd SG_IO vulnerability - NOTE: fixed in recent 2.6 and 2.4 kernels -CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...) - NOTE: only affects kernels before 2.4.23 on amd64 -CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...) - - apache2 2.0.52 -CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...) - NOT-FOR-US: Netopia Timbuktu -CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...) - {DSA-558-1} - - apache2 2.0.51-1 -CAN-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...) - - samba 3.0.7 -CAN-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...) - - samba 3.0.7 -CAN-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...) - - cdrtools 4:2.0+a34-2 -CAN-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) - {DSA-564-1} - - mpg123 0.59r-16 -CAN-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) - {DSA-567-1} - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - - kdegraphics 3.3.2-1 -CAN-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) - {DSA-567-1} - - kdegraphics 3.3.2-1 -CAN-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) - {DSA-552-1} -CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) - - foomatic-filters 3.0.2 -CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) - NOT-FOR-US: Solaris -CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) - NOT-FOR-US: Ipswitch WhatsUp Gold -CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...) - NOT-FOR-US: Ipswitch WhatsUp Gold -CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) - - zlib 1:1.2.1.1-6 -CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...) - - spamassassin 2.64 -CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) - NOT-FOR-US: IBM DB2 DB2RCMD.EXE -CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...) - {DSA-551-1} -CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...) - - bsdmainutils 6.0.15 -CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) - - rsync 2.6.3 -CAN-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) - NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors occur - NOTE: Kernel will never abort due to an ICMP packet -CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) - - kernel-source-2.6.8 2.6.8-16 (bug #305664) - - kernel-source-2.4.27 2.4.27-10 (bug #305664) -CAN-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...) - TODO: check -CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...) - {DSA-549-1 DSA-546-1} -CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) - NOT-FOR-US: seems OpenCA is -CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...) - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - - apache2 2.0.51 -CAN-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...) - - gaim 1:0.82 -CAN-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...) - - gaim 1:0.82 -CAN-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) - {DSA-549-1} -CAN-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) - {DSA-549-1 DSA-546-1} -CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...) - {DSA-541} -CAN-2004-0780 - RESERVED -CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) - - mozilla 2:1.7 - - mozilla-firefox 0.9 -CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...) - - cvs 1:1.12.9 -CAN-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - - courier-imap 2.2.2 -CAN-2004-0776 - RESERVED -CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) - NOT-FOR-US: Windows -CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...) - NOT-FOR-US: Real Helix server -CAN-2004-0773 - RESERVED -CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...) - {DSA-543-1} -CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...) - - lha 1.14i-9 (bug #279870) -CAN-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...) - - dgen 1.23-6 -CAN-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...) - - lha 1.14i-9 (bug #279870) -CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...) - {DSA-536} -CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) - NOT-FOR-US: NGSEC StackDefender -CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) - NOT-FOR-US: NGSEC StackDefender -CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...) - - mozilla 2:1.7 - - mozilla-firefox 0.9 -CAN-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) - - mozilla 2:1.7 - - mozilla-firefox 0.9 -CAN-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...) - - mozilla-firefox 0.9.3 -CAN-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) - - mozilla 2:1.7 - - mozilla-firefox 0.9 -CAN-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) - - mozilla 2:1.7 - - mozilla-firefox 0.9 -CAN-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...) - - mozilla 2:1.7.2 - - mozilla-firefox 0.9.3 -CAN-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...) - - mozilla 2:1.7 -CAN-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...) - - mozilla 2:1.7.2 - - mozilla-firefox 0.9.3 -CAN-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) - - mozilla 2:1.7 - - mozilla-firefox 0.9 -CAN-2004-0756 - RESERVED -CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) - {DSA-537} - - gaim 1:0.82.1-1 -CAN-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) - - gaim 1:0.82.1-1 -CAN-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...) - {DSA-546-1} -CAN-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...) - - openoffice.org 1.1.2-4 -CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...) - - apache2 2.0.50-11 -CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) - NOT-FOR-US: Red Hat specific -CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...) - - subversion 1.0.9-2 -CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) - - apache2 2.0.51 -CAN-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...) - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - - apache2 2.0.51 -CAN-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) - - kdelibs 4:3.2.3-3.sarge.1 - NOTE: in t-p-u; 4.3.3 in unstable also fixes it -CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...) - - lha 1.14i-10 (bug #279870) -CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...) - NOT-FOR-US: MacOS -CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...) - NOT-FOR-US: MacOS -CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...) - NOT-FOR-US: Sun Java System Portal Server -CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...) - NOT-FOR-US: LionMax Software WWW File Share Pro -CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...) - NOT-FOR-US: Lexmark -CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) - NOT-FOR-US: Whisper FTP Surfer -CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...) - NOT-FOR-US: phpnuke -CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...) - NOT-FOR-US: phpnuke -CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...) - NOT-FOR-US: phpnuke -CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...) - NOT-FOR-US: various windows games -CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...) - NOT-FOR-US: Web_Store.cgi -CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) - NOT-FOR-US: OllyDbg -CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...) - NOT-FOR-US: phpnuke -CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...) - NOT-FOR-US: phpnuke -CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...) - - phpbb2 2.0.10 -CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) - - phpbb2 2.0.10 -CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...) - NOT-FOR-US: Microsoft -CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) - NOT-FOR-US: Microsoft -CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...) - NOT-FOR-US: Microsoft -CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...) - - moodle 1.4 -CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...) - NOT-FOR-US: Half Life -CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) - NOT-FOR-US: Microsoft -CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...) - - mozilla 2:1.6 -CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) - - konqueror 4:3.2.3-1.sarge.1 - - kdelibs 4:3.2.3-3.sarge.1 - NOTE: in t-p-u; also fixed in 4.3.3 in unstable -CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...) - NOT-FOR-US: Safari -CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) - NOTE: not-fos-us (Microsoft) -CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) - {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} - NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent - NOTE: upstream versions became vulnerable again, see - NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850 - NOTE: and were fixed again, it got CAN-2005-1937 for the reversion - - mozilla 2:1.7.8-1sarge1 (medium) - - mozilla-firefox 1.0.4-2sarge3 (medium) -CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) - NOT-FOR-US: opera 7.50 -CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) - NOT-FOR-US: HP-UX -CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...) - NOT-FOR-US: BEA WebLogic Server and WebLogic Express -CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) - NOT-FOR-US: Cisco -CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...) - NOT-FOR-US: BEA WebLogic Server and WebLogic Express -CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) - NOT-FOR-US: Cisco -CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...) - NOT-FOR-US: HP OpenView Select Access -CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) - - moin 1.2.2 -CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) - - bugzilla 2.16.7-0.1 -CAN-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...) - NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian -CAN-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - - bugzilla 2.16.7-0.1 -CAN-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...) - - bugzilla 2.16.7-0.1 -CAN-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...) - NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian -CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...) - NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian -CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...) - NOT-FOR-US: Solaris -CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...) - {DSA-532} -CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...) - NOT-FOR-US: Check Point VPN -CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...) - NOT-FOR-US: WebSTAR -CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...) - NOT-FOR-US: WebSTAR -CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...) - NOT-FOR-US: WebSTAR -CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...) - NOT-FOR-US: WebSTAR -CAN-2004-0694 - RESERVED - - lha 1.14i-10 (bug #279870) -CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...) - {DSA-542-1} -CAN-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...) - {DSA-542-1} -CAN-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...) - {DSA-542-1} -CAN-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...) - - kdelibs 4:3.2.3-3.sarge.1 - NOTE: in t-p-u, 4.3.3 in unstable is also fixed -CAN-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) - {DSA-539} -CAN-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...) - {DSA-561-1 DSA-560-1} - NOTE: Matej Vela has checked that these are backported to lesstif1 as well - - lesstif1-1 1:0.93.94-9 - NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 (bug #308819; low) -CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) - {DSA-561-1 DSA-560-1} - NOTE: Matej Vela has checked that these are backported to lesstif1 as well - - lesstif1-1 1:0.93.94-9 - NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 (bug #308819; low) -CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) - - samba 3.0.5 (bug #260839; bug #260838) -CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) - NOTE: Fixed in upstream 2.4.27 -CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) - NOT-FOR-US: WebSphere Edge Server -CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...) - NOT-FOR-US: Norton -CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...) - NOT-FOR-US: Comersus Cart -CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - NOT-FOR-US: Comersus Cart -CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...) - NOT-FOR-US: Zoom DSL modem -CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...) - NOT-FOR-US: UnrealIRCd -CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...) - NOT-FOR-US: 12Planet Chat Server -CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...) - NOT-FOR-US: Fastream NETFile FTP Server -CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...) - NOT-FOR-US: Fastream NETFile FTP Server -CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...) - NOT-FOR-US: c32web.exe -CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...) - NOT-FOR-US: Enterasys XSR-1800 series Security Routers -CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...) - NOT-FOR-US: SCI Photo Chat Server -CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) - NOT-FOR-US: Netegrity IdentityMinder Web Edition -CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...) - NOT-FOR-US: Brightmail Spamfilter -CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...) - NOT-FOR-US: Rompager -CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...) - NOT-FOR-US: Lotus -CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...) - NOT-FOR-US: Lotus -CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...) - NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable. - - kernel-patch-adamantix 1.6 -CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...) - NOT-FOR-US: popclient -CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...) - NOT-FOR-US: csFAQ -CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...) - NOT-FOR-US: PowerPortal -CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) - NOT-FOR-US: PowerPortal -CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) - NOT-FOR-US: PowerPortal -CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...) - NOT-FOR-US: D-Link AirPlus DI-614+ -CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) - NOT-FOR-US: CuteNews -CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...) - NOT-FOR-US: mplayer -CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...) - NOTE: invalid according to www.osvdb.org/7253 -CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...) - - ntp 4.0 -CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...) - - pure-ftpd 1.0.19-1 -CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...) - NOT-FOR-US: Gentoo specific -CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...) - NOT-FOR-US: Solaris -CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...) - NOT-FOR-US: Solaris -CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) - NOT-FOR-US: BEA WebLogic Server and WebLogic Express -CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) - NOTE: JRE is not in Debian, assuming the various wrappers handle - NOTE: the new version. Not worrying about upgrades. -CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) - NOT-FOR-US: Cisco -CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) - {DSA-530} -CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...) - - mozilla 2:1.7.1 - - mozilla-firefox 0.9.2 - - mozilla-thunderbird 0.7.2 -CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...) - - shorewall 2.0.3a -CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...) - NOT-FOR-US: JRun -CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) - {DSA-579-1 DSA-550-1} -CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...) - {DSA-543-1} -CAN-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...) - {DSA-543-1} -CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...) - {DSA-543-1} -CAN-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...) - NOT-FOR-US: Thomson hardware ADSL router -CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...) - {DSA-529} -CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...) - {DSA-535} -CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...) - NOT-FOR-US: Oracle -CAN-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...) - NOT-FOR-US: Oracle -CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...) - NOT-FOR-US: AOL Instant Messenger -CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...) - {DSA-528} -CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...) - - ethereal 0.10.5 -CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...) - - ethereal 0.10.5 -CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...) - NOT-FOR-US: adobe reader -CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...) - NOT-FOR-US: adobe acrobat -CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...) - NOT-FOR-US: adobe acrobat -CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) - NOT-FOR-US: adobe acrobat -CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) - NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version -CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) - TODO: Unclear if older MySQL versions are affected. Code seems to be - TODO: present in a different function, but exploit does not work. - - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium) - - mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive) -CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) - NOTE: fixed after 2.6.6 kernel -CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) - NOT-FOR-US: Infinity WEB -CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...) - NOT-FOR-US: Artmedic links -CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) - {DSA-590-1} - - gnats 4.0-6.1 -CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...) - NOT-FOR-US: MacOS -CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...) - NOT-FOR-US: Newsletter ZWS -CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...) - NOT-FOR-US: vBulletin -CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...) - NOT-FOR-US: Linux Broadcom 5820 cryptonet driver - NOTE: does not seem to be part of linux kernel or other package -CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...) - NOT-FOR-US: freebsd -CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...) - NOT-FOR-US: ArbitroWeb -CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...) - NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router -CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) - NOT-FOR-US: D-Link DI-614+ SOHO router -CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...) - NOT-FOR-US: osTicket -CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) - NOT-FOR-US: osTicket -CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...) - NOT-FOR-US: ZoneAlarm Pro -CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...) - NOT-FOR-US: Netgear FVS318 VPN Router -CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...) - NOT-FOR-US: Microsoft MN-500 Wireless Router -CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) - - rssh 2.2.1 -CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) - NOT-FOR-US: Unreal Engine -CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...) - - racoon 0.3.3-1 -CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...) - NOT-FOR-US: Infoblox DNS One -CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) - NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug". - NOTE: Does not match posted patch. Mailed Debian maintainer. -CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) - NOT-FOR-US: giFT-FastTrack not in debian -CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...) - NOT-FOR-US: Gentoo-specific bug in gzip introduced by botched security fix -CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...) - NOT-FOR-US: FreeBSD -CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...) - - distcc 2.18.1-4 -CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...) - - samba 3.0.5 (bug #260838) -CAN-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) - {DSA-536} -CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) - {DSA-536} -CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...) - {DSA-536} -CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...) - NOTE: Fixed in upstream ( <= 2.6.7) -CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...) - {DSA-669-1 DSA-531} - - php3 3:3.0.18-27 -CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...) - {DSA-669-1 DSA-531} - NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned - NOTE: in the changelog. -CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...) - NOT-FOR-US: Sygate Enforcer -CAN-2004-0592 - RESERVED -CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...) - {DSA-533} -CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...) - - freeswan 2.04-10 - - openswan 2.2.0 -CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...) - NOT-FOR-US: Cisco -CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...) - - usermin 1.090-1 -CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...) - - qla2x00-source 7.01.01-1 -CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Windows -CAN-2004-0585 - REJECTED -CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...) - - imp3 3.2.4 -CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) - {DSA-526} - - usermin 1.090-1 - - webmin 1.150-1 -CAN-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...) - {DSA-526} - - usermin 1.090-1 -CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) - NOT-FOR-US: Mandrake script -CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...) - NOT-FOR-US: Linksys routers -CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) - {DSA-522} -CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) - NOT-FOR-US: Wingate -CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) - NOT-FOR-US: Wingate -CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) - NOT-FOR-US: GNU radius -CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) - NOT-FOR-US: Windows -CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...) - NOT-FOR-US: Windows -CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...) - NOT-FOR-US: Windows -CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...) - NOT-FOR-US: Windows -CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...) - NOT-FOR-US: Microsoft -CAN-2004-0570 - RESERVED -CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...) - NOT-FOR-US: Windows -CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...) - NOT-FOR-US: HyperTerminal -CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) - NOT-FOR-US: Windows -CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) - NOT-FOR-US: Windows -CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...) - NOTE: ia64 only - NOTE: appears fixed in 2.4.27/2.6.8 -CAN-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) - {DSA-557-1} -CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...) - {DSA-555-1} -CAN-2004-0562 - RESERVED -CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...) - {DSA-638-1} - TODO: check -CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...) - {DSA-638-1} - TODO: check -CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...) - {DSA-544-1} -CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...) - {DSA-545-1} -CAN-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) - {DSA-565-1} -CAN-2004-0556 - RESERVED -CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) - {DSA-643-1} - TODO: check -CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...) - NOTE: this was a big deal and is fixed in all current kernels -CAN-2004-0553 - RESERVED -CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...) - NOT-FOR-US: Sophos Small Business Suite -CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...) - NOT-FOR-US: Cisco -CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) - NOT-FOR-US: Real Player -CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...) - NOT-FOR-US: Windows -CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...) - - aspell 0.50.5-3 -CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) - {DSA-516} -CAN-2004-0546 - RESERVED -CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...) - NOT-FOR-US: AIX -CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) - NOT-FOR-US: AIX -CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) - NOT-FOR-US: Oracle -CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) - NOT-FOR-US: php4 bug only affects Windows -CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) - - squid 2.5.5-5 -CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) - NOT-FOR-US: Windows -CAN-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...) - NOT-FOR-US: MacOS -CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...) - NOT-FOR-US: MacOS -CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) - NOT-FOR-US: Opera -CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) - - tripwire 2.3.1.2.0-2.1 -CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) - NOTE: fixed in 2.4.27 -CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) - NOT-FOR-US: Business Objects WebIntelligence -CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...) - NOT-FOR-US: Business Objects WebIntelligence -CAN-2004-0532 - RESERVED -CAN-2004-0531 - RESERVED -CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) - NOT-FOR-US: Slackware specific rpath issue -CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) - NOT-FOR-US: cPanel is not our cpanel -CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...) - NOT-FOR-US: Netscape Navigator 7.1 -CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...) - NOTE: konquror 2.2.2 and earlier, later should not be vulnerale - NOTE: but did not check in detail -CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...) - NOT-FOR-US: Windows -CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...) - NOT-FOR-US: iLO -CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...) - NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian -CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) - {DSA-520} -CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...) - {DSA-512} -CAN-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...) - {DSA-535} -CAN-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) - {DSA-535} -CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - {DSA-535} -CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) - NOT-FOR-US: MacOS -CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...) - NOT-FOR-US: MacOS -CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...) - NOT-FOR-US: MacOS -CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) - NOT-FOR-US: MacOS -CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) - NOT-FOR-US: MacOS -CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to "logging when ...) - NOT-FOR-US: MacOS -CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) - NOT-FOR-US: SCO MMDF -CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) - NOT-FOR-US: SCO MMDF -CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...) - NOT-FOR-US: SCO MMDF -CAN-2004-0509 - RESERVED -CAN-2004-0508 - RESERVED -CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...) - - ethereal 0.10.4 -CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...) - - ethereal 0.10.4 -CAN-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) - - ethereal 0.10.4 -CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...) - - ethereal 0.10.4 -CAN-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...) - NOT-FOR-US: Microsoft -CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) - NOT-FOR-US: Microsoft -CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...) - NOT-FOR-US: Microsoft -CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) - - gaim 1:0.81-3 -CAN-2004-0499 - RESERVED -CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...) - NOT-FOR-US: StoneSoft firewall engine -CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...) - NOTE: linux kernel fchown hole, fixed in all current kernels -CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) - NOTE: fixed in 2.6.7 -CAN-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...) - NOTE: fixed in 2.4.27-rc1 -CAN-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...) - - gnome-vfs 1.0.1 - TODO: Fedora fixed this in a recent mc advisory, we should double-check whether - TODO: this applies to Debian's mc package -CAN-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...) - - apache2 2.0.50-1 -CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...) - {DSA-525} - - apache 1.3.31-2 -CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...) - NOTE: appears redhat specific -CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...) - NOT-FOR-US: cPanel is not our cpanel -CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) - NOT-FOR-US: MacOS -CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...) - {DSA-532} - - apache2 2.0.50-1 -CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...) - NOT-FOR-US: Norton -CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) - NOT-FOR-US: MacOS -CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...) - NOT-FOR-US: MacOS -CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...) - NOT-FOR-US: Microsoft -CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) - NOT-FOR-US: IRIX -CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...) - NOT-FOR-US: OpenBSD -CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...) - NOT-FOR-US: the KCMS on Solaris -CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...) - NOT-FOR-US: Lotus Notes -CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Microsoft -CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...) - NOTE: only a Mozilla DOS - TODO: not even fixed upstream -CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...) - NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router -CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...) - NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router -CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) - NOT-FOR-US: Microsoft -CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...) - NOT-FOR-US: Help Center (HelpCtr.exe) -CAN-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...) - NOT-FOR-US: opera -CAN-2004-0472 - REJECTED -CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) - NOT-FOR-US: BEA WebLogic -CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) - NOT-FOR-US: BEA WebLogic -CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) - NOT-FOR-US: Check Point VPN -CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) - NOT-FOR-US: Juniper JUNOS -CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...) - NOT-FOR-US: Juniper JUNOS -CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...) - NOT-FOR-US: WebConnect -CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...) - NOT-FOR-US: WebConnect -CAN-2004-0464 - RESERVED -CAN-2004-0463 - RESERVED -CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...) - NOT-FOR-US: Multiple embedded hardware vendors -CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) - NOTE: debian probably not vulnerable - - dhcp3 3.0.1 -CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) - - dhcp3 3.0.1 -CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...) - NOT-FOR-US: DOS in 802.11 protocol -CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...) - {DSA-503} - - mah-jong 1.6.2-1 -CAN-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...) - {DSA-540} -CAN-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...) - {DSA-527} -CAN-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) - {DSA-523} -CAN-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...) - {DSA-524} - - rlpr 2.05-1 (bug #255402) -CAN-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...) - - vice 1.14-2 -CAN-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) - {DSA-620-1} -CAN-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) - {DSA-521} -CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...) - {DSA-513} -CAN-2004-0449 - RESERVED -CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) - {DSA-510} -CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) - NOTE: fixed in linux 2.4.26 -CAN-2004-0446 - RESERVED -CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...) - NOT-FOR-US: Norton -CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...) - NOT-FOR-US: Norton -CAN-2004-0443 - RESERVED -CAN-2004-0442 - RESERVED -CAN-2004-0441 - RESERVED -CAN-2004-0440 - RESERVED -CAN-2004-0439 - RESERVED -CAN-2004-0438 - RESERVED -CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...) - NOT-FOR-US: Titan FTP Server -CAN-2004-0436 - RESERVED -CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...) - NOT-FOR-US: FreeBSD -CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...) - {DSA-504} -CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...) - NOTE: mplayer not in Debian - - xine-lib 1-rc4 -CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) - - proftpd 1.2.9-4 -CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...) - NOT-FOR-US: Apple QuickTime -CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) - NOT-FOR-US: MacOS -CAN-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) - NOT-FOR-US: RAdmin for Mac OS X -CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) - NOT-FOR-US: Mac OS X) -CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) - - linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive) - - kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive) - NOTE: Fixed in 2.6.6/2.4.26 kernel -CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) - {DSA-499} -CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...) - NOT-FOR-US: windows -CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) - NOTE: fixed after 2.6.4/2.4.26 kernel -CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) - NOTE: bug still exists in the ssmtp source, but is only activated if - NOTE: --enable-logfile is used in ./configure - NOTE: The package doesn't enable that flag so it is safe. -CAN-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...) - {DSA-500} -CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...) - {DSA-498} -CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...) - NOT-FOR-US: windows -CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...) - NOTE: reserved (baruch) -CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) - {DSA-519} - - cvs 1:1.12.9-1 -CAN-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...) - {DSA-519} - - cvs 1:1.12.9-1 -CAN-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...) - {DSA-519} - - cvs 1:1.12.9-1 -CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) - NOTE: fixed in 2.4.27-rc6, so fixed in kernel-source-2.4.27 -CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) - {DSA-517} - - cvs 1:1.12.9-1 -CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...) - - subversion 1.0.5-1 -CAN-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) - - mailman 2.1.4-5 -CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...) - {DSA-518} -CAN-2004-0410 - RESERVED - NOTE: An empty CAN, never published. -CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) - {DSA-493} - - xchat 2.0.8-1 -CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...) - {DSA-494} -CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) - NOT-FOR-US: ColdFusion -CAN-2004-0406 - RESERVED -CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) - {DSA-486} - - cvs 1:1.12.5-4 -CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...) - {DSA-488} -CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...) - - racoon 0.3.1-3 -CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...) - {DSA-508} -CAN-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...) - - libtasn1 0.1.2-2 -CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...) - {DSA-502 DSA-501} - - exim 3.36-11 -CAN-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) - {DSA-502 DSA-501} - - exim 3.36-11 -CAN-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...) - {DSA-507 DSA-506} - -CAN-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...) - - subversion 1.0.3-1 - NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791 -CAN-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) - {DSA-505} - - cvs 1:1.12.5-6 -CAN-2004-0395 (The xatitv program in the gatos package does not properly drop root ...) - {DSA-509} -CAN-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) - NOTE: apparently not very exploitable, does not affect 2.6 - NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch - NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug -CAN-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...) - {DSA-524} -CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) - - apache 1.3.31-2 -CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) - NOT-FOR-US: Cisco Wireless LAN Solution Engine -CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) - NOT-FOR-US: SCO OpenServer -CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) - NOT-FOR-US: RealNetworks Helix Universal Server -CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) - {DSA-483} -CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...) - NOT-FOR-US: RealPlayer plugin -CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...) - NOT-FOR-US: mplayer; not in the archive -CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...) - NOT-FOR-US: Oracle 9i Application Server Web Cache -CAN-2004-0384 - RESERVED -CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...) - NOT-FOR-US: Mail for Mac OS X -CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...) - NOT-FOR-US: CUPS printing system in Mac OS X -CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) - {DSA-483} -CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...) - NOT-FOR-US: Microsoft Outlook Express -CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) - NOT-FOR-US: Microsoft SharePoint Portal Server 2001 -CAN-2004-0378 - RESERVED -CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) - NOT-FOR-US: perl; Win32 is affected, UNIX systems not -CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) - {DSA-473} -CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) - NOT-FOR-US: Symantec Norton Internet Security -CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...) - {DSA-471} -CAN-2004-0373 - RESERVED -CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...) - {DSA-477} -CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...) - {DSA-476} -CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) - NOT-FOR-US: KAME -CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) - NOT-FOR-US: Entrust LibKmp ISAKMP library -CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) - NOT-FOR-US: CDE -CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) - - ethereal 0.10.3 (bug #239576) -CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...) - {DSA-469} - NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask - NOTE: for approval on d-release - - pam-pgsql 0.5.2-9 -CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...) - - ethereal 0.10.3 (bug #239576) -CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...) - NOT-FOR-US: WrapNISUM ActiveX -CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...) - NOT-FOR-US: SymSpamHelper ActiveX -CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...) - NOT-FOR-US: ISS Protocol Analysis Module -CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...) - NOT-FOR-US: safari -CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) - NOT-FOR-US: solaris -CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...) - NOT-FOR-US: Invision Power Board -CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) - NOT-FOR-US: VirtuaNews Admin Panel -CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...) - NOT-FOR-US: SL Mail Pro -CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...) - NOT-FOR-US: Invision Power Board -CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...) - NOT-FOR-US: GNU Anubis -CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...) - NOT-FOR-US: GNU Anubis -CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...) - NOT-FOR-US: Cisco -CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) - NOT-FOR-US: Spider Sales -CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...) - NOT-FOR-US: Spider Sales -CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...) - NOT-FOR-US: GWeb HTTP Server -CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...) - NOT-FOR-US: SpiderSales -CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...) - - proftpd 1.2.9 -CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...) - NOT-FOR-US: Red Faction -CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...) - NOT-FOR-US: YaBB SE -CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) - NOT-FOR-US: YaBB SE -CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...) - NOT-FOR-US: WFPTD -CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) - NOT-FOR-US: WFPTD -CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...) - NOT-FOR-US: WFPTD -CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...) - - phpbb2 2.0.6d -CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...) - NOT-FOR-US: Invision Board Forum -CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) - NOT-FOR-US: 602LAN SUITE -CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...) - NOT-FOR-US: 602LAN SUITE -CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...) - NOT-FOR-US: AXIS 2100 -CAN-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...) - - uudeview 0.5.20 (medium) -CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...) - NOT-FOR-US: extremail -CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) - NOT-FOR-US: Dell OpenManage Web Server -CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...) - NOT-FOR-US: Serv-U -CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...) - NOT-FOR-US: FreeChat -CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...) - NOT-FOR-US: Gigabyte Broadband Router -CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...) - NOT-FOR-US: PhpNewsManager -CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) - NOT-FOR-US: GateKeeper Pro -CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) - NOT-FOR-US: TypSoft -CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...) - NOT-FOR-US: confirm 0.70 -CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...) - NOT-FOR-US: xmb 1.8 final sp2 -CAN-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...) - NOT-FOR-US: xmb 1.8 final sp2 -CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) - NOT-FOR-US: Team Factor -CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...) - NOT-FOR-US: ezBoard -CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...) - NOT-FOR-US: Load Sharing Facility -CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...) - NOT-FOR-US: Load Sharing Facility -CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...) - NOT-FOR-US: Avirt -CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) - NOT-FOR-US: Avirt -CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...) - NOT-FOR-US: WebzEdit -CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...) - NOT-FOR-US: PSOProxy -CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...) - NOT-FOR-US: LINKSYS -CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) - NOT-FOR-US: APC -CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...) - NOT-FOR-US: LiveJournal -CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...) - NOT-FOR-US: cisco -CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...) - NOT-FOR-US: WebCortex WebStores -CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) - NOT-FOR-US: WebCortex WebStores -CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...) - NOT-FOR-US: OWLS 1.0 -CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) - NOT-FOR-US: OWLS 1.0 -CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) - NOT-FOR-US: Online Store Kit -CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...) - NOT-FOR-US: Online Store Kit -CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) - NOT-FOR-US: smallftpd; -CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...) - NOT-FOR-US: CesarFTP; Win32 -CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) - NOT-FOR-US: Broker FTP 6.1.0.0; Win32 -CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) - NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32 -CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...) - NOT-FOR-US: yabb; -CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...) - NOT-FOR-US: ShopCartCGI 2.3; -CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...) - NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32 -CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...) - NOT-FOR-US: YaBB; -CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...) - NOT-FOR-US: Purge Jihad; -CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) - NOT-FOR-US: SignatureDB; -CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) - - mnogosearch 3.2.18 - NOTE: it's not quite clear which version exactly fixes the problem; - NOTE: I checked the source code of the most recent version and compared - NOTE: it with the problematic section described in the advisory - NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2) - NOTE: and I can confirm the buffer overflow is fixed there -CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...) - NOT-FOR-US: Xlight FTP server 1.52; -CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) - NOT-FOR-US: RobotFTP; -CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...) - NOT-FOR-US: PHP scripts -CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) - NOT-FOR-US: MSIE bugs -CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...) - NOT-FOR-US: mailmgr; -CAN-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Crob FTP; -CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...) - NOT-FOR-US: Caucho Technology Resin; -CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...) - NOT-FOR-US: Caucho Technology Resin; -CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) - NOT-FOR-US: AIMSniff; -CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...) - NOT-FOR-US: Ratbag game engine; -CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) - NOT-FOR-US: Dream FTP; -CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...) - NOT-FOR-US: BosDates; -CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) - NOT-FOR-US: MaxWebPortal; -CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...) - NOT-FOR-US: MaxWebPortal; -CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) - NOT-FOR-US: PHP-Nuke; -CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...) - NOT-FOR-US: EvolutionX; -CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...) - NOT-FOR-US: eTrust InoculateIT; -CAN-2004-0266 (SQL injection vulnerability in the "public message" capability ...) - NOT-FOR-US: PHP-Nuke; -CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...) - NOT-FOR-US: PHP-Nuke; -CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...) - NOT-FOR-US: PalmOS -CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...) - NOT-FOR-US: The Palace; -CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) - NOT-FOR-US: CactuShop; -CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...) - NOT-FOR-US: formmail.php; -CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...) - NOT-FOR-US: RealPlayer -CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...) - NOT-FOR-US: Xlight; -CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) - NOT-FOR-US: Discuz; -CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...) - NOT-FOR-US: IBM Cloudscape -CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...) - NOT-FOR-US: TYPSoft FTP Server -CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) - NOT-FOR-US: rxgoogle.cgi -CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...) - NOT-FOR-US: PhotoPost PHP Pro -CAN-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...) - NOT-FOR-US: PHPX -CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...) - NOT-FOR-US: PHPX -CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...) - NOT-FOR-US: Chaser -CAN-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) - NOT-FOR-US: Les Commentaires -CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) - NOT-FOR-US: Web Crossing -CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) - NOT-FOR-US: Cisco Systems -CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) - NOT-FOR-US: AIX -CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) - NOT-FOR-US: X-Cart 3.4.3 -CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) - NOT-FOR-US: X-Cart 3.4.3 -CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...) - NOT-FOR-US: X-Cart 3.4.3 -CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) - NOT-FOR-US: PhotoPost PHP Pro -CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...) - - overkill 0.16-7 -CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) - NOT-FOR-US: Aprox PHP Portal -CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) - NOT-FOR-US: thePHOTOtool -CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) - {DSA-515} -CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...) - {DSA-515} -CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...) - NOT-FOR-US: utempter -CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) - {DSA-497} -CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) - {DSA-497} -CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...) - NOT-FOR-US: famous TCP RST bug -CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) - NOT-FOR-US: Kernel 2.6 framebuffer bug -CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) - NOTE: fixed in linux 2.4.27-pre3 -CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...) - NOT-FOR-US: ZoneMinder -CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) - {DSA-497} -CAN-2004-0225 - RESERVED -CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...) - - courier 0.45.1-1 -CAN-2004-0223 - RESERVED -CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...) - NOT-FOR-US: isakmpd in OpenBSD -CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: isakmpd in OpenBSD -CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: isakmpd in OpenBSD -CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: isakmpd in OpenBSD -CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: isakmpd in OpenBSD -CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...) - NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat -CAN-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...) - NOT-FOR-US: MSIE bug -CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...) - NOT-FOR-US: MS-Outlook-Express -CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) - NOT-FOR-US: MSIE bug -CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...) - NOT-FOR-US: Windows bug -CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) - NOT-FOR-US: Windows bug -CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...) - NOT-FOR-US: Windows bug -CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...) - NOT-FOR-US: Windows bug -CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...) - NOT-FOR-US: Windows bug -CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...) - NOT-FOR-US: Windows bug -CAN-2004-0207 ("Shatter" style vulnerability in the Window Management application ...) - NOT-FOR-US: Windows bug -CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) - NOT-FOR-US: Windows bug -CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...) - NOT-FOR-US: Windows bug -CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...) - NOT-FOR-US: Visual Studio bug -CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...) - NOT-FOR-US: Exchange bug -CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...) - NOT-FOR-US: DirectX -CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...) - NOT-FOR-US: Windows HTML Help -CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...) - NOT-FOR-US: famous Windows GDI+ JPEG parsing bug -CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...) - NOT-FOR-US: Windows bug -CAN-2004-0198 - RESERVED -CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...) - NOT-FOR-US: MSJet bug -CAN-2004-0196 - RESERVED -CAN-2004-0195 - RESERVED -CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) - NOT-FOR-US: Symantec Gateway Security -CAN-2004-0187 - REJECTED -CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) - {DSA-478} - - tcpdump 3.7.2-4 -CAN-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) - {DSA-478} - - tcpdump 3.7.2-4 -CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...) - NOT-FOR-US: mailman; RedHat specific bug -CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...) - NOTE: fixed in 2.4.26-pre5 -CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) - {DSA-486} -CAN-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) - {DSA-487} -CAN-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) - {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - NOTE: fixed in 2.4.26-pre3 -CAN-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...) - {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - NOTE: fixed in 2.4.26-pre4 -CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...) - {DSA-511} - - ethereal 0.10.3-1 (bug #239576) -CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) - NOTE: openssh bug #270770 - NOTE: this bug is old and known; see the bug discussion for further information. - NOTE: apparently the security team thinks this is a minor issue; nevertheless, - NOTE: the bug is still open, so they should close it if it really is neglectible. - NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH -CAN-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...) - - apache 1.3.29.0.2-5 -CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) - NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root -CAN-2004-0170 - RESERVED -CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...) - NOT-FOR-US: CoreFoundation for Mac OS X -CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...) - NOT-FOR-US: Safari -CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...) - - ipsec-tools 0.3.3-1 - NOTE: not mentioned in the changelog, so I don't know which version exactly fixes - NOTE: the problem, but the patch that fixes the bug is applied: - NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 -CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) - NOT-FOR-US: Sygate Secure Enterprise -CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) - NOT-FOR-US: general MIME bug with security gateways -CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) - NOT-FOR-US: general MIME bug with security gateways -CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) - {DSA-445} -CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...) - {DSA-484} -CAN-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...) - {DSA-485} -CAN-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) - - racoon 0.2.5-2 -CAN-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) - - nfs-utils 1:1.0.5-3 -CAN-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...) - {DSA-468} -CAN-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) - {DSA-468} -CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) - {DSA-462} -CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...) - {DSA-451} -CAN-2004-0147 - RESERVED -CAN-2004-0146 - RESERVED -CAN-2004-0145 - RESERVED -CAN-2004-0144 - RESERVED -CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) - NOT-FOR-US: Nokia mobile phones -CAN-2004-0142 - RESERVED -CAN-2004-0141 - RESERVED -CAN-2004-0140 - RESERVED -CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) - NOT-FOR-US: SGI IRIX -CAN-2004-0138 - RESERVED -CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) - NOT-FOR-US: IRIX init -CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) - NOT-FOR-US: IRIX -CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...) - NOT-FOR-US: IRIX -CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...) - NOT-FOR-US: IRIX -CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) - NOTE: fixed in 2.4.26-pre2 -CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...) - NOT-FOR-US: ezContents -CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) - NOT-FOR-US: phpGedView -CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...) - NOT-FOR-US: phpGedView -CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...) - NOT-FOR-US: FreeBSD jail -CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...) - NOT-FOR-US: Windows bug -CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...) - NOT-FOR-US: Windows bug -CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...) - NOT-FOR-US: Windows bug -CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...) - NOT-FOR-US: Windows bug -CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...) - NOT-FOR-US: Windows bug -CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) - NOT-FOR-US: Windows bug -CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...) - NOT-FOR-US: Windows bug -CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...) - - openssl 0.9.7d-1 -CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) - {DSA-455} -CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) - {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - NOTE: fixed in 2.4.26-rc4 -CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...) - - sysstat 5.0.2-1 -CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) - {DSA-443} -CAN-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...) - {DSA-449} -CAN-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...) - {DSA-449} -CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) - {DSA-432} -CAN-2004-0102 - RESERVED -CAN-2004-0101 - RESERVED -CAN-2004-0100 - RESERVED -CAN-2004-0098 - RESERVED -CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) - {DSA-448} -CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...) - NOT-FOR-US: Safari -CAN-2004-0091 (** DISPUTED ** ...) - NOT-FOR-US: vBulletin -CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...) - NOT-FOR-US: MacOS -CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) - NOT-FOR-US: MacOS -CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) - NOT-FOR-US: MacOS -CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...) - NOT-FOR-US: MacOS -CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) - NOT-FOR-US: MacOS -CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...) - {DSA-443} -CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...) - {DSA-443} -CAN-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...) - {DSA-465} -CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...) - {DSA-465} - - openssl096 0.9.6m-1 -CAN-2004-0076 - REJECTED -CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) - NOTE: turned out not to be vulnerable. See bug #278777 -CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...) - NOT-FOR-US: EasyDynamicPages -CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) - NOT-FOR-US: Accipiter Direct Server 6.0 -CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...) - NOT-FOR-US: PHP Man Page Lookup 1.2.0 -CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...) - NOT-FOR-US: HD Soft Windows FTP Server 1.6 -CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...) - NOT-FOR-US: phpGedView -CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) - NOT-FOR-US: phpGedView -CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) - NOT-FOR-US: phpGedView -CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...) - NOT-FOR-US: SuSE YaST -CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...) - NOT-FOR-US: FishCart -CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) - NOT-FOR-US: WWW File Share Pro 2.42 -CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) - NOT-FOR-US: WWW File Share Pro 2.42 -CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...) - NOT-FOR-US: WWW File Share Pro 2.42 -CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...) - NOT-FOR-US: Antivir -CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) - {DSA-425} -CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...) - NOT-FOR-US: Nortel Networks products -CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) - {DSA-425} -CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) - NOT-FOR-US: Cisco IOS -CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) - NOT-FOR-US: Multiple security gateways MIME parsing stuff -CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) - NOT-FOR-US: Multiple security gateways MIME parsing stuff -CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) - NOT-FOR-US: Multiple security gateways MIME parsing stuff -CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...) - NOT-FOR-US: Verity Ultraseek -CAN-2004-0048 - RESERVED -CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) - {DSA-430} -CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) - NOT-FOR-US: SnapStream PVS LITE -CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...) - NOT-FOR-US: Yahoo Instant Messenger -CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...) - - vsftpd 2.0.1-1 - NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't - NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html -CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...) - {DSA-421} -CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...) - NOT-FOR-US: Check Point Firewall -CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) - NOT-FOR-US: McAfee -CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...) - NOT-FOR-US: FistClass Desktop Client -CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) - NOT-FOR-US: Phorum -CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...) - NOT-FOR-US: PHPGEDVIEW -CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) - NOT-FOR-US: Lotus Notes Domino -CAN-2004-0027 - RESERVED -CAN-2004-0026 - RESERVED -CAN-2004-0025 - RESERVED -CAN-2004-0024 - RESERVED -CAN-2004-0023 - RESERVED -CAN-2004-0022 - RESERVED -CAN-2004-0021 - RESERVED -CAN-2004-0020 - RESERVED -CAN-2004-0019 - RESERVED -CAN-2004-0018 - RESERVED -CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...) - {DSA-419} -CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) - {DSA-412} -CAN-2004-0012 - RESERVED -CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) - {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - NOTE: fixed in 2.4.25-pre7 -CAN-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...) - {DSA-434} - - gaim 1:0.75-2 -CAN-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) - {DSA-434} - - gaim 1:0.75-2 -CAN-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) - {DSA-434} - - gaim 1:0.75-2 -CAN-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) - {DSA-434} -CAN-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) - {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - NOTE: fixed in 2.4.26-rc4 -CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...) - NOT-FOR-US: FreeBSD netinet -CAN-2003-1565 - REJECTED -CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...) - NOT-FOR-US: IBM DB2 -CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...) - NOT-FOR-US: IBM DB2 -CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) - NOT-FOR-US: IBM DB2 -CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...) - NOT-FOR-US: IBM DB2 -CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...) - NOT-FOR-US: microsoft -CAN-2003-1047 - REJECTED -CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) - - bugzilla 2.16.4-1 -CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...) - - bugzilla 2.16.4-1 -CAN-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) - - bugzilla 2.16.4-1 -CAN-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) - - bugzilla 2.16.4-1 -CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) - - bugzilla 2.16.4-1 -CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...) - NOT-FOR-US: microsoft -CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...) - NOTE: linux kernel kmod local DoS, fixed in all current kernels -CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) - NOT-FOR-US: SAP -CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...) - NOT-FOR-US: SAP -CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...) - NOT-FOR-US: SAP -CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...) - NOT-FOR-US: SAP -CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...) - NOT-FOR-US: SAP -CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...) - NOT-FOR-US: SAP -CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) - NOT-FOR-US: SAP -CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) - NOT-FOR-US: Pi3Web not in debian -CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) - NOT-FOR-US: VBulletin -CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...) - NOT-FOR-US: Dameware -CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...) - {DSA-425} -CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...) - NOT-FOR-US: microsoft -CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) - NOT-FOR-US: microsoft -CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) - NOT-FOR-US: microsoft -CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) - NOT-FOR-US: microsoft -CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) - NOT-FOR-US: solaris -CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) - {DSA-424} -CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...) - NOT-FOR-US: SCO -CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...) - - irssi-text 0.8.9-0.1 -CAN-2003-1019 - RESERVED -CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...) - NOT-FOR-US: AIX -CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) - - flashplugin-nonfree 7.0.25-1 -CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) - NOTE: Multiple vendor MIME quote bypass filtering - TODO: unchecked -CAN-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) - - mime-tools 5.411-2 -CAN-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) - NOTE: Multiple vendor MIME RFC822 comment bypass filtering - TODO: unchecked -CAN-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...) - {DSA-407} - - ethereal 0.10.0-1 -CAN-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) - {DSA-407} - - ethereal 0.10.0-1 -CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...) - NOT-FOR-US: Apple -CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...) - NOT-FOR-US: Apple -CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...) - NOT-FOR-US: Apple -CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) - NOT-FOR-US: Apple -CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...) - NOT-FOR-US: Apple -CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) - NOT-FOR-US: Apple -CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...) - NOT-FOR-US: Apple -CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) - NOT-FOR-US: Cisco -CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) - NOT-FOR-US: Cisco -CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) - NOT-FOR-US: Cisco -CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) - NOT-FOR-US: Cisco -CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...) - - xchat 2.0.7 - NOTE: apparently only DOS -CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...) - NOT-FOR-US: Solaris -CAN-2003-0998 (Unknown "potential system security vulnerability" in Computer ...) - NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CAN-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...) - NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...) - NOT-FOR-US: Microsoft -CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) - - mailman 2.1.3 -CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) - NOTE: apparenlty false/bad advisory - NOTE: http://www.securityfocus.com/archive/1/348366 - NOTE: possible problemsm before 1.4.2, 1.4.2 ok -CAN-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...) - {DSA-425} - - tcpdump 3.8.1 -CAN-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...) - - apache 1.3.29.0.2-5 -CAN-2003-0986 - RESERVED -CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) - NOTE: fixed in 2.4.24-rc1 -CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) - NOT-FOR-US: Cisco Unity on IBM servers -CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) - NOT-FOR-US: Cisco -CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) - NOT-FOR-US: visitorbook.pl -CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) - NOT-FOR-US: visitorbook.pl -CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...) - NOT-FOR-US: visitorbook.pl -CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...) - NOT-FOR-US: gpgkeys_hkp -CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) - - cvs 1:1.11.10 -CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) - NOT-FOR-US: netware -CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...) - NOTE: nor-for-us (MacOS) -CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...) - NOT-FOR-US: Applied Watch Command Center -CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...) - {DSA-452} -CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...) - {DSA-408} - - screen 4.0.2-0.1 -CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...) - {DSA-429} -CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...) - NOT-FOR-US: Sun Fire B1600 -CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...) - NOTE: freeradius module in question is not built in debian package - NOTE: buffer overflow apparently fixed in freeradius 1.0.1 -CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) - - freeradius 0.9.2-4 -CAN-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...) - NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...) - {DSA-436} -CAN-2003-0964 - REJECTED -CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) - - lftp 2.6.10 -CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...) - {DSA-404} -CAN-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...) - {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} - NOTE: do_brk hole - NOTE: fixed in 2.4.23-pre7 -CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) - NOT-FOR-US: OpenCA -CAN-2003-0959 - RESERVED -CAN-2003-0958 - RESERVED -CAN-2003-0957 - RESERVED -CAN-2003-0956 - RESERVED -CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) - NOT-FOR-US: OpenBSD -CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) - NOT-FOR-US: rcp -CAN-2003-0953 - RESERVED -CAN-2003-0952 - RESERVED -CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) - NOT-FOR-US: HP-UX -CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) - NOT-FOR-US: PeopleSoft PeopleTools -CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...) - {DSA-405} -CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...) - NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. -CAN-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) - NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. -CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...) - - clamav 0.65 -CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...) - NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...) - NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...) - NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...) - NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) - NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) - NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...) - NOT-FOR-US: SAP database server (SAP DB) -CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) - NOT-FOR-US: SAP database server (SAP DB) -CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...) - NOT-FOR-US: UnixWare -CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...) - NOT-FOR-US: PCAnywhere -CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) - - net-snmp 5.0.9 -CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...) - NOT-FOR-US: Symbol Access Portable Data Terminal -CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) - {DSA-398} -CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...) - {DSA-400} -CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) - NOT-FOR-US: Sygate Enforcer -CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...) - NOT-FOR-US: Clearswift MAILsweeper -CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) - NOT-FOR-US: Clearswift MAILsweeper -CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) - NOT-FOR-US: Clearswift MAILsweeper -CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...) - {DSA-407} - - ethereal 0.9.16-0.1 -CAN-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) - {DSA-407} - - ethereal 0.9.16-0.1 -CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) - {DSA-407} - - ethereal 0.9.16-0.1 -CAN-2003-0923 - RESERVED -CAN-2003-0922 - RESERVED -CAN-2003-0921 - RESERVED -CAN-2003-0920 - RESERVED -CAN-2003-0919 - RESERVED -CAN-2003-0918 - RESERVED -CAN-2003-0917 - RESERVED -CAN-2003-0916 - RESERVED -CAN-2003-0915 - RESERVED -CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...) - {DSA-409} -CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...) - NOT-FOR-US: MacOS -CAN-2003-0912 - RESERVED -CAN-2003-0911 - RESERVED -CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...) - NOT-FOR-US: Windows -CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...) - NOT-FOR-US: Windows -CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...) - NOT-FOR-US: Windows -CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) - NOT-FOR-US: Windows -CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) - NOT-FOR-US: Windows -CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) - NOT-FOR-US: Windows -CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) - {DSA-402} -CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...) - {DSA-397} -CAN-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...) - - perl 5.8.2 -CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...) - {DSA-396} -CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...) - NOT-FOR-US: IBM DB2 -CAN-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) - NOT-FOR-US: microsoft -CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) - NOT-FOR-US: Sun/Java -CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) - NOT-FOR-US: Apple -CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...) - NOT-FOR-US: Oracle -CAN-2003-0893 - RESERVED -CAN-2003-0892 - RESERVED -CAN-2003-0891 - RESERVED -CAN-2003-0890 - RESERVED -CAN-2003-0889 - RESERVED -CAN-2003-0888 - RESERVED -CAN-2003-0887 - RESERVED -CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) - {DSA-401} -CAN-2003-0885 - RESERVED -CAN-2003-0884 - RESERVED -CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) - NOT-FOR-US: Apple -CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...) - NOT-FOR-US: Apple -CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...) - NOT-FOR-US: Apple -CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...) - NOT-FOR-US: Apple -CAN-2003-0879 - REJECTED -CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...) - NOT-FOR-US: Apple -CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...) - NOT-FOR-US: Apple -CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...) - NOT-FOR-US: Apple -CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...) - NOTE: source package only - NOTE: openslp: slpd.all_init symlink vuln - NOTE: this file is not used in Debian, so it's not a problem for us. - NOTE: source package still distributes the file, however. - - openslp 1.0.11a-1 -CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) - NOT-FOR-US: Deskpro -CAN-2003-0873 - RESERVED -CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) - NOT-FOR-US: SCO -CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) - NOT-FOR-US: Apple -CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) - NOT-FOR-US: Opera -CAN-2003-0869 - RESERVED -CAN-2003-0868 - RESERVED -CAN-2003-0867 - REJECTED -CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) - {DSA-395} -CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) - {DSA-435} - - mpg123 0.59r-15 -CAN-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...) - - ircd-irc2 2.10.3p5-1 -CAN-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...) - NOTE: php4, this bug appears not to have been fixed. - NOTE: submitted to BTS on libapache-mod-php4 - NOTE: developer claims there is no problem -CAN-2003-0862 - REJECTED -CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) - - php4 4:4.3.3-1 -CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...) - - php4 4:4.3.3-1 -CAN-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...) - NOTE: affects glibc 2.2.4, Debian uses 2.3.2 -CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) - {DSA-415} -CAN-2003-0857 - RESERVED -CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...) - {DSA-492} - - iproute 20010824-13.1 -CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...) - - pan 0.13.4-1 -CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...) - {DSA-705-1} - - coreutils 5.2.1-1 -CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...) - - coreutils 5.2.1-1 -CAN-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) - - sylpheed-claws 0.9.8claws-1 -CAN-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...) - NOTE: affects openssl 0.9.6. Testing uses 0.9.7. -CAN-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) - {DSA-410} - - libnids1 1.18-1 -CAN-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...) - - cfengine2 2.0.9+2.1.0b3-1 -CAN-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...) - {DSA-428} - - slocate 2.7-3 -CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...) - NOT-FOR-US: SuSE -CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...) - NOT-FOR-US: SuSE -CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) - NOT-FOR-US: JBoss -CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) - NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode - NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. -CAN-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) - NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode - NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. -CAN-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) - NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode - NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. -CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...) - NOT-FOR-US: Peoplesoft -CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...) - NOT-FOR-US: HPUX -CAN-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) - NOT-FOR-US: microsoft -CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) - NOT-FOR-US: microsoft -CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...) - NOT-FOR-US: IBM DB2 -CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) - NOT-FOR-US: IBM DB2 -CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) - NOT-FOR-US: mplayer -CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) - NOT-FOR-US: CDE -CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) - {DSA-392} - - webfs 1.20 -CAN-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...) - {DSA-392} - - webfs 1.20 -CAN-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...) - - proftpd 1.2.9-1 -CAN-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...) - {DSA-390} - NOTE: marbles package not in testing or unstable -CAN-2003-0829 - RESERVED -CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...) - {DSA-391} - - freesweep 0.88-4.1 (bug #242616) -CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) - NOT-FOR-US: IBM DB2 -CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...) - {DSA-717-1} - - lsh-utils 1.4.2-6 -CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...) - NOT-FOR-US: microsoft -CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) - NOT-FOR-US: microsoft -CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) - NOT-FOR-US: microsoft -CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) - NOT-FOR-US: microsoft -CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...) - NOT-FOR-US: microsoft -CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) - NOT-FOR-US: microsoft -CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) - NOT-FOR-US: microsoft -CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) - NOT-FOR-US: microsoft -CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) - NOT-FOR-US: microsoft -CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) - NOT-FOR-US: microsoft -CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) - NOT-FOR-US: microsoft -CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) - NOT-FOR-US: microsoft -CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...) - NOT-FOR-US: microsoft -CAN-2003-0811 - RESERVED -CAN-2003-0810 - RESERVED -CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...) - NOT-FOR-US: microsoft -CAN-2003-0808 - RESERVED -CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) - NOT-FOR-US: microsoft -CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...) - NOT-FOR-US: microsoft -CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...) - {DSA-387} - NOTE: gopherd not in testing or unstable (deprecated) -CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...) - NOT-FOR-US: BSD -CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) - NOT-FOR-US: Nokia -CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) - NOT-FOR-US: Nokia -CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) - NOT-FOR-US: Nokia -CAN-2003-0800 - RESERVED -CAN-2003-0799 - RESERVED -CAN-2003-0798 - RESERVED -CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) - NOT-FOR-US: SGI IRIX -CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) - NOT-FOR-US: SGI IRIX -CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...) - {DSA-415} -CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) - - gdm 2.4.4.4 -CAN-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...) - - gdm 2.4.4.4 -CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) - - fetchmail 6.2.5 -CAN-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...) - - mozilla-browser 2:1.5 -CAN-2003-0790 - REJECTED -CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) - - apache2 2.0.48 -CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...) - - cupsys 1.1.19 -CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) - - ssh 1:3.7.1p2 -CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...) - - ssh 1:3.7.1p2 -CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...) - {DSA-389} -CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) - NOT-FOR-US: IBM TSM -CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) - {DSA-385} -CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...) - {DSA-467} -CAN-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...) - {DSA-467} -CAN-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...) - {DSA-381} -CAN-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...) - - asterisk 0.7.0 -CAN-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) - {DSA-379} -CAN-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...) - {DSA-379} -CAN-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) - {DSA-379} -CAN-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...) - {DSA-379} -CAN-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...) - {DSA-379} -CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) - {DSA-379} -CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) - NOT-FOR-US: WS_FTP server -CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...) - - libapache-gallery-perl 0.7 -CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...) - NOT-FOR-US: IkonBoard -CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...) - NOT-FOR-US: ICQ Web Front -CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) - NOT-FOR-US: microsoft -CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...) - NOT-FOR-US: RogerWilco -CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...) - NOT-FOR-US: ftp desktop (windows) -CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...) - NOT-FOR-US: winamp -CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...) - NOT-FOR-US: Escapade Scripting Engine (ESP -CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) - NOT-FOR-US: Escapade Scripting Engine (ESP -CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...) - NOT-FOR-US: foxweb -CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...) - - asterisk 0.5.0 -CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: optisoft blubster -CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...) - NOT-FOR-US: IBM DB2 -CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...) - NOT-FOR-US: IBM DB2 -CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) - NOT-FOR-US: check point firewall -CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...) - NOT-FOR-US: sitebuilder -CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...) - NOT-FOR-US: gtkftpd -CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) - NOT-FOR-US: newsPHP -CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...) - NOT-FOR-US: newsPHP -CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...) - NOT-FOR-US: AttilaPHP -CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...) - NOT-FOR-US: PY-Membres -CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...) - NOT-FOR-US: PY-Membres -CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) - NOT-FOR-US: SAP -CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...) - NOT-FOR-US: SAP -CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...) - NOT-FOR-US: SAP -CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...) - NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb -CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...) - NOT-FOR-US: castlerock SNMPc -CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...) - - leafnode 1.9.42 -CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) - {DSA-376} - - exim 3.36-8 -CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) - NOT-FOR-US: SCO -CAN-2003-0741 - RESERVED -CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) - - stunnel 2:3.26 - - stunnel4 2:4.04 -CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...) - NOT-FOR-US: VMware -CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) - NOT-FOR-US: phpWebSite -CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) - NOT-FOR-US: phpWebSite -CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...) - NOT-FOR-US: phpWebSite -CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) - NOT-FOR-US: phpWebSite -CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...) - - libpam-ldap 164-1 - - libnss-ldap 207-1 -CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...) - NOT-FOR-US: BEA weblogic -CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) - NOT-FOR-US: cisco -CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) - NOT-FOR-US: cisco -CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...) - {DSA-380} -CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...) - NOT-FOR-US: tellurian tftpdNT -CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) - - horde2 2.2.4 -CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) - NOT-FOR-US: oracle -CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) - NOT-FOR-US: RealOne player -CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...) - NOT-FOR-US: Real Networks Server / Helix Server -CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...) - NOT-FOR-US: HP Tru64 -CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) - - gkrellmd 2.1.14 -CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...) - NOT-FOR-US: solaris -CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...) - - pine 4.58 -CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) - - pine 4.58 -CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) - NOT-FOR-US: microsoft -CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...) - NOT-FOR-US: microsoft -CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...) - NOT-FOR-US: microsoft -CAN-2003-0716 - RESERVED -CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...) - NOT-FOR-US: microsoft -CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...) - NOT-FOR-US: microsoft -CAN-2003-0713 - RESERVED -CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) - NOT-FOR-US: microsoft -CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...) - NOT-FOR-US: pchealth for windows -CAN-2003-0710 - RESERVED -CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...) - - whois 4.6.7 -CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) - {DSA-375} -CAN-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...) - {DSA-375} -CAN-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...) - {DSA-378} -CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) - {DSA-378} -CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...) - NOT-FOR-US: KisMAC for Mac OS X -CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...) - NOT-FOR-US: KisMAC for Mac OS X -CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) - NOT-FOR-US: microsoft -CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) - NOT-FOR-US: microsoft -CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...) - NOTE: fixed in 2.4.22-pre3 -CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) - NOTE: fixed in 2.4.21-rc2 -CAN-2003-0698 - REJECTED - NOTE: see CAN-2003-0743 -CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) - NOT-FOR-US: AIX -CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...) - NOT-FOR-US: AIX -CAN-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) - {DSA-383 DSA-382} -CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...) - {DSA-384} -CAN-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...) - {DSA-383 DSA-382} - - openssh 1:3.6.1p2-6.0 -CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...) - {DSA-388} -CAN-2003-0691 - RESERVED -CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...) - {DSA-443 DSA-388} -CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) - - libc6 2.2.5 -CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...) - - sendmail 8.12.9 -CAN-2003-0687 - REJECTED -CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...) - {DSA-374} -CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...) - {DSA-372} -CAN-2003-0684 - RESERVED -CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) - NOT-FOR-US: SGI -CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) - {DSA-383 DSA-382} - - openssh 1:3.6.1p2-9 -CAN-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) - {DSA-384} -CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) - NOT-FOR-US: SGI IRIX -CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) - NOT-FOR-US: SGI IRIX -CAN-2003-0678 - RESERVED -CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) - NOT-FOR-US: Cisco -CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) - NOT-FOR-US: Sun iPlanet -CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...) - {DSA-370} -CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) - NOT-FOR-US: sustworks IPNetSentryX -CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...) - NOT-FOR-US: sustworks IPNetSentryX -CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...) - NOT-FOR-US: solaris -CAN-2003-0668 - RESERVED -CAN-2003-0667 - RESERVED -CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...) - NOT-FOR-US: microsoft -CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...) - NOT-FOR-US: microsoft -CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...) - NOT-FOR-US: microsoft -CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...) - NOT-FOR-US: microsoft -CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...) - NOT-FOR-US: microsoft -CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) - NOT-FOR-US: microsoft -CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...) - NOT-FOR-US: microsoft -CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...) - NOT-FOR-US: microsoft -CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...) - NOT-FOR-US: docview / caldera -CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...) - {DSA-365} -CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) - {DSA-366} -CAN-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...) - - cdrecord 4:2.0+a18-1 -CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...) - {DSA-373} -CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...) - NOT-FOR-US: NetBSD -CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...) - {DSA-367} -CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...) - NOT-FOR-US: mod_mylo for apache -CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...) - NOT-FOR-US: gamespy -CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...) - {DSA-368} -CAN-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...) - {DSA-472} -CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...) - NOT-FOR-US: Cisco -CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...) - NOT-FOR-US: ActiveX -CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) - {DSA-364} -CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...) - - kdbg 1.2.9-1 -CAN-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...) - {DSA-358} - NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3) -CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...) - NOT-FOR-US: Watchguard / win -CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...) - NOT-FOR-US: Watchguard / win -CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...) - NOT-FOR-US: BEA WebLogic -CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...) - NOT-FOR-US: novell ichain -CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...) - NOT-FOR-US: novell ichain -CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...) - NOT-FOR-US: novell ichain -CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) - NOT-FOR-US: novell ichain -CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...) - NOT-FOR-US: novell ichain -CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...) - NOT-FOR-US: oracle -CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) - NOT-FOR-US: oracle -CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) - NOT-FOR-US: oracle -CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...) - NOT-FOR-US: VMware -CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...) - {DSA-359} -CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...) - NOT-FOR-US: peoplesoft -CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) - NOT-FOR-US: peoplesoft -CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) - NOT-FOR-US: peoplesoft -CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) - NOT-FOR-US: peoplesoft -CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) - {DSA-360} -CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) - NOT-FOR-US: BEA WebLogic -CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) - NOT-FOR-US: BEA Tuxedo -CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) - NOT-FOR-US: BEA Tuxedo -CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) - NOT-FOR-US: BEA Tuxedo -CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) - {DSA-364} -CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...) - {DSA-358} - NOTE: fixed in 2.4.21-pre3 -CAN-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...) - {DSA-431} -CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) - {DSA-362} -CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...) - NOT-FOR-US: McAfee -CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...) - {DSA-371} -CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) - {DSA-355} -CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...) - {DSA-369} -CAN-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...) - - crafty 19.3-1 -CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...) - {DSA-356} -CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...) - NOT-FOR-US: McAfee -CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) - NOT-FOR-US: Solaris -CAN-2003-0608 - RESERVED -CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...) - {DSA-354} -CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...) - {DSA-353} - - sup 1.8-9 -CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...) - NOT-FOR-US: Microsoft -CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...) - - bugzilla 2.16.3 - NOTE: in 2.17.x : we need at least 2.17.4 -CAN-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) - - bugzilla 2.16.3 - NOTE: in 2.17.x : we need at least 2.17.4 -CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...) - NOT-FOR-US: Apple -CAN-2003-0600 - RESERVED -CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) - {DSA-365} -CAN-2003-0598 - REJECTED -CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...) - NOT-FOR-US: Unixware -CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...) - {DSA-352} - - fdclone 2.02a -CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...) - NOT-FOR-US: WiTango Application Server and Tango 2000 -CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...) - NOTE: cannot find reference to it being fixed. - TODO: check -CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...) - NOT-FOR-US: opera -CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...) - {DSA-459} -CAN-2003-0591 - REJECTED -CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) - NOT-FOR-US: Splatt Forum -CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...) - NOT-FOR-US: Digi-ads -CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...) - NOT-FOR-US: Digi-news -CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) - NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB) -CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...) - NOT-FOR-US: Brooky eStore -CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...) - NOT-FOR-US: Brooky eStore -CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...) - NOT-FOR-US: BRU -CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) - NOT-FOR-US: BRU -CAN-2003-0582 - REJECTED -CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) - {DSA-360} -CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...) - NOT-FOR-US: IBM U2 UniVerse -CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...) - NOT-FOR-US: IBM U2 UniVerse -CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) - NOT-FOR-US: IBM U2 UniVerse -CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) - - mpg123 0.59r-1 -CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) - NOT-FOR-US: IRIX -CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) - NOT-FOR-US: IRIX -CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...) - NOT-FOR-US: IRIX -CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) - NOT-FOR-US: IRIX -CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) - NOT-FOR-US: IRIX -CAN-2003-0571 - RESERVED -CAN-2003-0570 - RESERVED -CAN-2003-0569 - RESERVED -CAN-2003-0568 - RESERVED -CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) - NOT-FOR-US: Cisco -CAN-2003-0566 - RESERVED -CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...) - NOTE: affects many implementations of the X.400 protocol - TODO: see if anything in debian uses X.400 and is vulnerable. -CAN-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...) - NOTE: affects multiple S/MIME implementations - NOTE: checked current mozilla, which contains safe NSS 3.9.1 - - mozilla 2:1.7.3 - TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable -CAN-2003-0563 - RESERVED -CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) - NOT-FOR-US: Novell Netware -CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) - NOT-FOR-US: IglooFTP -CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...) - NOT-FOR-US: VP-ASP -CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) - NOT-FOR-US: phpforum -CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...) - NOT-FOR-US: LeapFTP -CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...) - NOT-FOR-US: StoreFront -CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...) - NOT-FOR-US: Polycom MGC -CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) - NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 -CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...) - NOT-FOR-US: NeoModus Direct Connect -CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) - NOT-FOR-US: Netscape -CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...) - {DSA-423 DSA-358} - NOTE: fixed in 2.4.22-pre3 -CAN-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...) - {DSA-423 DSA-358} - NOTE: fixed in 2.4.22-pre3 -CAN-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...) - {DSA-423 DSA-358} - NOTE: fixed in 2.4.22-pre3 -CAN-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - - gdm 2.4.1.5 -CAN-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - - gdm 2.4.1.5 -CAN-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...) - - gdm 2.4.1.5 -CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) - NOT-FOR-US: up2date -CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) - {DSA-394 DSA-393} -CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...) - {DSA-394 DSA-393} -CAN-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) - {DSA-394 DSA-393} -CAN-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...) - - apache2 2.0.48 - - apache 1.3.29 -CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...) - {DSA-710-1} - NOTE: does not affect evolution on debian - - gtkhtml 1.0.4-6.2 -CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...) - {DSA-363} -CAN-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...) - {DSA-343} -CAN-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...) - {DSA-342} -CAN-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...) - {DSA-341} -CAN-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) - {DSA-346} -CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...) - {DSA-345} -CAN-2003-0534 - RESERVED -CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...) - NOT-FOR-US: Microsoft -CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) - NOT-FOR-US: Microsoft -CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) - NOT-FOR-US: Microsoft -CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) - NOT-FOR-US: Microsoft -CAN-2003-0529 - RESERVED -CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...) - NOT-FOR-US: Microsoft -CAN-2003-0527 - RESERVED -CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) - NOT-FOR-US: Microsoft -CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...) - NOT-FOR-US: Microsoft -CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...) - NOTE: appears specific to the knoppix CD -CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...) - NOT-FOR-US: ProductCart -CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...) - NOT-FOR-US: ProductCart -CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) - NOT-FOR-US: cPanel is not our cpanel -CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) - NOT-FOR-US: Trillian -CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...) - NOT-FOR-US: Microsoft -CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) - NOT-FOR-US: MacOS -CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...) - - mgetty 1.1.29 (bug #199351) -CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...) - - mgetty 1.1.29 (bug #199351) -CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...) - {DSA-347} -CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) - NOT-FOR-US: Safari -CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) - NOT-FOR-US: MSIE -CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) - NOT-FOR-US: Cisco -CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) - NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices -CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) - NOT-FOR-US: ezbounce -CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) - NOT-FOR-US: Cyberstrong eShop -CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...) - NOT-FOR-US: acroread -CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) - NOT-FOR-US: Microsoft -CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...) - NOT-FOR-US: Microsoft -CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...) - NOT-FOR-US: Microsoft -CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) - {DSA-365} -CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...) - NOT-FOR-US: Microsoft -CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) - NOT-FOR-US: Apple Quicktime -CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...) - {DSA-423 DSA-358} - NOTE: fixed in 2.4.22-pre10 -CAN-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...) - {DSA-338} -CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) - {DSA-335} -CAN-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...) - NOT-FOR-US: Intersystems Cache database -CAN-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...) - NOT-FOR-US: Intersystems Cache database -CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) - NOT-FOR-US: Microsoft -CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) - NOT-FOR-US: lednews; not in debian -CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...) - NOT-FOR-US: snitz forums; not in debian -CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) - NOT-FOR-US: snitz forums; not in debian -CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...) - NOT-FOR-US: snitz forums; not in debian -CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) - NOT-FOR-US: xoop; not in debian -CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) - NOT-FOR-US: Dantz Retrospect -CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...) - {DSA-330} -CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) - NOT-FOR-US: Kerio Mail server -CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...) - NOT-FOR-US: Kerio Mail server -CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...) - - phpbb2 2.0.6 -CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...) - NOT-FOR-US: Progress 4GL Compiler -CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...) - - phpbb2 2.0.6d-3 -CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) - NOT-FOR-US: XMB Forum -CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...) - - tutos 1.1.20030715-1 -CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - - tutos 1.1.20030715-1 -CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...) - NOT-FOR-US: VMware -CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...) - NOT-FOR-US: WebBBS; not in debian -CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...) - NOT-FOR-US: bahamut and other irc daemons; not in debian -CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...) - - wzdftpd 0.2 -CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...) - {DSA-423 DSA-358} - NOTE: fixed in 2.4.22-pre4 -CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...) - NOT-FOR-US: iWeb server -CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...) - NOT-FOR-US: iWeb server -CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...) - NOT-FOR-US: SGI IRIX -CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) - NOT-FOR-US: SGI IRIX -CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...) - NOT-FOR-US: webadmin / win -CAN-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...) - NOT-FOR-US: symantec activex -CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) - NOT-FOR-US: microsoft -CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...) - {DSA-363} -CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...) - NOTE: fixed in linux 2.4.21 -CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) - {DSA-357} -CAN-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) - NOTE: generic .c version fixed in 2.6.x but not in 2.4.x - NOTE: arch specific asm versions: - NOTE: x86 is not affected - NOTE: ppc32 fixed in 2.4.22-rc4 - NOTE: not an issue on alpha, see bug #280492 - - kernel-source-2.4.27 2.4.27-8 - NOTE: above fixes s390x, ppc64 and s390 and generic C version -CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) - NOTE: fixed in linux 2.4.22-pre8 -CAN-2003-0463 - RESERVED -CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...) - {DSA-423 DSA-358} -CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...) - {DSA-423 DSA-358} -CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...) - NOT-FOR-US: apache for win and os/2 -CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) - {DSA-361} -CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) - NOT-FOR-US: HP -CAN-2003-0457 - RESERVED - - mysql-dfsg 4.0.21-4 -CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...) - NOT-FOR-US: visnetic website -CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...) - {DSA-331} -CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...) - {DSA-334} -CAN-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...) - {DSA-348} -CAN-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...) - {DSA-329} -CAN-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) - {DSA-327} -CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...) - {DSA-321} -CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...) - NOT-FOR-US: progress database -CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...) - NOT-FOR-US: portmon; not in debian -CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...) - NOT-FOR-US: microsoft -CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) - NOT-FOR-US: microsoft -CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...) - {DSA-328} -CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...) - {DSA-337} -CAN-2003-0443 - RESERVED -CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...) - {DSA-351} -CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...) - {DSA-326} -CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) - {DSA-339} -CAN-2003-0439 - RESERVED -CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) - {DSA-325} -CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...) - - mnogosearch-common 3.2.11 -CAN-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...) - - mnogosearch-common 3.2.11 -CAN-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...) - {DSA-322} -CAN-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) - NOTE: various pdf viewers - NOTE: kpdf does not seem to support hyperlinks; so not vulnerable - NOTE: gpdf 2.8.0 does not seem to be vulnerable - - xpdf 2.02pl1-1 -CAN-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...) - {DSA-315} -CAN-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) - {DSA-324} -CAN-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) - {DSA-324} -CAN-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...) - - ethereal 0.9.13 -CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...) - {DSA-324} -CAN-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...) - {DSA-324} -CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) - {DSA-320} -CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...) - NOT-FOR-US: Apple -CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...) - NOT-FOR-US: Apple -CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) - NOT-FOR-US: Apple -CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...) - NOT-FOR-US: Apple -CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) - NOT-FOR-US: Apple -CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) - NOT-FOR-US: Apple -CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...) - NOT-FOR-US: Apple -CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) - NOT-FOR-US: SMC -CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) - NOTE: only linux 2.0.x -CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...) - NOT-FOR-US: Son hServer -CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) - NOT-FOR-US: bandmin; -CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) - NOT-FOR-US: Remote PC Access -CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) - NOT-FOR-US: Sun ONE -CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) - NOT-FOR-US: Sun ONE -CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...) - NOT-FOR-US: Sun ONE -CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...) - NOT-FOR-US: Sun ONE -CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...) - NOT-FOR-US: AnalogX proxy -CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...) - NOT-FOR-US: BRS WebWeaver -CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) - NOT-FOR-US: Uptimes Project upclient; -CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...) - - gbatnav 1.0.4-4 -CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...) - NOT-FOR-US: PalmVNC -CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...) - NOT-FOR-US: Vignette -CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...) - NOT-FOR-US: Vignette -CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...) - NOT-FOR-US: Vignette -CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) - NOT-FOR-US: Vignette -CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...) - NOT-FOR-US: Vignette -CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) - NOT-FOR-US: Vignette / AIX -CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...) - NOT-FOR-US: Vignette StoryServer -CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...) - NOT-FOR-US: Vignette StoryServer -CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) - NOT-FOR-US: FastTrack network code (Kazaa) -CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...) - - linux-atm 2.4.1 -CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...) - NOT-FOR-US: Ultimate PHP Board -CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...) - NOT-FOR-US: BLNews -CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...) - NOT-FOR-US: Privacyware Privatefirewall -CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) - NOT-FOR-US: ST FTP Service (DOS) -CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) - NOT-FOR-US: Magic WinMail Server -CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) - - opt 3.19 -CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...) - NOT-FOR-US: RSA ACE/Agent -CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...) - NOTE: pam is not vulnerable in default confuguration - NOTE: pam is not vulnerable at all in sarge, according to maintainer -CAN-2003-0387 - RESERVED -CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) - NOTE: fixed in current openssh, which always does reverse mapping now -CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...) - {DSA-310} - - xaos 3.1r-4 -CAN-2003-0384 - RESERVED -CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...) - {DSA-309} -CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...) - {DSA-323} -CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...) - {DSA-314} -CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) - NOT-FOR-US: MaxOS -CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) - NOT-FOR-US: MaxOS -CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) - NOT-FOR-US: iisPROTECT -CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...) - NOT-FOR-US: Eudora -CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) - NOT-FOR-US: XMBforum aka Partagium) -CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) - - nessus 2.0.6 -CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...) - - nessus 2.0.6 -CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...) - - nessus 2.0.6 -CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) - NOT-FOR-US: Prishtina FTP client -CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...) - {DSA-361} -CAN-2003-0369 - RESERVED -CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...) - NOT-FOR-US: Nokia Gateway GPRS -CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...) - {DSA-308} -CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) - {DSA-318} -CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...) - NOT-FOR-US: ICQLite -CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) - {DSA-442 DSA-336 DSA-332 DSA-311} -CAN-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...) - - licq 1.2-7-1 -CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) - {DSA-307} -CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) - {DSA-307} -CAN-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) - {DSA-307} -CAN-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...) - {DSA-316} -CAN-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...) - {DSA-350 DSA-316} -CAN-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...) - {DSA-313} -CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...) - {DSA-313} -CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) - NOT-FOR-US: Safari -CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) - - gs-gpl 7.07 -CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...) - NOT-FOR-US: Microsoft -CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...) - NOT-FOR-US: Microsoft -CAN-2003-0351 - REJECTED -CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...) - NOT-FOR-US: Microsoft -CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) - NOT-FOR-US: Microsoft -CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...) - NOT-FOR-US: Microsoft -CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) - NOT-FOR-US: Microsoft -CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) - NOT-FOR-US: Microsoft -CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) - NOT-FOR-US: Microsoft -CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...) - NOT-FOR-US: Microsoft -CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) - NOT-FOR-US: BlackMoon FTP Server -CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) - NOT-FOR-US: BlackMoon FTP Server -CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...) - NOT-FOR-US: Owl Intranet Engine -CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...) - NOT-FOR-US: Puresecure -CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...) - NOT-FOR-US: WsMp3 -CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) - NOT-FOR-US: WsMp3 -CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...) - NOT-FOR-US: lsadmin -CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) - NOT-FOR-US: Eudora -CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...) - NOT-FOR-US: Slaskware specific -CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...) - - ircii-pana 1:1.0-0c19.20030512-1 -CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) - NOT-FOR-US: C-Kermit on HP-UX -CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...) - NOT-FOR-US: BadBlue -CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...) - NOT-FOR-US: ttForum -CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) - NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. -CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...) - NOT-FOR-US: CesarFTP -CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...) - {DSA-399 DSA-306} -CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...) - NOT-FOR-US: Sybase Adaptive Server Enterprise -CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) - NOTE: bug does exist in slocate. - NOTE: only impacts security if kernel has been recompiled to allow - NOTE: an absurd 536870912 bytes of command line arguments. This is - NOTE: very unlikely, and if you do exploit it, you get only slocate - NOTE: gid. -CAN-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...) - NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. -CAN-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...) - {DSA-287} -CAN-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...) - {DSA-298 DSA-291} -CAN-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...) - {DSA-306} -CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...) - {DSA-306} -CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) - NOT-FOR-US: ttCMS -CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...) - NOT-FOR-US: SmartMax MailMax -CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) - NOT-FOR-US: PHP-Nuke -CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...) - NOT-FOR-US: iisPROTECT -CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...) - NOT-FOR-US: Venturi Client -CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Snowblind Web Server -CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Snowblind Web Server -CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) - NOT-FOR-US: Snowblind Web Server -CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) - NOT-FOR-US: Snowblind Web Server -CAN-2003-0311 - RESERVED -CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...) - NOTE: author apparently fixed hole by time vuln was reported, - NOTE: and I guess that fix made it into new upstream versions, - NOTE: but I did not check in detail -CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) - NOT-FOR-US: MSIE -CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) - {DSA-305} -CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...) - NOT-FOR-US: Poster version.two -CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...) - NOT-FOR-US: Windows -CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) - NOT-FOR-US: Cisco -CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...) - NOT-FOR-US: one||zero (aka One or Zero) Helpdesk -CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...) - NOT-FOR-US: one||zero (aka One or Zero) Helpdesk -CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) - NOT-FOR-US: Eudora -CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...) - NOT-FOR-US: Microsort -CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...) - NOTE: sylpheed and sylpheed-claws might still be vulnerable - NOTE: but it's only a crasher -CAN-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) - NOTE: mutt and balsa might still be vulnerable - NOTE: but it's only a crasher -CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) - - mozilla 2:1.5-1 - NOTE: May have been fixed in an earlier version. Not clear how - NOTE: Mozilla's a/b versions map to the Debian version. -CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...) - - uw-imap 7:2002c - NOTE: did not check pine -CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...) - - evolution 1.3.2 -CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) - NOT-FOR-US: vBulletin -CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) - NOT-FOR-US: php-proxima -CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...) - NOT-FOR-US: PalmOS -CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...) - NOT-FOR-US: Inktomi -CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...) - NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router -CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) - NOT-FOR-US: eServ -CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...) - - cdrtools 4:2.0+a14-1 -CAN-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...) - NOT-FOR-US: IP Messenger for Win -CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...) - NOT-FOR-US: Movable Type -CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...) - NOT-FOR-US: Snitz Forums -CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) - NOT-FOR-US: bad sendmail config on AIX -CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...) - NOT-FOR-US: Adobe Acrobat -CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) - NOT-FOR-US: Phorum -CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...) - {DSA-344} -CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...) - - firebird2 1.5.1-1 - NOTE: firebird (1) in debian is very insecure and vulnerable, but - NOTE: the server is not included, just the libraries. See bug #251458 -CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...) - NOT-FOR-US: SMTP Service for ESMTP CMailServer -CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) - NOT-FOR-US: PHP-Nuke -CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...) - NOT-FOR-US: HappyMail -CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...) - NOT-FOR-US: HappyMail -CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...) - NOT-FOR-US: Pi3Web -CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: YaBB SE -CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...) - NOT-FOR-US: ListProc -CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...) - NOTE: old version of Request Tracker not in debian. -CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...) - NOT-FOR-US: miniPortail -CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...) - NOT-FOR-US: Personal FTP Server -CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) - NOT-FOR-US: Apple Airport -CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) - NOT-FOR-US: youbin -CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) - NOT-FOR-US: SLWebMail on Windows -CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...) - NOT-FOR-US: SLWebMail on Windows -CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...) - NOT-FOR-US: SLWebMail on Windows -CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...) - NOT-FOR-US: SDBINST for SAP database -CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) - NOT-FOR-US: SLMail -CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...) - NOT-FOR-US: FTGatePro -CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) - {DSA-299} -CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...) - {DSA-302} -CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) - NOT-FOR-US: Cisco -CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) - NOT-FOR-US: Cisco -CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) - NOT-FOR-US: Cisco -CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) - NOT-FOR-US: AIX -CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) - - kopete 3.2.0 -CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...) - - gnupg 1.2.2 -CAN-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) - - apache2 2.0.47 -CAN-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...) - - apache2 2.0.47 -CAN-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) - {DSA-349} -CAN-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) - NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 - - nis 3.11 -CAN-2003-0250 - RESERVED -CAN-2003-0249 - RESERVED -CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...) - {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} -CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) - {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} -CAN-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...) - {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} -CAN-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...) - - apache2 2.0.46 -CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...) - {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} -CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) - NOT-FOR-US: Happycgi.com Happymall -CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...) - NOT-FOR-US: MacOS -CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...) - NOT-FOR-US: FrontRange GoldMine / win -CAN-2003-0240 (The web-based administration capability for various Axis Network ...) - NOT-FOR-US: Axis Network Camera -CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...) - NOT-FOR-US: Mirabilis ICQ / windows -CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...) - NOT-FOR-US: Mirabilis ICQ / windows -CAN-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) - NOT-FOR-US: Mirabilis ICQ / windows -CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...) - NOT-FOR-US: Mirabilis ICQ / windows -CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) - NOT-FOR-US: Mirabilis ICQ / windows -CAN-2003-0234 - RESERVED -CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...) - NOT-FOR-US: microsoft -CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...) - NOT-FOR-US: microsoft -CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...) - NOT-FOR-US: microsoft -CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...) - NOT-FOR-US: microsoft -CAN-2003-0229 - RESERVED -CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...) - NOT-FOR-US: microsoft -CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) - NOT-FOR-US: microsoft -CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...) - NOT-FOR-US: microsoft -CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) - NOT-FOR-US: microsoft -CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...) - NOT-FOR-US: microsoft -CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...) - NOT-FOR-US: microsoft -CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) - NOT-FOR-US: oracle -CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) - NOT-FOR-US: HP tru64 -CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) - NOT-FOR-US: Kerio Personal Firewall -CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) - NOT-FOR-US: Kerio Personal Firewall -CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...) - NOT-FOR-US: Monkey http daemon; not in debian -CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...) - NOT-FOR-US: Neoteris Instant Virtual Extranet -CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...) - NOT-FOR-US: cisco -CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...) - NOT-FOR-US: bttlxeForum / win -CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...) - {DSA-292} -CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...) - {DSA-295} -CAN-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...) - {DSA-289} -CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) - - xinetd 1:2.3.11 -CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...) - NOT-FOR-US: cisco -CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...) - {DSA-297} -CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...) - NOT-FOR-US: macromedia flash -CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...) - {DSA-286} -CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) - {DSA-294} -CAN-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) - {DSA-294} -CAN-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...) - {DSA-296 DSA-293 DSA-284} -CAN-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) - {DSA-281} -CAN-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...) - {DSA-279} -CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) - {DSA-280} -CAN-2003-0200 - RESERVED -CAN-2003-0199 - RESERVED -CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) - NOT-FOR-US: MacOS -CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) - NOT-FOR-US: Interbase Database -CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...) - {DSA-280} -CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...) - {DSA-317} -CAN-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...) - NOTE: apparently a redhat specific compilation prolem of tcpdump -CAN-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) - {DSA-575-1} - - catdoc 0.91.5-2 -CAN-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...) - - apache2 2.0.47 -CAN-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...) - - ssh 1:3.8.1p1-8.sarge.4 -CAN-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...) - - apache2 2.0.46 -CAN-2003-0188 (lv reads a .lv file from the current working directory, which allows ...) - {DSA-304} -CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...) - NOTE: only affects kernel 2.4.19, 2.4.20. -CAN-2003-0186 - RESERVED -CAN-2003-0185 - RESERVED -CAN-2003-0184 - RESERVED -CAN-2003-0183 - RESERVED -CAN-2003-0182 - RESERVED -CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) - NOT-FOR-US: Lotus Domino Web Server -CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) - NOT-FOR-US: Lotus Domino Web Server -CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...) - NOT-FOR-US: Lotus Domino Web Server -CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...) - NOT-FOR-US: Lotus Domino Web Server -CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...) - NOT-FOR-US: IRIX -CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...) - NOT-FOR-US: IRIX -CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) - NOT-FOR-US: IRIX -CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...) - NOT-FOR-US: IRIX -CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...) - {DSA-283} -CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) - NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) -CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...) - NOT-FOR-US: MacOS -CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...) - NOT-FOR-US: AIX -CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) - NOT-FOR-US: HP Instant TopTools -CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...) - NOT-FOR-US: Apple QuickTime Player -CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...) - {DSA-300 DSA-274} -CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...) - NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) -CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) - - eog 2.2.1 -CAN-2003-0164 - RESERVED -CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) - NOTE: Gaim-Encryption Plugin not in debian -CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) - {DSA-271} -CAN-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) - {DSA-290 DSA-278} -CAN-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - - squirrelmail 1:1.2.11 -CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) - - ethereal 0.9.10 -CAN-2003-0158 - REJECTED -CAN-2003-0157 - REJECTED -CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...) - {DSA-264} -CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...) - {DSA-265} -CAN-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) - {DSA-265} -CAN-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) - {DSA-265} -CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...) - {DSA-265} -CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...) - NOT-FOR-US: BEA WebLogic Server -CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...) - {DSA-303} -CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...) - NOT-FOR-US: McAfee ePolicy Orchestrator -CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...) - NOT-FOR-US: McAfee ePolicy Orchestrator -CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...) - {DSA-288} -CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...) - {DSA-263} -CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) - {DSA-275 DSA-267} -CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...) - NOT-FOR-US: acroread -CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...) - NOT-FOR-US: Real -CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) - {DSA-268} -CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) - {DSA-273 DSA-266} -CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...) - {DSA-273 DSA-269 DSA-266} -CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) - NOT-FOR-US: Nokia Serving GPRS support node -CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...) - {DSA-285} -CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...) - NOTE: red-hat specific compilation problem of vsftpd -CAN-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...) - - apache2 2.0.46 -CAN-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...) - - evolution 1.2.4 -CAN-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) - - apache2 2.0.45 -CAN-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) - {DSA-288} -CAN-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...) - - evolution 1.2.3 -CAN-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...) - - evolution 1.2.3 -CAN-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) - - evolution 1.2.3 -CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...) - {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} -CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) - NOT-FOR-US: SOHO Routefinder 550 firmware -CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...) - NOT-FOR-US: Clearswift MAILsweeper -CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...) - NOT-FOR-US: AIX -CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...) - NOT-FOR-US: Microsoft -CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) - NOT-FOR-US: Microsoft -CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) - NOT-FOR-US: Microsoft -CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) - NOT-FOR-US: Microsoft -CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) - NOT-FOR-US: Microsoft -CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) - NOT-FOR-US: Microsoft -CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...) - NOT-FOR-US: Microsoft -CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...) - NOT-FOR-US: Microsoft -CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...) - NOT-FOR-US: Microsoft -CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...) - NOT-FOR-US: Microsoft -CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) - NOT-FOR-US: Symantec Enterprise Firewall -CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...) - NOT-FOR-US: ServerMask -CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...) - {DSA-319} -CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...) - {DSA-277} -CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...) - {DSA-277} -CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) - NOT-FOR-US: Oracle -CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...) - NOT-FOR-US: Solaris -CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...) - NOT-FOR-US: Solaris -CAN-2003-0090 - REJECTED -CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...) - NOT-FOR-US: HP-UX -CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...) - {DSA-262} -CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...) - {DSA-262} -CAN-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...) - NOTE: mod_auth_any not in Debian -CAN-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) - - apache2 2.0.46 - - apache 1.3.25 -CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) - {DSA-266} -CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...) - - gnome-lokkit 0.50.22-4 -CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...) - - dcgui 0.2.2 -CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...) - - plptools 0.12-0 -CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) - {DSA-266} -CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...) - NOT-FOR-US: HP UX -CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) - - krb5 1.2.4 -CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) - {DSA-248} -CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...) - {DSA-252} -CAN-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...) - NOT-FOR-US: MacOS -CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) - NOTE: apparently fixed upstream 2002-11-12 changelog -CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...) - NOT-FOR-US: commercial ssh clients -CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...) - NOT-FOR-US: commercial ssh clients -CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) - {DSA-246} -CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) - {DSA-246} -CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) - NOTE: verified sarge version of krb5-clients not vulnerable - NOTE: nothing in changelogs -CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) - {DSA-436} -CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) - {DSA-244} -CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) - NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux -CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...) - NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux -CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...) - NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in - NOTE: chooser/mtinkc.c's version, which goes into mtinkc - NOTE: it's not installed setuid or setgid, so this is not exploitable -CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) - {DSA-228} -CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) - NOT-FOR-US: Protegrity Secure.Data Extension Feature -CAN-2003-0029 - RESERVED -CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) - {DSA-282 DSA-272 DSA-266} -CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...) - {DSA-231} -CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) - {DSA-229} -CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...) - {DSA-633-1} - TODO: check -CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...) - NOT-FOR-US: Microsoft -CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...) - NOT-FOR-US: Windows Script Engine for JScript -CAN-2003-0008 - RESERVED -CAN-2003-0006 - RESERVED -CAN-2003-0005 - RESERVED -CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...) - {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} -CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...) - NOT-FOR-US: IBM DB2 -CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...) - NOTE: mailreader. Affects 2.3.30 and 2.3.31. - NOTE: Sarge uses 2.3.29. -CAN-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...) - {DSA-534} - - mailreader 2.3.29-9 -CAN-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...) - {DSA-215} - - cyrus-imapd 1.5.19-9.10 -CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...) - NOT-FOR-US: SAP -CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) - NOT-FOR-US: SAP -CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...) - NOT-FOR-US: SAP -CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...) - NOT-FOR-US: SAP -CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...) - {DSA-437} - - cgiemail 1.6-20 -CAN-2002-1573 - RESERVED -CAN-2002-1572 - RESERVED -CAN-2002-1571 - RESERVED -CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...) - - ucd-snmp 4.2.3-2 -CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...) - - gv 1:3.5.8-27 -CAN-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) - - openssl 0.9.6g-1 -CAN-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) - NOTE: tomcat4 cross-site scripting vuln - NOTE: not sure if it's a problem or not - NOTE: contacted package maintainers, they think it's not vulnerable. - TODO: waiting for further information. -CAN-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) - - netris 0.52-1 -CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) - - wget 1.8.1-6.1 -CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...) - NOT-FOR-US: microsoft -CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...) - - stunnel4 4.04-1 - - stunnel 2:3.24-1 -CAN-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...) - {DSA-396} - - thttpd 2.23beta1-2.3 -CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...) - NOT-FOR-US: microsoft -CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...) - NOT-FOR-US: ion-p -CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) - NOT-FOR-US: cisco -CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) - NOT-FOR-US: cisco -CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) - NOT-FOR-US: cisco -CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...) - NOT-FOR-US: cisco -CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...) - NOT-FOR-US: cisco -CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...) - NOT-FOR-US: cisco -CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) - NOT-FOR-US: AIX -CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...) - NOT-FOR-US: Webweaver -CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...) - NOT-FOR-US: Coolsoft -CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...) - NOT-FOR-US: Coolsoft -CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...) - NOT-FOR-US: SolarWinds -CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) - NOT-FOR-US: MDaemon -CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Molly -CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...) - NOT-FOR-US: Symantec -CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...) - NOTE: problem in jetty 4.1.0, Debian started with 4.2 -CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...) - NOT-FOR-US: EMU Webmail -CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...) - NOT-FOR-US: EMU Webmail -CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...) - NOT-FOR-US: Sun -CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...) - NOT-FOR-US: Miniserver -CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...) - NOT-FOR-US: PowerFTP -CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) - NOT-FOR-US: Coolforum -CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) - NOT-FOR-US: BRU -CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...) - {DSA-227} - - openldap2 2.0.27-3 -CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...) - NOT-FOR-US: Unreal -CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...) - NOTE: linuxconf not in unstable or testing -CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) - NOT-FOR-US: webserver-4everyone -CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) - NOTE: AFD not in debian -CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...) - NOT-FOR-US: NetBSD -CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...) - NOT-FOR-US: FactoSystem -CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...) - NOT-FOR-US: SWServer -CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...) - NOT-FOR-US: Jawmail -CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) - NOT-FOR-US: Cisco -CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) - NOT-FOR-US: PlanetDNS -CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) - NOT-FOR-US: Trillian -CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) - NOT-FOR-US: Trillian -CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...) - NOT-FOR-US: Trillian -CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) - NOT-FOR-US: Trillian -CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...) - NOT-FOR-US: db4web -CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) - NOT-FOR-US: db4web -CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...) - NOTE: phpGB not in Debian -CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...) - NOTE: phpGB not in Debian -CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...) - NOTE: phpGB not in Debian -CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...) - NOT-FOR-US: HPUX -CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...) - NOT-FOR-US: HPUX -CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...) - NOT-FOR-US: HPUX -CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) - NOT-FOR-US: Shoutcase -CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...) - - flashplugin-nonfree 6.0.61.0-1 -CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) - NOT-FOR-US: Cafelog -CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...) - NOT-FOR-US: Cafelog -CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...) - NOT-FOR-US: Cafelog -CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...) - NOT-FOR-US: Organic PHP -CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Webshop Manager -CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...) - NOTE: L-Forum not in Debian -CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) - NOTE: L-Forum not in Debian -CAN-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) - NOTE: L-Forum not in Debian -CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...) - NOTE: L-Forum not in Debian -CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...) - NOT-FOR-US: mIRC -CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) - NOT-FOR-US: OmniHTTPD -CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...) - NOT-FOR-US: MyWebServer -CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...) - NOT-FOR-US: MyWebServer -CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) - NOT-FOR-US: MyWebServer -CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) - NOTE: Blazix not in Debian -CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...) - NOT-FOR-US: IBM UniVerse -CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...) - NOTE: eUpload not in Debian -CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...) - NOTE: CERN HTTPD not in Debian -CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...) - NOT-FOR-US: Google Toolbar -CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) - NOT-FOR-US: Google Toolbar -CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...) - NOT-FOR-US: Tomahawk -CAN-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) - NOT-FOR-US: Gateway -CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...) - NOT-FOR-US: HPUX -CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...) - NOT-FOR-US: Kerio -CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Kerio -CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) - NOT-FOR-US: MidiCart -CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) - NOT-FOR-US: Belkin -CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) - NOT-FOR-US: ShoutBox -CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...) - NOTE: dotproject not in Debian -CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) - NOTE: Easy Homepage Creator not in Debian -CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...) - NOT-FOR-US: HP -CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) - NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum - NOTE: is version 2.5.x -CAN-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) - NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum - NOTE: is version 2.5.x -CAN-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) - NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum - NOTE: is version 2.5.x -CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...) - NOT-FOR-US: Webeasymail -CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...) - NOT-FOR-US: Webeasymail -CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) - NOT-FOR-US: Duma -CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...) - NOT-FOR-US: East Guestbook -CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...) - NOT-FOR-US: HPUX -CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...) - NOT-FOR-US: HP Openview -CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...) - NOT-FOR-US: HPUX -CAN-2002-1404 - REJECTED -CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...) - {DSA-165} - - postgresql 7.2.2-2 -CAN-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) - {DSA-165} - - postgresql 7.2.2-2 -CAN-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...) - {DSA-165} - - postgresql 7.2.2-2 -CAN-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...) - - postgresql 7.2.2-2 -CAN-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) - {DSA-165} - - postgresql 7.2.2-2 -CAN-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...) - - postgresql 7.2.2-2 -CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...) - {DSA-202} - - im 1:141-20 -CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...) - {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} - NOTE: KDE2 not in sarge -CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) - {DSA-254} - - traceroute-nanog 6.3.0-1 -CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...) - {DSA-254} - - traceroute-nanog 6.3.0-1 -CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...) - {DSA-232} - - cupsys 1.1.18-1 -CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...) - {DSA-227} - - openldap2 2.0.27-3 -CAN-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) - {DSA-227} - - openldap2 2.0.27-3 -CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...) - {DSA-212} - NOTE: bug in mysql 3, sarge uses mysql 4 -CAN-2002-1370 - REJECTED -CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) - {DSA-232} - - cupsys 1.1.18-1 -CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) - NOTE: Debian uses openssh, not vulnerable -CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) - NOTE: Debian uses openssh, not vulnerable -CAN-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...) - NOTE: Debian uses openssh, not vulnerable -CAN-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...) - NOTE: Debian uses openssh, not vulnerable -CAN-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...) - - ethereal 0.9.8-1 -CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) - - ethereal 0.9.8-1 -CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) - NOT-FOR-US: TYPSoft FTP Server -CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...) - NOT-FOR-US: LocalWEB2000 HTTP server -CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...) - NOT-FOR-US: CartMan -CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) - NOT-FOR-US: Melange Chat System -CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...) - - libsasl2 2.1.10-1 -CAN-2002-1346 - RESERVED -CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) - NOTE: multiple ftp client issues - TODO: check wget, ftp, ncftp, etc. -CAN-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) - {DSA-209} - - wget 1.8.1-6.1 -CAN-2002-1343 - RESERVED -CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...) - {DSA-203} - - smb2www 980804-17 -CAN-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...) - {DSA-220} - - squirrelmail 1:1.3.2-2 -CAN-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...) - NOT-FOR-US: Office Web Components -CAN-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...) - NOT-FOR-US: Office Web Components -CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) - NOT-FOR-US: Office Web Components -CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) - {DSA-251 DSA-250 DSA-249} - - w3mmee 0.3.p24.17-3 -CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) - NOT-FOR-US: BizDesign -CAN-2002-1333 - RESERVED -CAN-2002-1332 - RESERVED -CAN-2002-1331 - RESERVED -CAN-2002-1330 - RESERVED -CAN-2002-1329 - RESERVED -CAN-2002-1328 - RESERVED -CAN-2002-1326 - RESERVED -CAN-2002-1324 - RESERVED -CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...) - NOT-FOR-US: ClearCase -CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...) - NOTE: Realplayer not in Sarge -CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) - NOT-FOR-US: iPlanet -CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...) - NOT-FOR-US: iPlanet -CAN-2002-1314 - RESERVED -CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...) - NOT-FOR-US: Linksys -CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) - NOT-FOR-US: Macromedia -CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) - NOT-FOR-US: Macromedia -CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...) - {DSA-214} - - kdenetwork 4:2.2.2-14.20 -CAN-2002-1305 - RESERVED -CAN-2002-1304 - RESERVED -CAN-2002-1303 - RESERVED -CAN-2002-1302 - RESERVED -CAN-2002-1301 - RESERVED -CAN-2002-1300 - RESERVED -CAN-2002-1299 - RESERVED -CAN-2002-1298 - RESERVED -CAN-2002-1297 - RESERVED -CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) - NOT-FOR-US: Microsoft -CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) - NOT-FOR-US: Microsoft -CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...) - NOT-FOR-US: Microsoft -CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...) - NOT-FOR-US: Microsoft -CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...) - NOT-FOR-US: SuSE-specific lprfilter package -CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) - NOT-FOR-US: Novell iManager (eMFrame) -CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) - {DSA-204} -CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) - {DSA-204} -CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...) - NOT-FOR-US: RealSecure Event Collector -CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) - {DSA-194} -CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...) - {DSA-191} -CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...) - {DSA-192} -CAN-2002-1274 - RESERVED -CAN-2002-1273 - RESERVED -CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...) - NOT-FOR-US: MacOS -CAN-2002-1263 - REJECTED -CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...) - NOT-FOR-US: Microsoft -CAN-2002-1261 - REJECTED -CAN-2002-1259 - REJECTED -CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...) - NOT-FOR-US: Microsoft -CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...) - NOT-FOR-US: Microsoft -CAN-2002-1249 - RESERVED -CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...) - {DSA-193} -CAN-2002-1246 - RESERVED -CAN-2002-1243 - RESERVED -CAN-2002-1241 - RESERVED -CAN-2002-1240 - RESERVED -CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...) - NOT-FOR-US: Peter Sandvik's Simple Web Server -CAN-2002-1237 - RESERVED -CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...) - {DSA-185 DSA-184 DSA-183} -CAN-2002-1234 - REJECTED -CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...) - {DSA-195 DSA-188 DSA-187} -CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...) - NOT-FOR-US: Avaya Cajun switches -CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) - NOT-FOR-US: Solaris -CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...) - {DSA-178} -CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) - {DSA-178} -CAN-2002-1218 - RESERVED -CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) - NOT-FOR-US: Microsoft -CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...) - - tar 1.13.25 -CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) - {DSA-174} -CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...) - NOT-FOR-US: RadioBird Software WebServer 4 Everyone -CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...) - NOT-FOR-US: RadioBird Software WebServer 4 Everyone -CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...) - NOT-FOR-US: Eudora -CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...) - NOT-FOR-US: SolarWinds TFTP Server -CAN-2002-1208 - RESERVED -CAN-2002-1207 - RESERVED -CAN-2002-1206 - RESERVED -CAN-2002-1205 - RESERVED -CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...) - NOT-FOR-US: Netscape Communicator 4.x -CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...) - NOT-FOR-US: IBM SecureWay Firewall -CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) - NOT-FOR-US: HP Tru64 UNIX -CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...) - NOT-FOR-US: AIX -CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) - NOT-FOR-US: NetBSD -CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) - NOT-FOR-US: NetBSD -CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) - NOT-FOR-US: Sabre Desktop -CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) - NOT-FOR-US: Cisco IOS -CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - NOT-FOR-US: Microsoft IIS -CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) - NOT-FOR-US: Winamp -CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...) - NOT-FOR-US: Winamp -CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...) - {DSA-171} -CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) - {DSA-171} -CAN-2002-1173 - RESERVED -CAN-2002-1172 - RESERVED -CAN-2002-1171 - RESERVED -CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) - NOT-FOR-US: IBM Websphere -CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) - NOT-FOR-US: IBM Websphere -CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...) - NOTE: wn not in Debian testing -CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...) - NOTE: Debian uses sendmail 8.13, not vulnerable. -CAN-2002-1161 - REJECTED -CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...) - NOTE: kon2. patched, but I don't know when. - NOTE: assuming the current unstable/testing version is ok then.. - - kon2 0.3.9b-18 -CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...) - NOT-FOR-US: Microsoft Netmeeting -CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...) - NOT-FOR-US: Invision Board -CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...) - NOT-FOR-US: Microsoft SQL -CAN-2002-1144 - RESERVED -CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...) - NOT-FOR-US: Microsoft Word & Excel -CAN-2002-1136 - RESERVED -CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) - NOT-FOR-US: HP Tru64 -CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...) - NOT-FOR-US: Dino's Webserver -CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...) - {DSA-191} -CAN-2002-1130 - RESERVED -CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) - NOT-FOR-US: HP Tru64 -CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...) - NOT-FOR-US: HP Tru64 -CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) - NOT-FOR-US: HP Tru64 -CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...) - NOT-FOR-US: FreeBSD -CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...) - {DSA-166} -CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) - NOTE: Some SMTP mailscanners can be bypassed by fragmenting - NOTE: messages. - TODO: check Debian mailscanners, if any. -CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) - NOT-FOR-US: Savant Web Server -CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) - {DSA-161} -CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...) - {DSA-153} -CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...) - {DSA-153} -CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) - NOT-FOR-US: Cisco -CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) - NOT-FOR-US: Cisco -CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) - NOT-FOR-US: Cisco -CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...) - NOT-FOR-US: Cisco -CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) - - libesmtp5 0.8.11-1 -CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...) - NOT-FOR-US: Oracle -CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...) - NOT-FOR-US: ezContents -CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) - NOT-FOR-US: ezContents -CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...) - NOT-FOR-US: ezContents -CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...) - NOT-FOR-US: ezContents -CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...) - NOT-FOR-US: ezContents -CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...) - NOT-FOR-US: ezContents -CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...) - NOT-FOR-US: Abyss -CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...) - NOT-FOR-US: Abyss -CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...) - NOT-FOR-US: IPSwitch -CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) - NOT-FOR-US: Pegasus -CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...) - NOT-FOR-US: MERCUR Mailserver -CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...) - NOT-FOR-US: ZyXEL -CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...) - NOT-FOR-US: ZyXEL -CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...) - - phpwiki 1.3.4-1 -CAN-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) - NOT-FOR-US: no_package -CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...) - NOT-FOR-US: no_package -CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) - NOT-FOR-US: no_package -CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) - NOT-FOR-US: no_package -CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) - NOT-FOR-US: no_package -CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) - NOT-FOR-US: no_package -CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...) - NOT-FOR-US: no_package -CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...) - NOT-FOR-US: no_package -CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...) - NOT-FOR-US: no_package -CAN-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...) - NOT-FOR-US: no_package -CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) - NOT-FOR-US: no_package -CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...) - NOT-FOR-US: no_package -CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...) - NOT-FOR-US: no_package -CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) - NOT-FOR-US: no_package -CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...) - NOT-FOR-US: no_package -CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) - NOT-FOR-US: no_package -CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...) - NOT-FOR-US: no_package -CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...) - NOT-FOR-US: no_package -CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...) - NOT-FOR-US: no_package -CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) - NOT-FOR-US: no_package -CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) - NOT-FOR-US: no_package -CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...) - NOT-FOR-US: no_package -CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...) - NOT-FOR-US: no_package -CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) - NOT-FOR-US: no_package -CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...) - NOT-FOR-US: no_package -CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...) - NOT-FOR-US: no_package -CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...) - NOT-FOR-US: no_package -CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...) - NOT-FOR-US: no_package -CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...) - NOT-FOR-US: no_package -CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...) - NOT-FOR-US: no_package -CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...) - NOT-FOR-US: no_package -CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) - NOT-FOR-US: no_package -CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...) - NOT-FOR-US: no_package -CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...) - NOT-FOR-US: no_package -CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) - NOT-FOR-US: no_package -CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...) - NOT-FOR-US: no_package -CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...) - NOT-FOR-US: no_package -CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) - NOT-FOR-US: no_package -CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) - NOT-FOR-US: no_package -CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) - NOT-FOR-US: no_package -CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...) - NOT-FOR-US: no_package -CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...) - NOT-FOR-US: no_package -CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...) - NOT-FOR-US: no_package -CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...) - NOT-FOR-US: no_package -CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...) - NOT-FOR-US: no_package -CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) - NOT-FOR-US: no_package -CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) - NOT-FOR-US: no_package -CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) - NOT-FOR-US: Novell -CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) - NOT-FOR-US: Novell -CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...) - NOT-FOR-US: no_package -CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) - NOT-FOR-US: HP -CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...) - NOT-FOR-US: HP -CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...) - NOT-FOR-US: HP -CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) - {DSA-157} -CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...) - NOT-FOR-US: Microsoft -CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...) - NOT-FOR-US: Microsoft -CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...) - NOT-FOR-US: Microsoft -CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...) - NOT-FOR-US: Microsoft -CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...) - NOT-FOR-US: Microsoft -CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...) - NOT-FOR-US: Microsoft -CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...) - NOT-FOR-US: Microsoft -CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...) - NOT-FOR-US: FreeBSD -CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...) - {DSA-165} -CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...) - NOT-FOR-US: Microsoft Windows specific -CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) - NOT-FOR-US: no_package -CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...) - NOT-FOR-US: no_package -CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...) - NOT-FOR-US: no_package -CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...) - NOT-FOR-US: no_package -CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...) - NOT-FOR-US: no_package -CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...) - NOT-FOR-US: no_package -CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) - NOT-FOR-US: no_package -CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...) - NOT-FOR-US: no_package -CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...) - NOT-FOR-US: YaBB -CAN-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) - NOT-FOR-US: Cisco -CAN-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...) - NOT-FOR-US: no_package -CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) - NOT-FOR-US: no_package -CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...) - NOT-FOR-US: no_package -CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...) - NOT-FOR-US: no_package -CAN-2002-0943 (MetaCart2.sql stores the user database under the web document root ...) - NOT-FOR-US: no_package -CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) - NOT-FOR-US: Microsoft -CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) - NOT-FOR-US: no_package -CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...) - NOT-FOR-US: no_package -CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...) - NOT-FOR-US: JRun -CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) - - tomcat 3.2.3-1 -CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) - NOT-FOR-US: no_package -CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) - NOT-FOR-US: no_package -CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) - NOT-FOR-US: MyHelpDesk -CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...) - NOT-FOR-US: MyHelpDesk -CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...) - NOT-FOR-US: Netware -CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...) - NOT-FOR-US: Netware -CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) - NOT-FOR-US: pirch -CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...) - NOT-FOR-US: webMathematica -CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...) - NOT-FOR-US: mmftpd not in Debian anymore -CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...) - NOT-FOR-US: CGIScript.net not int Debian -CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...) - NOT-FOR-US: Xandros specific -CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) - NOT-FOR-US: Slurp NNTP -CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...) - NOTE: DSA-129 -CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...) - NOT-FOR-US: netstd not in Debian anymore -CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) - NOT-FOR-US: mnews -CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...) - NOT-FOR-US: Cisco -CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...) - NOT-FOR-US: SHOUTcast -CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) - NOT-FOR-US: Informix -CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...) - NOT-FOR-US: wbboard -CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...) - - phpbb2 2.0.6c-1 -CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) - - amanda 2.4.0b6-1 -CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...) - NOT-FOR-US: Falcon -CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) - - swatch 3.0.4-1 -CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...) - NOT-FOR-US: no_package -CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) - NOT-FOR-US: no_package -CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...) - NOT-FOR-US: 3com -CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...) - NOT-FOR-US: Cisco -CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...) - NOT-FOR-US: no_package -CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...) - NOT-FOR-US: no_package -CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...) - NOT-FOR-US: Compaq -CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...) - NOT-FOR-US: Cisco -CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...) - NOT-FOR-US: Cisco -CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...) - NOT-FOR-US: Cisco -CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...) - NOT-FOR-US: CFXImage -CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...) - NOT-FOR-US: LogiSense -CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...) - NOT-FOR-US: Shambala -CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) - NOT-FOR-US: Shambala -CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...) - {DSA-150} -CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...) - NOT-FOR-US: Cisco -CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...) - NOT-FOR-US: IIS -CAN-2002-0868 - RESERVED -CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...) - NOT-FOR-US: Windows -CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) - NOT-FOR-US: Microsoft -CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...) - NOT-FOR-US: Microsoft -CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...) - NOT-FOR-US: Oracle -CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...) - NOT-FOR-US: Oracle -CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...) - {DSA-147} - TODO: check -CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) - NOT-FOR-US: SuSE specific -CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...) - NOT-FOR-US: Cisco -CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...) - NOT-FOR-US: iSCSI -CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...) - {DSA-195 DSA-188 DSA-187} - - apache 1.3.27-0.1 -CAN-2002-0841 - REJECTED -CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...) - {DSA-195 DSA-188 DSA-187} - - apache 1.3.27-0.1 -CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...) - {DSA-182 DSA-179 DSA-176} -CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...) - - wordtrans 1.1pre9 -CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...) - {DSA-162} -CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...) - NOT-FOR-US: Eudora -CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...) - NOT-FOR-US: Internet Explorer -CAN-2002-0828 - REJECTED -CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) - NOT-FOR-US: UnixWare -CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...) - - libnss-ldap 199-1 -CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...) - - ethereal 0.9.4-1woody1 -CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) - - ethereal 0.9.4-1woody1 -CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) - NOT-FOR-US: FreeBSD -CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...) - NOT-FOR-US: artscontrol not suid root -CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...) - - mozilla 2:1.0.0-1 -CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) - NOT-FOR-US: no_package -CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) - NOTE: bugzilla 2.16.0-2.1 -CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...) - NOTE: bugzilla 2.16.0-2.1 -CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...) - NOTE: bugzilla 2.16.0-2.1 -CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...) - NOT-FOR-US: no_package -CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) - NOT-FOR-US: no_package -CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...) - NOT-FOR-US: HP -CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...) - NOT-FOR-US: Solaris -CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...) - NOT-FOR-US: Solaris -CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) - NOT-FOR-US: QNX -CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...) - NOT-FOR-US: Cisco -CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) - NOT-FOR-US: Novell -CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) - NOT-FOR-US: no_package -CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...) - NOT-FOR-US: no_package -CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...) - NOT-FOR-US: no_package -CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) - NOT-FOR-US: Opera -CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...) - NOT-FOR-US: Novell -CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) - NOT-FOR-US: Novell -CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...) - NOT-FOR-US: Novell -CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...) - NOT-FOR-US: Novell -CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...) - NOT-FOR-US: no_package -CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...) - NOT-FOR-US: no_package -CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) - NOT-FOR-US: no_package -CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...) - NOT-FOR-US: no_package -CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...) - - viewcvs 0.9.2-5 -CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...) - NOT-FOR-US: Quake server -CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...) - NOT-FOR-US: Cisco -CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...) - NOT-FOR-US: simpleinit -CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...) - NOT-FOR-US: Phorum -CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...) - NOT-FOR-US: HP -CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...) - - webmin 0.980-1 - - usermin 0.910-1 -CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) - - webmin 0.980-1 - - usermin 0.910-1 -CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...) - NOT-FOR-US: Talentsoft -CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) - NOT-FOR-US: CGIscript.net -CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...) - NOT-FOR-US: CGIscript.net -CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...) - NOT-FOR-US: CGIscript.net -CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...) - NOT-FOR-US: CGIscript.net -CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) - NOT-FOR-US: AIX -CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...) - NOT-FOR-US: AIX -CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) - NOT-FOR-US: AIX -CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...) - NOT-FOR-US: AIX -CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...) - NOT-FOR-US: AIX -CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) - NOT-FOR-US: AIX -CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...) - - slrn 0.9.6.2-9 -CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...) - NOT-FOR-US: PostCalendat -CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) - NOT-FOR-US: only potato was vulnerable -CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...) - NOT-FOR-US: MyGuestbook -CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...) - NOT-FOR-US: vqServer -CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...) - NOT-FOR-US: guestbook -CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...) - {DSA-140} - TODO: check -CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...) - NOT-FOR-US: windows -CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...) - NOT-FOR-US: windows -CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...) - NOT-FOR-US: internet explorer -CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...) - NOT-FOR-US: Microsoft SQL Server -CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...) - - php4 4:4.2.2-1 -CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...) - - squid 2.4.6-2 -CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) - - squid 2.4.6-2 -CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...) - NOT-FOR-US: EASM -CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) - NOT-FOR-US: HP -CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...) - NOT-FOR-US: no_package -CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...) - NOT-FOR-US: no_package -CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...) - NOT-FOR-US: no_package -CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...) - NOT-FOR-US: no_package -CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) - NOT-FOR-US: no_package -CAN-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) - - dhcp3 3.0+3.0.1rc9-1 -CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) - NOT-FOR-US: windows -CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...) - NOT-FOR-US: windows -CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...) - NOT-FOR-US: McAfee -CAN-2002-0689 - RESERVED -CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...) - NOT-FOR-US: no_package -CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...) - - glibc 2.2.5-8 -CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...) - NOT-FOR-US: no_package -CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...) - NOT-FOR-US: no_package -CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...) - NOT-FOR-US: no_package -CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...) - NOT-FOR-US: no_package -CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) - NOT-FOR-US: no_package -CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) - NOT-FOR-US: no_package -CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) - NOT-FOR-US: no_package -CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) - NOT-FOR-US: no_package -CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...) - {DSA-201} -CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) - NOT-FOR-US: ZMerge -CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...) - - apache2 2.0.40 -CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...) - {DSA-140} - TODO: check -CAN-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) - {DSA-136} - TODO: check -CAN-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...) - {DSA-136} - TODO: check -CAN-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) - {DSA-136} - TODO: check -CAN-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...) - {DSA-136} - TODO: check -STOP: this is approximatly the release of woody, so we can stop here -CAN-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...) - - apache2 2.0.40 -CAN-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...) -CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...) -CAN-2002-0646 - REJECTED -CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...) -CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...) -CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...) -CAN-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) -CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) -CAN-2002-0636 - RESERVED -CAN-2002-0635 - RESERVED -CAN-2002-0634 - RESERVED -CAN-2002-0633 - RESERVED -CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) -CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) -CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...) -CAN-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...) -CAN-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...) -CAN-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...) -CAN-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...) -CAN-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) -CAN-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...) -CAN-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...) -CAN-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) -CAN-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...) -CAN-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...) -CAN-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) -CAN-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...) -CAN-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...) -CAN-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...) -CAN-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...) -CAN-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...) -CAN-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...) -CAN-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...) -CAN-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...) -CAN-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...) -CAN-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...) -CAN-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) -CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...) -CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) -CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...) -CAN-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...) -CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) -CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...) -CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...) -CAN-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...) -CAN-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) -CAN-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...) -CAN-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) -CAN-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...) -CAN-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...) -CAN-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) -CAN-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) -CAN-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) -CAN-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...) -CAN-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) -CAN-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) -CAN-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) -CAN-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...) -CAN-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) -CAN-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...) -CAN-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...) -CAN-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...) -CAN-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) -CAN-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...) -CAN-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...) -CAN-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) -CAN-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...) -CAN-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...) -CAN-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) -CAN-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) -CAN-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) -CAN-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...) -CAN-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...) -CAN-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) -CAN-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...) -CAN-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...) -CAN-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...) -CAN-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) -CAN-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...) -CAN-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...) -CAN-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...) -CAN-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...) -CAN-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...) -CAN-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) -CAN-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...) -CAN-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) -CAN-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...) -CAN-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) -CAN-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...) -CAN-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...) -CAN-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...) -CAN-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) -CAN-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) -CAN-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...) -CAN-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...) -CAN-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) -CAN-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...) -CAN-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...) -CAN-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) -CAN-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...) -CAN-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) -CAN-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) -CAN-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...) -CAN-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...) -CAN-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...) -CAN-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...) -CAN-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...) -CAN-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...) -CAN-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...) -CAN-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...) -CAN-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...) -CAN-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...) -CAN-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...) -CAN-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...) -CAN-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...) -CAN-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...) -CAN-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...) -CAN-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) -CAN-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...) -CAN-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...) -CAN-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...) -CAN-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...) -CAN-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...) -CAN-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) -CAN-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...) -CAN-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...) -CAN-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) -CAN-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) -CAN-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) -CAN-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) -CAN-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) -CAN-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...) -CAN-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...) -CAN-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) -CAN-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) -CAN-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) -CAN-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) -CAN-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...) -CAN-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...) -CAN-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...) -CAN-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...) -CAN-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...) -CAN-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) -CAN-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) -CAN-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) -CAN-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...) -CAN-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...) -CAN-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...) -CAN-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...) -CAN-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...) -CAN-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...) -CAN-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...) -CAN-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) -CAN-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) -CAN-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) -CAN-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) -CAN-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) -CAN-2002-0418 (Directory traversal vulnerability in the ...) -CAN-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) -CAN-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...) -CAN-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) -CAN-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) -CAN-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) -CAN-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) -CAN-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) -CAN-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) -CAN-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) -CAN-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...) -CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) -CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) -CAN-2002-0390 - RESERVED -CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...) - {DSA-147} -CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...) -CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...) -CAN-2002-0383 - RESERVED -CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) -CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) -CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) -CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) -CAN-2002-0365 - RESERVED -CAN-2002-0361 - RESERVED -CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...) -CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) -CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) -CAN-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) -CAN-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...) -CAN-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...) -CAN-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...) -CAN-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) -CAN-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...) -CAN-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...) -CAN-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) -CAN-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...) -CAN-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...) -CAN-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...) -CAN-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...) -CAN-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) -CAN-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...) -CAN-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) -CAN-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) -CAN-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) -CAN-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...) -CAN-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...) -CAN-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) -CAN-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...) -CAN-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...) -CAN-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...) -CAN-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) -CAN-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...) -CAN-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...) -CAN-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...) -CAN-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...) -CAN-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...) -CAN-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...) -CAN-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) -CAN-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) -CAN-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) -CAN-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...) -CAN-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) -CAN-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...) -CAN-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) -CAN-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) -CAN-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...) -CAN-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...) -CAN-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...) -CAN-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...) -CAN-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) -CAN-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) -CAN-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) -CAN-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...) -CAN-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...) -CAN-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...) -CAN-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...) -CAN-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...) -CAN-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...) -CAN-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...) -CAN-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...) -CAN-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...) -CAN-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...) -CAN-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) -CAN-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) -CAN-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...) -CAN-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...) -CAN-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...) -CAN-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...) -CAN-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...) -CAN-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...) -CAN-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...) -CAN-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...) -CAN-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...) -CAN-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) -CAN-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) -CAN-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) -CAN-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) -CAN-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) -CAN-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...) -CAN-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...) -CAN-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...) -CAN-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...) -CAN-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) -CAN-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) -CAN-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) -CAN-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...) -CAN-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) -CAN-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...) -CAN-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...) -CAN-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...) -CAN-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) -CAN-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) -CAN-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...) -CAN-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...) -CAN-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...) -CAN-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...) -CAN-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) -CAN-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) -CAN-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) -CAN-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) -CAN-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) -CAN-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) -CAN-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) -CAN-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...) -CAN-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...) -CAN-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...) -CAN-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...) -CAN-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...) -CAN-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) -CAN-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) -CAN-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) -CAN-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) -CAN-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) -CAN-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) -CAN-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...) -CAN-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) -CAN-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...) -CAN-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) -CAN-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) -CAN-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...) -CAN-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...) -CAN-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) -CAN-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) -CAN-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...) -CAN-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...) -CAN-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) -CAN-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) -CAN-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...) -CAN-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) -CAN-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...) -CAN-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...) -CAN-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) -CAN-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) -CAN-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...) -CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...) -CAN-2002-0195 - RESERVED -CAN-2002-0194 - RESERVED -CAN-2002-0192 - REJECTED -CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) -CAN-2002-0182 - RESERVED -CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) -CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) -CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) -CAN-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...) - {DSA-380} -CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) -CAN-2002-0161 - RESERVED -CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) -CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) -CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) -CAN-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...) -CAN-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) -CAN-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...) -CAN-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) -CAN-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) -CAN-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) -CAN-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) -CAN-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) -CAN-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) -CAN-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) -CAN-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) -CAN-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) -CAN-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) -CAN-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) -CAN-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) -CAN-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...) -CAN-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...) -CAN-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...) -CAN-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) -CAN-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) -CAN-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) -CAN-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...) -CAN-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...) -CAN-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...) -CAN-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...) -CAN-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) -CAN-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...) -CAN-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...) -CAN-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...) -CAN-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) -CAN-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...) -CAN-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) -CAN-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) -CAN-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) -CAN-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) -CAN-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) -CAN-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...) -CAN-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...) -CAN-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...) -CAN-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) -CAN-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...) -CAN-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...) -CAN-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) -CAN-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) -CAN-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) -CAN-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) -CAN-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...) -CAN-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) -CAN-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...) -CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...) -CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) -CAN-2002-0035 - RESERVED -CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) -CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) -CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) -CAN-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...) - {DSA-196} -CAN-2002-0019 - RESERVED -CAN-2002-0016 - RESERVED -CAN-2002-0015 - RESERVED -CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...) -CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...) -CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) -CAN-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...) -CAN-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) -CAN-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...) - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - NOTE: discussion at: - NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html - NOTE: listed sarge version contains a fix like the patch from Gentoo - - ncompress 4.2.4-15 -CAN-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...) -CAN-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...) -CAN-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...) -CAN-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...) -CAN-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...) -CAN-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...) -CAN-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...) -CAN-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...) -CAN-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...) -CAN-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...) -CAN-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...) -CAN-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...) -CAN-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...) -CAN-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...) -CAN-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...) -CAN-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...) -CAN-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...) -CAN-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...) -CAN-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...) -CAN-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...) -CAN-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...) -CAN-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...) -CAN-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with ...) -CAN-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...) -CAN-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...) -CAN-2001-1377 (Multiple RADIUS implementations do not properly validate the ...) -CAN-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...) -CAN-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...) -CAN-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...) -CAN-2001-1365 (Vulnerability in IntraGnat before 1.4. ...) -CAN-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...) -CAN-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...) -CAN-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...) -CAN-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...) -CAN-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...) -CAN-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...) -CAN-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...) -CAN-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...) -CAN-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...) -CAN-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...) -CAN-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...) -CAN-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...) -CAN-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...) -CAN-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...) -CAN-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...) -CAN-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...) -CAN-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...) -CAN-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...) -CAN-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...) -CAN-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) -CAN-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...) -CAN-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...) -CAN-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...) -CAN-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...) -CAN-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...) -CAN-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) -CAN-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) -CAN-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...) -CAN-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...) -CAN-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...) -CAN-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...) -CAN-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...) -CAN-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...) -CAN-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...) -CAN-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...) -CAN-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...) -CAN-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...) -CAN-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...) -CAN-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...) -CAN-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...) -CAN-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...) -CAN-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...) -CAN-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...) -CAN-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...) -CAN-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...) -CAN-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...) -CAN-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...) -CAN-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...) -CAN-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...) -CAN-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...) -CAN-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...) -CAN-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...) -CAN-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...) -CAN-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...) -CAN-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...) -CAN-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...) -CAN-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...) -CAN-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...) -CAN-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...) -CAN-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...) -CAN-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...) -CAN-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...) -CAN-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...) -CAN-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...) -CAN-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...) -CAN-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...) -CAN-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...) -CAN-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...) -CAN-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, ...) -CAN-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...) -CAN-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...) -CAN-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...) -CAN-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...) -CAN-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...) -CAN-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...) -CAN-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...) -CAN-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...) -CAN-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...) -CAN-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...) -CAN-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...) -CAN-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...) -CAN-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...) -CAN-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...) -CAN-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...) -CAN-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...) -CAN-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...) -CAN-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...) -CAN-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) -CAN-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) -CAN-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...) -CAN-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...) -CAN-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...) -CAN-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...) -CAN-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...) -CAN-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...) -CAN-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...) -CAN-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...) -CAN-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...) -CAN-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...) -CAN-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...) -CAN-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...) -CAN-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...) -CAN-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...) -CAN-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...) -CAN-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...) -CAN-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...) -CAN-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...) -CAN-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...) -CAN-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...) -CAN-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...) -CAN-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...) -CAN-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...) -CAN-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...) -CAN-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...) -CAN-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...) -CAN-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...) -CAN-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...) -CAN-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...) -CAN-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...) -CAN-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...) -CAN-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...) -CAN-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...) -CAN-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...) -CAN-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...) -CAN-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...) -CAN-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...) -CAN-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...) -CAN-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...) -CAN-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...) -CAN-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...) -CAN-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...) -CAN-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...) -CAN-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...) -CAN-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...) -CAN-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...) -CAN-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...) -CAN-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...) -CAN-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...) -CAN-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...) -CAN-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...) -CAN-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...) -CAN-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...) -CAN-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...) -CAN-2001-1170 (AmTote International homebet program stores the homebet.log file in ...) -CAN-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...) -CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...) -CAN-2001-1167 - REJECTED -CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...) -CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...) -CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...) -CAN-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...) -CAN-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...) -CAN-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...) -CAN-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...) -CAN-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...) -CAN-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...) -CAN-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...) -CAN-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...) -CAN-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...) -CAN-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...) -CAN-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...) -CAN-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...) -CAN-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...) -CAN-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...) -CAN-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...) -CAN-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...) -CAN-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...) -CAN-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...) -CAN-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...) -CAN-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...) -CAN-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...) -CAN-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...) -CAN-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...) -CAN-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...) -CAN-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...) -CAN-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...) -CAN-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...) -CAN-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...) -CAN-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...) -CAN-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...) -CAN-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...) -CAN-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...) -CAN-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...) -CAN-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...) -CAN-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...) -CAN-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...) -CAN-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...) -CAN-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...) -CAN-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...) -CAN-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...) -CAN-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...) -CAN-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...) -CAN-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...) -CAN-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...) -CAN-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...) -CAN-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...) -CAN-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...) -CAN-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...) -CAN-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...) -CAN-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...) -CAN-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...) -CAN-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...) -CAN-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...) -CAN-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...) -CAN-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...) -CAN-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...) -CAN-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...) -CAN-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...) -CAN-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) -CAN-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) -CAN-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...) -CAN-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...) -CAN-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...) -CAN-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...) -CAN-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...) -CAN-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...) -CAN-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...) -CAN-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...) -CAN-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...) -CAN-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...) -CAN-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...) - {DSA-148} -CAN-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...) -CAN-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...) -CAN-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...) -CAN-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...) -CAN-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...) -CAN-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...) -CAN-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...) -CAN-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...) -CAN-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...) -CAN-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...) -CAN-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...) -CAN-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...) -CAN-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...) -CAN-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...) -CAN-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...) -CAN-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...) -CAN-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...) -CAN-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...) -CAN-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...) -CAN-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...) -CAN-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...) -CAN-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...) -CAN-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...) -CAN-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...) -CAN-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...) -CAN-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...) -CAN-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...) -CAN-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...) -CAN-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...) -CAN-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...) -CAN-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...) -CAN-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...) -CAN-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...) -CAN-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...) -CAN-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...) -CAN-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...) -CAN-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...) -CAN-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...) -CAN-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...) -CAN-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...) -CAN-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...) -CAN-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...) -CAN-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...) -CAN-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...) -CAN-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...) -CAN-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...) -CAN-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...) -CAN-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...) -CAN-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...) -CAN-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...) -CAN-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...) -CAN-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...) -CAN-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...) -CAN-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...) -CAN-2001-0944 (DDE in mIRC allows local users to launch applications under another ...) -CAN-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...) -CAN-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...) -CAN-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...) -CAN-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...) -CAN-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...) -CAN-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...) -CAN-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...) -CAN-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...) -CAN-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...) -CAN-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...) -CAN-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...) -CAN-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...) - {DSA-301} -CAN-2001-0927 (Format string vulnerability in the permitted function of GNOME ...) -CAN-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...) -CAN-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...) -CAN-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...) -CAN-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...) -CAN-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...) -CAN-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...) -CAN-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...) -CAN-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...) -CAN-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...) -CAN-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...) -CAN-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...) -CAN-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...) -CAN-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...) -CAN-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...) -CAN-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...) -CAN-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) -CAN-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...) -CAN-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...) -CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...) -CAN-2001-0885 - RESERVED -CAN-2001-0883 - RESERVED -CAN-2001-0882 - RESERVED -CAN-2001-0881 - RESERVED -CAN-2001-0880 - RESERVED -CAN-2001-0878 - RESERVED -CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...) -CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...) -CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...) -CAN-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...) -CAN-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...) -CAN-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...) -CAN-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...) -CAN-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...) -CAN-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...) -CAN-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...) -CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...) -CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...) -CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...) -CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...) -CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...) -CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...) -CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak ...) -CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...) -CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...) -CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...) -CAN-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...) -CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...) -CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...) -CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...) -CAN-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...) -CAN-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...) -CAN-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...) -CAN-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...) -CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...) -CAN-2001-0814 - RESERVED -CAN-2001-0813 - RESERVED -CAN-2001-0812 - RESERVED -CAN-2001-0811 - RESERVED -CAN-2001-0810 - RESERVED -CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...) -CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) -CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) -CAN-2001-0802 - RESERVED -CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) -CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...) -CAN-2001-0798 - RESERVED -CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...) -CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...) -CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...) -CAN-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...) -CAN-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...) -CAN-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) -CAN-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) -CAN-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...) -CAN-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...) -CAN-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) -CAN-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) -CAN-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) -CAN-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...) -CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...) -CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...) -CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...) - {DSA-695-1} - - xli 1.17.0-17 -CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...) -CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...) -CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...) -CAN-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...) -CAN-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...) -CAN-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...) -CAN-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...) -CAN-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...) -CAN-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...) -CAN-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...) -CAN-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...) -CAN-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...) -CAN-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...) -CAN-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...) -CAN-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...) -CAN-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...) -CAN-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...) -CAN-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...) -CAN-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...) -CAN-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...) - - cfingerd 1.4.3-1.1 (bug #104394) - NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates - NOTE: its changes. -CAN-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...) -CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...) -CAN-2001-0725 - RESERVED -CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...) -CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) -CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) -CAN-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...) -CAN-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) -CAN-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) -CAN-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) -CAN-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) -CAN-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...) -CAN-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...) -CAN-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) -CAN-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) -CAN-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...) -CAN-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...) -CAN-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...) -CAN-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...) -CAN-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...) -CAN-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...) -CAN-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...) -CAN-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...) -CAN-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...) -CAN-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...) -CAN-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...) -CAN-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...) -CAN-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...) -CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...) -CAN-2001-0673 - RESERVED -CAN-2001-0672 - RESERVED -CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...) -CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...) -CAN-2001-0661 - RESERVED -CAN-2001-0657 - RESERVED -CAN-2001-0656 - RESERVED -CAN-2001-0655 - RESERVED -CAN-2001-0654 - RESERVED -CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...) -CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...) -CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...) -CAN-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...) -CAN-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...) -CAN-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...) -CAN-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...) -CAN-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...) -CAN-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...) -CAN-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...) -CAN-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...) -CAN-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...) -CAN-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...) -CAN-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...) -CAN-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...) -CAN-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...) -CAN-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...) -CAN-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...) -CAN-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...) -CAN-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...) -CAN-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) -CAN-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) -CAN-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) -CAN-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) -CAN-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) -CAN-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...) -CAN-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...) -CAN-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...) -CAN-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...) -CAN-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...) -CAN-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...) -CAN-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...) -CAN-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...) -CAN-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...) -CAN-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...) -CAN-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...) -CAN-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...) -CAN-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...) -CAN-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...) -CAN-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a ...) -CAN-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...) -CAN-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...) -CAN-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...) -CAN-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...) -CAN-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...) -CAN-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...) -CAN-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...) -CAN-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...) -CAN-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...) -CAN-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...) -CAN-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...) -CAN-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...) -CAN-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...) -CAN-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...) -CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...) -CAN-2001-0539 - RESERVED -CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...) -CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...) -CAN-2001-0532 - RESERVED -CAN-2001-0531 - RESERVED -CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...) -CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...) -CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) -CAN-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) -CAN-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...) -CAN-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...) -CAN-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...) -CAN-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...) -CAN-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...) -CAN-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...) -CAN-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...) -CAN-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...) -CAN-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...) -CAN-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...) -CAN-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...) -CAN-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...) -CAN-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...) -CAN-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...) -CAN-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...) -CAN-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...) -CAN-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...) -CAN-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...) -CAN-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...) -CAN-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...) -CAN-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...) -CAN-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...) -CAN-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...) -CAN-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...) -CAN-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...) -CAN-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...) -CAN-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...) -CAN-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...) -CAN-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...) -CAN-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...) -CAN-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...) -CAN-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...) -CAN-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) -CAN-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) -CAN-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...) -CAN-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...) -CAN-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...) -CAN-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...) -CAN-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...) -CAN-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...) -CAN-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...) -CAN-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...) -CAN-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...) -CAN-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...) -CAN-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...) -CAN-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...) -CAN-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...) -CAN-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...) -CAN-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...) -CAN-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...) -CAN-2001-0418 (content.pl script in NCM Content Management System allows remote ...) -CAN-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...) -CAN-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...) -CAN-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...) -CAN-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...) -CAN-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...) -CAN-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...) -CAN-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...) -CAN-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...) -CAN-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...) -CAN-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...) -CAN-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...) -CAN-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...) -CAN-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...) -CAN-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...) -CAN-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...) -CAN-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...) -CAN-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...) -CAN-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...) -CAN-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...) -CAN-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...) -CAN-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...) -CAN-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...) -CAN-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...) -CAN-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...) -CAN-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...) -CAN-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...) -CAN-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...) -CAN-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...) -CAN-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...) -CAN-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...) -CAN-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...) -CAN-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...) -CAN-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...) -CAN-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...) -CAN-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...) -CAN-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...) -CAN-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...) -CAN-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...) -CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...) -CAN-2001-0343 - RESERVED -CAN-2001-0342 - RESERVED -CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...) -CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) -CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...) -CAN-2001-0328 (TCP implementations that use random increments for initial sequence ...) -CAN-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...) -CAN-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...) -CAN-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...) -CAN-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...) -CAN-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...) -CAN-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...) -CAN-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...) -CAN-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...) -CAN-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...) -CAN-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...) -CAN-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...) -CAN-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...) -CAN-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...) -CAN-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...) -CAN-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...) -CAN-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...) -CAN-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...) -CAN-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...) -CAN-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...) -CAN-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...) -CAN-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...) -CAN-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...) -CAN-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...) -CAN-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...) -CAN-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...) -CAN-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...) -CAN-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...) -CAN-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...) -CAN-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...) -CAN-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...) -CAN-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...) -CAN-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...) -CAN-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...) -CAN-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...) -CAN-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...) -CAN-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...) -CAN-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...) -CAN-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...) -CAN-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...) -CAN-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...) -CAN-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...) -CAN-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...) -CAN-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...) -CAN-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...) -CAN-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...) -CAN-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...) -CAN-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...) -CAN-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...) -CAN-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...) -CAN-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...) -CAN-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) -CAN-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...) -CAN-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...) -CAN-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...) -CAN-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...) -CAN-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...) -CAN-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...) -CAN-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...) -CAN-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...) -CAN-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...) -CAN-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...) -CAN-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...) -CAN-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...) -CAN-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...) -CAN-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...) -CAN-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...) -CAN-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...) -CAN-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...) -CAN-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...) -CAN-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...) -CAN-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...) -CAN-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...) -CAN-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...) -CAN-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...) -CAN-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...) -CAN-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...) -CAN-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...) -CAN-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...) -CAN-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...) -CAN-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...) -CAN-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...) -CAN-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...) -CAN-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...) -CAN-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...) -CAN-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...) -CAN-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...) -CAN-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...) -CAN-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...) -CAN-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) server ...) -CAN-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...) -CAN-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...) -CAN-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...) -CAN-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...) -CAN-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...) -CAN-2001-0159 - RESERVED -CAN-2001-0158 - RESERVED -CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...) -CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...) -CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...) -CAN-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...) -CAN-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...) -CAN-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...) -CAN-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...) - {DSA-195 DSA-188 DSA-187} -CAN-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...) -CAN-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...) -CAN-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...) -CAN-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...) -CAN-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...) -CAN-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...) -CAN-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...) -CAN-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...) -CAN-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...) -CAN-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...) -CAN-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...) -CAN-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...) -CAN-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...) -CAN-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...) -CAN-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...) -CAN-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...) -CAN-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...) -CAN-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...) -CAN-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...) -CAN-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...) -CAN-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...) -CAN-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...) -CAN-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...) -CAN-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...) -CAN-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...) -CAN-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...) -CAN-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...) -CAN-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...) -CAN-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...) -CAN-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...) -CAN-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...) -CAN-2001-0047 (The default permissions for the MTS Package Administration registry ...) -CAN-2001-0046 (The default permissions for the SNMP Parameters registry key in ...) -CAN-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...) -CAN-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...) -CAN-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...) -CAN-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...) -CAN-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...) -CAN-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...) -CAN-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...) -CAN-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...) -CAN-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...) -CAN-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...) -CAN-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...) -CAN-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...) -CAN-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...) -CAN-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...) -CAN-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...) -CAN-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...) -CAN-2000-1209 (The "sa" account is installed with a default null password on (1) ...) -CAN-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...) -CAN-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...) -CAN-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...) -CAN-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...) -CAN-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...) -CAN-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...) -CAN-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...) -CAN-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...) -CAN-2000-1198 (qpopper POP server creates lock files with predictable names, which ...) -CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...) -CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...) -CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...) -CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...) -CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...) -CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...) -CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...) -CAN-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...) -CAN-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...) -CAN-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...) -CAN-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...) -CAN-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...) -CAN-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...) -CAN-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...) -CAN-2000-1161 (The installation of AdCycle banner management system leaves the ...) -CAN-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...) -CAN-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...) -CAN-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...) -CAN-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...) -CAN-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...) -CAN-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) -CAN-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) -CAN-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...) -CAN-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...) -CAN-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...) -CAN-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) -CAN-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) -CAN-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) -CAN-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) -CAN-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...) -CAN-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...) -CAN-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) -CAN-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...) -CAN-2000-1127 (registrar in the HP resource monitor service allows local users to ...) -CAN-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...) -CAN-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...) -CAN-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...) -CAN-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...) -CAN-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...) -CAN-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...) -CAN-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...) -CAN-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) -CAN-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) -CAN-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) -CAN-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) -CAN-2000-1100 (The default configuration for PostACI webmail system installs the ...) -CAN-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...) -CAN-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...) -CAN-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...) -CAN-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...) -CAN-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...) -CAN-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...) -CAN-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...) -CAN-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...) -CAN-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...) -CAN-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...) -CAN-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...) -CAN-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...) -CAN-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...) -CAN-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...) -CAN-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...) -CAN-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...) -CAN-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...) -CAN-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...) -CAN-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...) -CAN-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...) -CAN-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...) -CAN-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...) -CAN-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...) -CAN-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...) -CAN-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...) -CAN-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...) -CAN-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...) -CAN-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...) -CAN-2000-1030 (CS&T CorporateTime for the Web returns different error messages for ...) -CAN-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...) -CAN-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...) -CAN-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...) -CAN-2000-1023 (The Alabanza Control Panel does not require passwords to access ...) -CAN-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...) -CAN-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...) -CAN-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...) -CAN-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...) -CAN-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...) -CAN-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...) -CAN-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...) -CAN-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...) -CAN-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...) -CAN-2000-0998 (Format string vulnerability in top program allows local attackers to ...) -CAN-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...) -CAN-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...) -CAN-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...) -CAN-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...) -CAN-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...) -CAN-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...) -CAN-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...) -CAN-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...) -CAN-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...) -CAN-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...) -CAN-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...) -CAN-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...) -CAN-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...) -CAN-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...) -CAN-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...) -CAN-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...) -CAN-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...) -CAN-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...) -CAN-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...) -CAN-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...) -CAN-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...) -CAN-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...) -CAN-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...) -CAN-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...) -CAN-2000-0889 (Two Sun security certificates have been compromised, which could allow ...) -CAN-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...) -CAN-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...) -CAN-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...) -CAN-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...) -CAN-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...) -CAN-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...) -CAN-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...) -CAN-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...) -CAN-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...) -CAN-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...) -CAN-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...) -CAN-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...) -CAN-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) -CAN-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) -CAN-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...) -CAN-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...) -CAN-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...) -CAN-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...) -CAN-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...) -CAN-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...) -CAN-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...) -CAN-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...) -CAN-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...) -CAN-2000-0812 (The administration module in Sun Java web server allows remote ...) -CAN-2000-0802 (The BAIR program does not properly restrict access to the Internet ...) -CAN-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...) -CAN-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...) -CAN-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...) -CAN-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...) -CAN-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...) -CAN-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...) -CAN-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...) -CAN-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...) -CAN-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...) -CAN-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...) -CAN-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals ...) -CAN-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...) -CAN-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...) -CAN-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...) -CAN-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...) -CAN-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...) -CAN-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...) -CAN-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...) -CAN-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...) -CAN-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) -CAN-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) -CAN-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) -CAN-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) -CAN-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...) -CAN-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...) -CAN-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...) -CAN-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...) -CAN-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...) -CAN-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...) -CAN-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...) -CAN-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...) -CAN-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...) -CAN-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) -CAN-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) -CAN-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...) -CAN-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...) -CAN-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...) -CAN-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...) -CAN-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...) -CAN-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...) - - kdebase 4:2.2.2-14.6 -CAN-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...) -CAN-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...) -CAN-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...) -CAN-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...) -CAN-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) -CAN-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) -CAN-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...) -CAN-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...) -CAN-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) -CAN-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) -CAN-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) -CAN-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) -CAN-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) -CAN-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) -CAN-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) -CAN-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) -CAN-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...) -CAN-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) -CAN-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...) -CAN-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...) -CAN-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...) -CAN-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...) -CAN-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) -CAN-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) -CAN-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...) -CAN-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...) -CAN-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) -CAN-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...) -CAN-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...) -CAN-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...) -CAN-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...) -CAN-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...) -CAN-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...) -CAN-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...) -CAN-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...) -CAN-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...) -CAN-2000-0572 (The Razor configuration management tool uses weak encryption for its ...) -CAN-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...) -CAN-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...) -CAN-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...) -CAN-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...) -CAN-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...) -CAN-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) -CAN-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) -CAN-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...) -CAN-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...) -CAN-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...) -CAN-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...) -CAN-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...) -CAN-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) -CAN-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) -CAN-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...) -CAN-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...) -CAN-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...) -CAN-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...) -CAN-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...) -CAN-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...) -CAN-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...) -CAN-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...) -CAN-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...) -CAN-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...) -CAN-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...) -CAN-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...) -CAN-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...) -CAN-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...) -CAN-2000-0434 (The administrative password for the Allmanage web site administration ...) -CAN-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...) -CAN-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...) -CAN-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...) -CAN-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...) -CAN-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...) -CAN-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) -CAN-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) -CAN-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) -CAN-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) -CAN-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...) -CAN-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...) -CAN-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...) -CAN-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...) -CAN-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...) -CAN-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...) -CAN-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...) -CAN-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...) -CAN-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...) -CAN-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...) -CAN-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...) -CAN-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...) -CAN-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...) -CAN-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...) -CAN-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...) -CAN-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...) -CAN-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...) -CAN-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...) -CAN-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...) -CAN-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...) -CAN-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...) -CAN-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...) -CAN-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...) -CAN-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...) -CAN-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...) -CAN-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...) -CAN-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...) -CAN-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...) -CAN-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...) -CAN-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...) -CAN-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...) -CAN-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...) -CAN-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...) -CAN-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...) -CAN-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...) -CAN-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...) -CAN-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...) -CAN-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...) -CAN-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...) -CAN-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...) -CAN-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...) -CAN-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...) -CAN-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...) -CAN-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...) -CAN-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...) -CAN-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...) -CAN-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...) -CAN-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...) -CAN-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...) -CAN-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...) -CAN-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...) -CAN-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...) -CAN-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...) -CAN-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...) -CAN-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...) -CAN-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...) -CAN-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...) -CAN-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...) -CAN-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) -CAN-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) -CAN-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) -CAN-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) -CAN-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...) -CAN-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...) -CAN-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...) -CAN-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...) -CAN-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...) -CAN-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...) -CAN-2000-0143 (The SSH protocol server sshd allows local users without shell access ...) -CAN-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...) -CAN-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...) -CAN-2000-0137 (The CartIt shopping cart application allows remote users to modify ...) -CAN-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...) -CAN-2000-0135 (The @Retail shopping cart application allows remote users to modify ...) -CAN-2000-0134 (The Check It Out shopping cart application allows remote users to ...) -CAN-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...) -CAN-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...) -CAN-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) -CAN-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) -CAN-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) -CAN-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) -CAN-2000-0123 (The shopping cart application provided with Filemaker allows remote ...) -CAN-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...) -CAN-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...) -CAN-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) -CAN-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) -CAN-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) -CAN-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) -CAN-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...) -CAN-2000-0108 (The Intellivend shopping cart application allows remote users to ...) -CAN-2000-0106 (The EasyCart shopping cart application allows remote users to ...) -CAN-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...) -CAN-2000-0104 (The Shoptron shopping cart application allows remote users to ...) -CAN-2000-0103 (The SmartCart shopping cart application allows remote users to ...) -CAN-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...) -CAN-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...) -CAN-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...) -CAN-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...) -CAN-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...) -CAN-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...) -CAN-2000-0084 (CuteFTP uses weak encryption to store password information in its ...) -CAN-2000-0082 (WebTV email client allows remote attackers to force the client to send ...) -CAN-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...) -CAN-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...) -CAN-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...) -CAN-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...) -CAN-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) -CAN-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) -CAN-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) -CAN-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) -CAN-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...) -CAN-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...) -CAN-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...) -CAN-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...) -CAN-2000-0058 (Network HotSync program in Handspring Visor does not have ...) -CAN-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...) -CAN-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...) -CAN-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...) -CAN-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...) -CAN-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...) -CAN-2000-0038 (glFtpD includes a default glftpd user account with a default password ...) -CAN-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...) -CAN-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...) -CAN-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...) -CAN-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...) -CAN-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...) -CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...) -CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...) -CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...) -CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...) - {DSA-664-1} - - cpio 2.5-1.2 (bug #293379) -CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...) -CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...) -CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...) -CAN-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...) -CAN-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...) -CAN-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...) -CAN-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...) -CAN-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...) -CAN-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...) -CAN-1999-1560 (Vulnerability in a script in Texas A&M University (TAMU) Tiger allows ...) -CAN-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...) -CAN-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...) -CAN-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...) -CAN-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...) -CAN-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...) -CAN-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...) -CAN-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...) -CAN-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...) -CAN-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...) -CAN-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...) -CAN-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...) -CAN-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...) -CAN-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) -CAN-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) -CAN-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) -CAN-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) -CAN-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...) -CAN-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...) -CAN-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) -CAN-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) -CAN-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) -CAN-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...) -CAN-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...) -CAN-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...) -CAN-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...) -CAN-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...) -CAN-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...) -CAN-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...) -CAN-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...) -CAN-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...) -CAN-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...) -CAN-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...) -CAN-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...) -CAN-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...) -CAN-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...) -CAN-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...) -CAN-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...) -CAN-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...) -CAN-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...) -CAN-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...) -CAN-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...) -CAN-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...) -CAN-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...) -CAN-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...) -CAN-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...) -CAN-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...) -CAN-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...) -CAN-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...) -CAN-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...) -CAN-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...) -CAN-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...) -CAN-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...) -CAN-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...) -CAN-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...) -CAN-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...) -CAN-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...) -CAN-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...) -CAN-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...) -CAN-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...) -CAN-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...) -CAN-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...) -CAN-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...) -CAN-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...) -CAN-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...) -CAN-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...) -CAN-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...) -CAN-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...) -CAN-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...) -CAN-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...) -CAN-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...) -CAN-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...) -CAN-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...) -CAN-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...) -CAN-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...) -CAN-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...) -CAN-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...) -CAN-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...) -CAN-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...) -CAN-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...) -CAN-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...) -CAN-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...) -CAN-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...) -CAN-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...) -CAN-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) -CAN-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) -CAN-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) -CAN-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) -CAN-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) -CAN-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) -CAN-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) -CAN-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) -CAN-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) -CAN-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) -CAN-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...) -CAN-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...) -CAN-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...) -CAN-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...) -CAN-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...) -CAN-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...) -CAN-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...) -CAN-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...) -CAN-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...) -CAN-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ...) -CAN-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...) -CAN-1999-1429 (DIT TransferPro installs devices with world-readable and ...) -CAN-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...) -CAN-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...) -CAN-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...) -CAN-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...) -CAN-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...) -CAN-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...) -CAN-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...) -CAN-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...) -CAN-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled ...) -CAN-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...) -CAN-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...) -CAN-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...) -CAN-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...) -CAN-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...) -CAN-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...) -CAN-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...) -CAN-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...) -CAN-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...) -CAN-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...) -CAN-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...) -CAN-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...) -CAN-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option ...) -CAN-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...) -CAN-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...) -CAN-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...) -CAN-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...) -CAN-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...) -CAN-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows ...) -CAN-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...) -CAN-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...) -CAN-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...) -CAN-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...) -CAN-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...) -CAN-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...) -CAN-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...) -CAN-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...) -CAN-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...) -CAN-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...) -CAN-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) -CAN-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) -CAN-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) -CAN-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...) -CAN-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...) -CAN-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) -CAN-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) -CAN-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) -CAN-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) -CAN-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) -CAN-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) -CAN-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) -CAN-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...) -CAN-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...) -CAN-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...) -CAN-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...) -CAN-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...) -CAN-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...) -CAN-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...) -CAN-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...) -CAN-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...) -CAN-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...) -CAN-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...) -CAN-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...) -CAN-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...) -CAN-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...) -CAN-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...) -CAN-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...) -CAN-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...) -CAN-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...) -CAN-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...) -CAN-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...) -CAN-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...) -CAN-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...) -CAN-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...) -CAN-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...) -CAN-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...) -CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...) -CAN-1999-1310 - REJECTED -CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...) -CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...) -CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...) -CAN-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...) -CAN-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...) -CAN-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...) -CAN-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...) -CAN-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...) -CAN-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" ...) -CAN-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...) -CAN-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...) -CAN-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...) -CAN-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) -CAN-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) -CAN-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) -CAN-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) -CAN-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...) -CAN-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...) -CAN-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...) -CAN-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...) -CAN-1999-1281 (Development version of Breeze Network Server allows remote attackers ...) -CAN-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...) -CAN-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...) -CAN-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...) -CAN-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...) -CAN-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...) -CAN-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...) -CAN-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...) -CAN-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...) -CAN-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...) -CAN-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...) -CAN-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...) -CAN-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...) -CAN-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...) -CAN-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...) -CAN-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...) -CAN-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...) -CAN-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...) -CAN-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...) -CAN-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...) -CAN-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...) -CAN-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...) -CAN-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...) -CAN-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...) -CAN-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...) -CAN-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...) -CAN-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...) -CAN-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...) -CAN-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...) -CAN-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...) -CAN-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) -CAN-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) -CAN-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) -CAN-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) -CAN-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...) -CAN-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...) -CAN-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) -CAN-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) -CAN-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) -CAN-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...) -CAN-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...) -CAN-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...) -CAN-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...) -CAN-1999-1228 (Various modems that do not implement a guard time, or are configured ...) -CAN-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...) -CAN-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...) -CAN-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...) -CAN-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...) -CAN-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...) -CAN-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...) -CAN-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...) -CAN-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...) -CAN-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...) -CAN-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...) -CAN-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...) -CAN-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...) -CAN-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...) -CAN-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...) -CAN-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...) -CAN-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...) -CAN-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...) -CAN-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...) -CAN-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...) -CAN-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...) -CAN-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...) -CAN-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...) -CAN-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...) -CAN-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...) -CAN-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...) -CAN-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...) -CAN-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...) -CAN-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...) -CAN-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...) -CAN-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...) -CAN-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...) -CAN-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...) -CAN-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...) -CAN-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...) -CAN-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...) -CAN-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...) -CAN-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...) -CAN-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) -CAN-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) -CAN-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) -CAN-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) -CAN-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...) -CAN-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...) -CAN-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...) -CAN-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...) -CAN-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...) -CAN-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...) -CAN-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...) -CAN-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...) -CAN-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...) -CAN-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...) -CAN-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...) -CAN-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) -CAN-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) -CAN-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) -CAN-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) -CAN-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...) -CAN-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...) -CAN-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...) -CAN-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) -CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) -CAN-1999-1108 - REJECTED -CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) -CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...) -CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) -CAN-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) -CAN-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) -CAN-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) -CAN-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...) -CAN-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...) -CAN-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...) -CAN-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...) -CAN-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...) -CAN-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, ...) -CAN-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...) -CAN-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...) -CAN-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...) -CAN-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...) -CAN-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...) -CAN-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...) -CAN-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...) -CAN-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...) -CAN-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...) -CAN-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...) -CAN-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...) -CAN-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...) -CAN-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...) -CAN-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...) -CAN-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...) -CAN-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...) -CAN-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...) -CAN-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...) -CAN-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...) -CAN-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...) -CAN-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...) -CAN-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...) -CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...) -CAN-1999-1056 - REJECTED -CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...) -CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) -CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) -CAN-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) -CAN-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) -CAN-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...) -CAN-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) -CAN-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) -CAN-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) -CAN-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) -CAN-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...) -CAN-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...) -CAN-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...) -CAN-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) -CAN-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) -CAN-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) -CAN-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) -CAN-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...) -CAN-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...) -CAN-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...) -CAN-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...) -CAN-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...) -CAN-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...) -CAN-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...) -CAN-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...) -CAN-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) -CAN-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) -CAN-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) -CAN-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) -CAN-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...) -CAN-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...) -CAN-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...) -CAN-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...) -CAN-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) -CAN-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) -CAN-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) -CAN-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) -CAN-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...) -CAN-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...) -CAN-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...) -CAN-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...) -CAN-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...) -CAN-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...) -CAN-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...) -CAN-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...) -CAN-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...) -CAN-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...) -CAN-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...) -CAN-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...) -CAN-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...) -CAN-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...) -CAN-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...) -CAN-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) -CAN-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) -CAN-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) -CAN-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) -CAN-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...) -CAN-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...) -CAN-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...) -CAN-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...) -CAN-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...) -CAN-1999-0855 (Buffer overflow in FreeBSD gdc program. ...) -CAN-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...) -CAN-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...) -CAN-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...) -CAN-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...) -CAN-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...) -CAN-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...) -CAN-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...) -CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...) -CAN-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...) -CAN-1999-0829 (HP Secure Web Console uses weak encryption. ...) -CAN-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) -CAN-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) -CAN-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) -CAN-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) -CAN-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...) -CAN-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...) -CAN-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...) -CAN-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...) -CAN-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...) -CAN-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...) -CAN-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...) -CAN-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...) -CAN-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...) -CAN-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...) -CAN-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...) -CAN-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...) -CAN-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...) -CAN-1999-0748 (Buffer overflows in Red Hat net-tools package. ...) -CAN-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) -CAN-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) -CAN-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) -CAN-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) -CAN-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) -CAN-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) -CAN-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) -CAN-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...) -CAN-1999-0677 (The WebRamp web administration utility has a default password. ...) -CAN-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...) -CAN-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...) -CAN-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for ...) -CAN-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...) -CAN-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...) -CAN-1999-0664 (An application-critical Windows NT registry key has inappropriate ...) -CAN-1999-0663 (A system-critical program, library, or file has a checksum or other ...) -CAN-1999-0662 (A system-critical program or library does not have the appropriate ...) -CAN-1999-0661 (A system is running a version of software that was replaced with a ...) -CAN-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...) -CAN-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...) -CAN-1999-0658 (DCOM is running. ...) -CAN-1999-0657 (WinGate is being used. ...) -CAN-1999-0656 (The ugidd service is running. ...) -CAN-1999-0655 (A service may include useful information in its banner or help ...) -CAN-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...) -CAN-1999-0653 (A component service related to NIS+ is running. ...) -CAN-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...) -CAN-1999-0651 (The rsh/rlogin service is running. ...) -CAN-1999-0650 (The netstat service is running. ...) -CAN-1999-0649 (The FSP service is running. ...) -CAN-1999-0648 (The X25 service is running. ...) -CAN-1999-0647 (The bootparam (bootparamd) service is running. ...) -CAN-1999-0646 (The LDAP service is running. ...) -CAN-1999-0645 (The IRC service is running. ...) -CAN-1999-0644 (The NNTP news service is running. ...) -CAN-1999-0643 (The IMAP service is running. ...) -CAN-1999-0642 (A POP service is running. ...) -CAN-1999-0641 (The UUCP service is running. ...) -CAN-1999-0640 (The Gopher service is running. ...) -CAN-1999-0639 (The chargen service is running. ...) -CAN-1999-0638 (The daytime service is running. ...) -CAN-1999-0637 (The systat service is running. ...) -CAN-1999-0636 (The discard service is running. ...) -CAN-1999-0635 (The echo service is running. ...) -CAN-1999-0634 (The SSH service is running. ...) -CAN-1999-0633 (The HTTP/WWW service is running. ...) -CAN-1999-0632 (The RPC portmapper service is running. ...) -CAN-1999-0631 (The NFS service is running. ...) -CAN-1999-0630 (The NT Alerter and Messenger services are running. ...) -CAN-1999-0629 (The ident/identd service is running. ...) -CAN-1999-0625 (The rpc.rquotad service is running. ...) -CAN-1999-0624 (The rstat/rstatd service is running. ...) -CAN-1999-0623 (The X Windows service is running. ...) -CAN-1999-0622 (A component service related to DNS service is running. ...) -CAN-1999-0621 (A component service related to NETBIOS is running. ...) -CAN-1999-0620 (A component service related to NIS is running. ...) -CAN-1999-0619 (The Telnet service is running. ...) -CAN-1999-0618 (The rexec service is running. ...) -CAN-1999-0617 (The SMTP service is running. ...) -CAN-1999-0616 (The TFTP service is running. ...) -CAN-1999-0615 (The SNMP service is running. ...) -CAN-1999-0614 (The FTP service is running. ...) -CAN-1999-0613 (The rpc.sprayd service is running. ...) -CAN-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...) -CAN-1999-0610 (An incorrect configuration of the Webcart CGI program ...) -CAN-1999-0609 (An incorrect configuration of the SoftCart CGI program ...) -CAN-1999-0607 (An incorrect configuration of the QuikStore shopping cart ...) -CAN-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart ...) -CAN-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart ...) -CAN-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...) -CAN-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...) -CAN-1999-0602 (A network intrusion detection system (IDS) does not properly ...) -CAN-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...) -CAN-1999-0600 (A network intrusion detection system (IDS) does not verify the ...) -CAN-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...) -CAN-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...) -CAN-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...) -CAN-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...) -CAN-1999-0595 (A Windows NT system does not clear the system page file during ...) -CAN-1999-0594 (A Windows NT system does not restrict access to removable media drives ...) -CAN-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...) -CAN-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...) -CAN-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...) -CAN-1999-0590 (A system does not present an appropriate legal message or warning to a ...) -CAN-1999-0589 (A system-critical Windows NT registry key has inappropriate ...) -CAN-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...) -CAN-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...) -CAN-1999-0586 (A network service is running on a nonstandard port. ...) -CAN-1999-0585 (A Windows NT administrator account has the default name of ...) -CAN-1999-0584 (A Windows NT file system is not NTFS. ...) -CAN-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...) -CAN-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...) -CAN-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...) -CAN-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...) -CAN-1999-0579 (A Windows NT system's registry audit policy does not log an event ...) -CAN-1999-0578 (A Windows NT system's registry audit policy does not log an event ...) -CAN-1999-0577 (A Windows NT system's file audit policy does not log an event success ...) -CAN-1999-0576 (A Windows NT system's file audit policy does not log an event success ...) -CAN-1999-0575 (A Windows NT system's user audit policy does not log an event success ...) -CAN-1999-0572 (.reg files are associated with the Windows NT registry editor ...) -CAN-1999-0571 (A router's configuration service or management interface (such as a ...) -CAN-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...) -CAN-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...) -CAN-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...) -CAN-1999-0565 (A Sendmail alias allows input to be piped to a program. ...) -CAN-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...) -CAN-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) -CAN-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) -CAN-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) -CAN-1999-0559 (A system-critical Unix file or directory has inappropriate ...) - - webmin 1.160-1 -CAN-1999-0556 (Two or more Unix accounts have the same UID. ...) -CAN-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root ...) -CAN-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...) -CAN-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...) -CAN-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...) -CAN-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...) -CAN-1999-0547 (An SSH server allows authentication through the .rhosts file. ...) -CAN-1999-0546 (The Windows NT guest account is enabled. ...) -CAN-1999-0541 (A password for accessing a WWW URL is guessable. ...) -CAN-1999-0539 (A trust relationship exists between two Unix hosts. ...) -CAN-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) -CAN-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) -CAN-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) -CAN-1999-0533 (A DNS server allows inverse queries. ...) -CAN-1999-0532 (A DNS server allows zone transfers. ...) -CAN-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...) -CAN-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...) -CAN-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...) -CAN-1999-0528 (A router or firewall forwards external packets that claim to come from ...) -CAN-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...) -CAN-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) -CAN-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...) -CAN-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) -CAN-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...) -CAN-1999-0521 (An NIS domain name is easily guessable. ...) -CAN-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...) -CAN-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...) -CAN-1999-0518 (A NETBIOS/SMB share password is guessable. ...) -CAN-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...) -CAN-1999-0516 (An SNMP community name is guessable. ...) -CAN-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...) -CAN-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...) -CAN-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...) -CAN-1999-0510 (A router or firewall allows source routed packets from arbitrary ...) -CAN-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...) -CAN-1999-0508 (An account on a router, firewall, or other network device has a ...) -CAN-1999-0507 (An account on a router, firewall, or other network device has a guessable ...) -CAN-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...) -CAN-1999-0505 (A Windows NT domain user or administrator account has a guessable ...) -CAN-1999-0504 (A Windows NT local user or administrator account has a default, null, ...) -CAN-1999-0503 (A Windows NT local user or administrator account has a guessable ...) -CAN-1999-0502 (A Unix account has a default, null, blank, or missing password. ...) -CAN-1999-0501 (A Unix account has a guessable password. ...) -CAN-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...) -CAN-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...) -CAN-1999-0497 (Anonymous FTP is enabled. ...) -CAN-1999-0495 (A remote attacker can gain access to a file system using .. (dot dot) ...) -CAN-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) -CAN-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) -CAN-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) -CAN-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) -CAN-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) -CAN-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) -CAN-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...) -CAN-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...) -CAN-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...) -CAN-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...) -CAN-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...) -CAN-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...) -CAN-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...) -CAN-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...) -CAN-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...) -CAN-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...) -CAN-1999-0454 (A remote attacker can sometimes identify the operating system of a ...) -CAN-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...) -CAN-1999-0452 (A service or application has a backdoor password that was placed there ...) -CAN-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...) -CAN-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...) -CAN-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...) -CAN-1999-0443 (Patrol management software allows a remote attacker to conduct a ...) -CAN-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...) -CAN-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...) -CAN-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...) -CAN-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...) -CAN-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...) -CAN-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...) -CAN-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...) -CAN-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...) -CAN-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...) -CAN-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...) -CAN-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...) -CAN-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...) -CAN-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...) -CAN-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...) -CAN-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...) -CAN-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...) -CAN-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...) -CAN-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...) -CAN-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...) -CAN-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...) -CAN-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...) -CAN-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...) -CAN-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...) -CAN-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...) -CAN-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...) -CAN-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...) -CAN-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...) -CAN-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...) -CAN-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...) -CAN-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...) -CAN-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...) -CAN-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...) -CAN-1999-0317 (Buffer overflow in Linux su command gives root access to local ...) -CAN-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...) -CAN-1999-0306 (buffer overflow in HP xlock program. ...) -CAN-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...) -CAN-1999-0287 (Vulnerability in the Wguest CGI program. ...) -CAN-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...) -CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...) -CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...) -CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...) -CAN-1999-0282 - REJECTED -CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...) -CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...) -CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...) -CAN-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...) -CAN-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...) -CAN-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...) -CAN-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...) -CAN-1999-0250 (Denial of service in Qmail through long SMTP commands. ...) -CAN-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...) -CAN-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...) -CAN-1999-0243 (Linux cfingerd could be exploited to gain root access. ...) -CAN-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...) -CAN-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...) -CAN-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...) -CAN-1999-0238 (php.cgi allows attackers to read any file on the system. ...) -CAN-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...) -CAN-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...) -CAN-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...) -CAN-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...) -CAN-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...) -CAN-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...) -CAN-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...) -CAN-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...) -CAN-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...) -CAN-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...) -CAN-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...) -CAN-1999-0198 (finger .@host on some systems may print information on some user accounts. ...) -CAN-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...) -CAN-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...) -CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...) -CAN-1999-0187 - REJECTED -CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...) -CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...) -CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...) -CAN-1999-0165 (NFS cache poisoning. ...) -CAN-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...) -CAN-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...) -CAN-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...) -CAN-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...) -CAN-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...) -CAN-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...) -CAN-1999-0123 (Race condition in Linux mailx command allows local users to ...) -CAN-1999-0121 (Buffer overflow in dtaction command gives root access. ...) -CAN-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...) -CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...) -CAN-1999-0110 - REJECTED -CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...) -CAN-1999-0106 (Finger redirection allows finger bombs. ...) -CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...) -CAN-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...) -CAN-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...) -CAN-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...) -CAN-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...) -CAN-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...) -CAN-1999-0086 (AIX routed allows remote users to modify sensitive files. ...) -CAN-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...) -CAN-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...) -CAN-1999-0061 (File creation and deletion, and remote execution, in the BSD ...) -CAN-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...) -CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...) -CAN-1999-0020 - REJECTED -CAN-1999-0015 (Teardrop IP denial of service. ...) -CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...) -CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...) diff --git a/data/CVE/1999.list b/data/CVE/1999.list new file mode 100644 index 0000000000..4f6e78d44e --- /dev/null +++ b/data/CVE/1999.list @@ -0,0 +1,2983 @@ +CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports] + - gnumach <unfixed> (bug #46709) + NOTE: Nearly six years old :-) +CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...) + NOT-FOR-US: SunOS +CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...) + NOT-FOR-US: Solaris +CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...) + NOT-FOR-US: SunOS +CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...) + NOT-FOR-US: AIX +CVE-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...) + NOT-FOR-US: Cisco PIX +CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...) + NOT-FOR-US: Windows +CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...) + NOT-FOR-US: Sun's sendmail +CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...) + NOT-FOR-US: Windows +CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...) + NOT-FOR-US: Windows +CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...) + NOT-FOR-US: Windows +CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...) + NOT-FOR-US: Acrobat Reader +CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...) + NOT-FOR-US: Kodak/Wang tools for IE +CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...) + NOT-FOR-US: AIX +CVE-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) ...) + NOT-FOR-US: HP-UX +CVE-2002-0379 +CVE-2002-0377 +CVE-2002-0376 +CVE-2002-0374 +CVE-2002-0373 +CVE-2002-0372 +CVE-2002-0369 +CVE-2002-0368 +CVE-2002-0367 +CVE-2002-0366 +CVE-2002-0364 +CVE-2002-0363 +CVE-2002-0362 +CVE-2002-0359 +CVE-2002-0358 +CVE-2002-0357 +CVE-2002-0356 +CVE-2002-0355 +CVE-2002-0339 +CVE-2002-0330 +CVE-2002-0329 +CVE-2002-0318 +CVE-2002-0313 +CVE-2002-0309 +CVE-2002-0302 +CVE-2002-0300 +CVE-2002-0299 +CVE-2002-0292 +CVE-2002-0290 +CVE-2002-0287 +CVE-2002-0276 +CVE-2002-0275 +CVE-2002-0274 +CVE-2002-0267 +CVE-2002-0265 +CVE-2002-0251 +CVE-2002-0250 +CVE-2002-0246 +CVE-2002-0241 +CVE-2002-0237 +CVE-2002-0226 +CVE-2002-0213 +CVE-2002-0211 +CVE-2002-0209 +CVE-2002-0207 +CVE-2002-0197 +CVE-2002-0196 +CVE-2002-0193 +CVE-2002-0191 +CVE-2002-0190 +CVE-2002-0188 +CVE-2002-0187 +CVE-2002-0186 +CVE-2002-0185 +CVE-2002-0184 +CVE-2002-0181 +CVE-2002-0179 +CVE-2002-0178 +CVE-2002-0176 +CVE-2002-0175 +CVE-2002-0174 +CVE-2002-0173 +CVE-2002-0172 +CVE-2002-0171 +CVE-2002-0170 +CVE-2002-0169 +CVE-2002-0168 +CVE-2002-0167 +CVE-2002-0166 +CVE-2002-0163 +CVE-2002-0160 +CVE-2002-0159 +CVE-2002-0158 +CVE-2002-0157 +CVE-2002-0155 +CVE-2002-0153 +CVE-2002-0152 +CVE-2002-0151 +CVE-2002-0150 +CVE-2002-0149 +CVE-2002-0148 +CVE-2002-0147 +CVE-2002-0146 +CVE-2002-0143 +CVE-2002-0139 +CVE-2002-0128 +CVE-2002-0123 +CVE-2002-0121 +CVE-2002-0120 +CVE-2002-0117 +CVE-2002-0115 +CVE-2002-0111 +CVE-2002-0107 +CVE-2002-0098 +CVE-2002-0097 +CVE-2002-0096 +CVE-2002-0095 +CVE-2002-0094 +CVE-2002-0092 +CVE-2002-0090 +CVE-2002-0083 +CVE-2002-0082 +CVE-2002-0081 +CVE-2002-0080 +CVE-2002-0079 +CVE-2002-0078 +CVE-2002-0076 +CVE-2002-0075 +CVE-2002-0074 +CVE-2002-0073 +CVE-2002-0072 +CVE-2002-0071 +CVE-2002-0070 +CVE-2002-0069 +CVE-2002-0068 +CVE-2002-0067 +CVE-2002-0066 +CVE-2002-0065 +CVE-2002-0064 +CVE-2002-0063 +CVE-2002-0062 +CVE-2002-0061 +CVE-2002-0060 +CVE-2002-0059 +CVE-2002-0057 +CVE-2002-0055 +CVE-2002-0054 +CVE-2002-0052 +CVE-2002-0051 +CVE-2002-0050 +CVE-2002-0049 +CVE-2002-0047 +CVE-2002-0046 +CVE-2002-0045 +CVE-2002-0044 +CVE-2002-0043 +CVE-2002-0042 +CVE-2002-0040 +CVE-2002-0038 +CVE-2002-0036 +CVE-2002-0033 +CVE-2002-0032 +CVE-2002-0028 +CVE-2002-0027 +CVE-2002-0026 +CVE-2002-0025 +CVE-2002-0024 +CVE-2002-0023 +CVE-2002-0022 +CVE-2002-0021 +CVE-2002-0020 +CVE-2002-0018 +CVE-2002-0017 +CVE-2002-0014 +CVE-2002-0011 +CVE-2002-0009 +CVE-2002-0007 +CVE-2002-0006 +CVE-2002-0005 +CVE-2002-0004 +CVE-2002-0003 +CVE-2002-0002 +CVE-2001-1407 +CVE-2001-1406 +CVE-2001-1391 +CVE-2001-1386 +CVE-2001-1385 +CVE-2001-1383 +CVE-2001-1382 +CVE-2001-1380 +CVE-2001-1378 +CVE-2001-1375 +CVE-2001-1374 +CVE-2001-1373 +CVE-2001-1372 +CVE-2001-1371 +CVE-2001-1370 +CVE-2001-1369 +CVE-2001-1367 +CVE-2001-1359 +CVE-2001-1352 +CVE-2001-1351 +CVE-2001-1350 +CVE-2001-1349 +CVE-2001-1347 +CVE-2001-1345 +CVE-2001-1342 +CVE-2001-1334 +CVE-2001-1328 +CVE-2001-1327 +CVE-2001-1322 +CVE-2001-1303 +CVE-2001-1302 +CVE-2001-1301 +CVE-2001-1299 +CVE-2001-1297 +CVE-2001-1296 +CVE-2001-1295 +CVE-2001-1291 +CVE-2001-1279 +CVE-2001-1277 +CVE-2001-1276 +CVE-2001-1267 +CVE-2001-1266 +CVE-2001-1252 +CVE-2001-1251 +CVE-2001-1247 +CVE-2001-1246 +CVE-2001-1240 +CVE-2001-1237 +CVE-2001-1236 +CVE-2001-1235 +CVE-2001-1234 +CVE-2001-1231 +CVE-2001-1227 +CVE-2001-1215 +CVE-2001-1203 +CVE-2001-1201 +CVE-2001-1200 +CVE-2001-1199 +CVE-2001-1193 +CVE-2001-1186 +CVE-2001-1185 +CVE-2001-1183 +CVE-2001-1180 +CVE-2001-1177 +CVE-2001-1176 +CVE-2001-1175 +CVE-2001-1174 +CVE-2001-1172 +CVE-2001-1166 +CVE-2001-1162 +CVE-2001-1161 +CVE-2001-1160 +CVE-2001-1158 +CVE-2001-1155 +CVE-2001-1153 +CVE-2001-1149 +CVE-2001-1147 +CVE-2001-1146 +CVE-2001-1145 +CVE-2001-1144 +CVE-2001-1141 +CVE-2001-1132 +CVE-2001-1130 +CVE-2001-1121 +CVE-2001-1119 +CVE-2001-1118 +CVE-2001-1117 +CVE-2001-1116 +CVE-2001-1113 +CVE-2001-1108 +CVE-2001-1106 +CVE-2001-1103 +CVE-2001-1100 +CVE-2001-1099 +CVE-2001-1098 +CVE-2001-1096 +CVE-2001-1095 +CVE-2001-1089 +CVE-2001-1088 +CVE-2001-1085 +CVE-2001-1084 +CVE-2001-1083 +CVE-2001-1081 +CVE-2001-1080 +CVE-2001-1079 +CVE-2001-1075 +CVE-2001-1074 +CVE-2001-1072 +CVE-2001-1071 +CVE-2001-1069 +CVE-2001-1067 +CVE-2001-1066 +CVE-2001-1063 +CVE-2001-1062 +CVE-2001-1059 +CVE-2001-1056 +CVE-2001-1055 +CVE-2001-1054 +CVE-2001-1053 +CVE-2001-1049 +CVE-2001-1048 +CVE-2001-1046 +CVE-2001-1043 +CVE-2001-1038 +CVE-2001-1037 +CVE-2001-1036 +CVE-2001-1035 +CVE-2001-1032 +CVE-2001-1030 +CVE-2001-1029 +CVE-2001-1028 +CVE-2001-1027 +CVE-2001-1022 +CVE-2001-1020 +CVE-2001-1017 +CVE-2001-1016 +CVE-2001-1011 +CVE-2001-1010 +CVE-2001-1008 +CVE-2001-1002 +CVE-2001-0998 +CVE-2001-0995 +CVE-2001-0993 +CVE-2001-0987 +CVE-2001-0982 +CVE-2001-0981 +CVE-2001-0980 +CVE-2001-0978 +CVE-2001-0977 +CVE-2001-0973 +CVE-2001-0969 +CVE-2001-0965 +CVE-2001-0963 +CVE-2001-0962 +CVE-2001-0961 +CVE-2001-0960 +CVE-2001-0959 +CVE-2001-0954 +CVE-2001-0951 +CVE-2001-0946 +CVE-2001-0940 +CVE-2001-0939 +CVE-2001-0936 +CVE-2001-0929 +CVE-2001-0921 +CVE-2001-0920 +CVE-2001-0918 +CVE-2001-0917 +CVE-2001-0914 +CVE-2001-0912 +CVE-2001-0909 +CVE-2001-0907 +CVE-2001-0906 +CVE-2001-0905 +CVE-2001-0902 +CVE-2001-0901 +CVE-2001-0900 +CVE-2001-0899 +CVE-2001-0896 +CVE-2001-0895 +CVE-2001-0894 +CVE-2001-0891 +CVE-2001-0889 +CVE-2001-0888 +CVE-2001-0887 +CVE-2001-0886 +CVE-2001-0884 +CVE-2001-0879 +CVE-2001-0877 +CVE-2001-0876 +CVE-2001-0875 +CVE-2001-0874 +CVE-2001-0873 +CVE-2001-0872 +CVE-2001-0869 +CVE-2001-0867 +CVE-2001-0866 +CVE-2001-0865 +CVE-2001-0864 +CVE-2001-0863 +CVE-2001-0862 +CVE-2001-0861 +CVE-2001-0860 +CVE-2001-0859 +CVE-2001-0857 +CVE-2001-0852 +CVE-2001-0851 +CVE-2001-0850 +CVE-2001-0846 +CVE-2001-0843 +CVE-2001-0837 +CVE-2001-0836 +CVE-2001-0834 +CVE-2001-0833 +CVE-2001-0830 +CVE-2001-0828 +CVE-2001-0825 +CVE-2001-0823 +CVE-2001-0822 +CVE-2001-0819 +CVE-2001-0816 +CVE-2001-0815 +CVE-2001-0806 +CVE-2001-0805 +CVE-2001-0804 +CVE-2001-0803 +CVE-2001-0801 +CVE-2001-0797 +CVE-2001-0796 +CVE-2001-0792 +CVE-2001-0787 +CVE-2001-0784 +CVE-2001-0779 +CVE-2001-0774 +CVE-2001-0773 +CVE-2001-0770 +CVE-2001-0769 +CVE-2001-0765 +CVE-2001-0764 +CVE-2001-0763 +CVE-2001-0760 +CVE-2001-0757 +CVE-2001-0754 +CVE-2001-0752 +CVE-2001-0751 +CVE-2001-0750 +CVE-2001-0749 +CVE-2001-0748 +CVE-2001-0745 +CVE-2001-0741 +CVE-2001-0740 +CVE-2001-0739 +CVE-2001-0738 +CVE-2001-0733 +CVE-2001-0731 +CVE-2001-0730 +CVE-2001-0728 +CVE-2001-0727 +CVE-2001-0726 +CVE-2001-0724 +CVE-2001-0723 +CVE-2001-0722 +CVE-2001-0720 +CVE-2001-0719 +CVE-2001-0718 +CVE-2001-0717 +CVE-2001-0716 +CVE-2001-0710 +CVE-2001-0706 +CVE-2001-0701 +CVE-2001-0700 +CVE-2001-0699 +CVE-2001-0698 +CVE-2001-0697 +CVE-2001-0696 +CVE-2001-0692 +CVE-2001-0690 +CVE-2001-0686 +CVE-2001-0685 +CVE-2001-0682 +CVE-2001-0680 +CVE-2001-0677 +CVE-2001-0676 +CVE-2001-0675 +CVE-2001-0670 +CVE-2001-0668 +CVE-2001-0667 +CVE-2001-0666 +CVE-2001-0665 +CVE-2001-0664 +CVE-2001-0663 +CVE-2001-0662 +CVE-2001-0660 +CVE-2001-0659 +CVE-2001-0658 +CVE-2001-0653 +CVE-2001-0652 +CVE-2001-0650 +CVE-2001-0648 +CVE-2001-0646 +CVE-2001-0644 +CVE-2001-0643 +CVE-2001-0641 +CVE-2001-0635 +CVE-2001-0634 +CVE-2001-0631 +CVE-2001-0630 +CVE-2001-0629 +CVE-2001-0628 +CVE-2001-0627 +CVE-2001-0626 +CVE-2001-0625 +CVE-2001-0622 +CVE-2001-0621 +CVE-2001-0616 +CVE-2001-0615 +CVE-2001-0613 +CVE-2001-0612 +CVE-2001-0611 +CVE-2001-0596 +CVE-2001-0595 +CVE-2001-0594 +CVE-2001-0593 +CVE-2001-0591 +CVE-2001-0590 +CVE-2001-0589 +CVE-2001-0586 +CVE-2001-0585 +CVE-2001-0574 +CVE-2001-0573 +CVE-2001-0567 +CVE-2001-0565 +CVE-2001-0564 +CVE-2001-0563 +CVE-2001-0560 +CVE-2001-0559 +CVE-2001-0558 +CVE-2001-0554 +CVE-2001-0553 +CVE-2001-0550 +CVE-2001-0549 +CVE-2001-0548 +CVE-2001-0547 +CVE-2001-0546 +CVE-2001-0545 +CVE-2001-0544 +CVE-2001-0543 +CVE-2001-0541 +CVE-2001-0540 +CVE-2001-0538 +CVE-2001-0537 +CVE-2001-0533 +CVE-2001-0530 +CVE-2001-0529 +CVE-2001-0528 +CVE-2001-0527 +CVE-2001-0526 +CVE-2001-0525 +CVE-2001-0522 +CVE-2001-0518 +CVE-2001-0517 +CVE-2001-0514 +CVE-2001-0513 +CVE-2001-0508 +CVE-2001-0507 +CVE-2001-0506 +CVE-2001-0504 +CVE-2001-0503 +CVE-2001-0502 +CVE-2001-0501 +CVE-2001-0500 +CVE-2001-0497 +CVE-2001-0495 +CVE-2001-0494 +CVE-2001-0493 +CVE-2001-0489 +CVE-2001-0488 +CVE-2001-0487 +CVE-2001-0486 +CVE-2001-0485 +CVE-2001-0482 +CVE-2001-0481 +CVE-2001-0475 +CVE-2001-0474 +CVE-2001-0473 +CVE-2001-0469 +CVE-2001-0467 +CVE-2001-0465 +CVE-2001-0463 +CVE-2001-0462 +CVE-2001-0461 +CVE-2001-0457 +CVE-2001-0456 +CVE-2001-0455 +CVE-2001-0449 +CVE-2001-0444 +CVE-2001-0442 +CVE-2001-0440 +CVE-2001-0439 +CVE-2001-0434 +CVE-2001-0430 +CVE-2001-0429 +CVE-2001-0428 +CVE-2001-0427 +CVE-2001-0423 +CVE-2001-0422 +CVE-2001-0416 +CVE-2001-0414 +CVE-2001-0413 +CVE-2001-0412 +CVE-2001-0409 +CVE-2001-0408 +CVE-2001-0407 +CVE-2001-0405 +CVE-2001-0402 +CVE-2001-0394 +CVE-2001-0388 +CVE-2001-0387 +CVE-2001-0386 +CVE-2001-0383 +CVE-2001-0379 +CVE-2001-0378 +CVE-2001-0377 +CVE-2001-0375 +CVE-2001-0373 +CVE-2001-0371 +CVE-2001-0368 +CVE-2001-0366 +CVE-2001-0365 +CVE-2001-0364 +CVE-2001-0361 +CVE-2001-0353 +CVE-2001-0351 +CVE-2001-0348 +CVE-2001-0347 +CVE-2001-0346 +CVE-2001-0345 +CVE-2001-0344 +CVE-2001-0341 +CVE-2001-0340 +CVE-2001-0339 +CVE-2001-0338 +CVE-2001-0336 +CVE-2001-0335 +CVE-2001-0334 +CVE-2001-0333 +CVE-2001-0331 +CVE-2001-0330 +CVE-2001-0327 +CVE-2001-0326 +CVE-2001-0321 +CVE-2001-0319 +CVE-2001-0318 +CVE-2001-0317 +CVE-2001-0316 +CVE-2001-0311 +CVE-2001-0310 +CVE-2001-0309 +CVE-2001-0301 +CVE-2001-0299 +CVE-2001-0295 +CVE-2001-0290 +CVE-2001-0289 +CVE-2001-0288 +CVE-2001-0287 +CVE-2001-0284 +CVE-2001-0280 +CVE-2001-0279 +CVE-2001-0278 +CVE-2001-0276 +CVE-2001-0274 +CVE-2001-0269 +CVE-2001-0268 +CVE-2001-0267 +CVE-2001-0266 +CVE-2001-0265 +CVE-2001-0260 +CVE-2001-0259 +CVE-2001-0252 +CVE-2001-0245 +CVE-2001-0244 +CVE-2001-0243 +CVE-2001-0241 +CVE-2001-0240 +CVE-2001-0239 +CVE-2001-0238 +CVE-2001-0237 +CVE-2001-0236 +CVE-2001-0235 +CVE-2001-0234 +CVE-2001-0233 +CVE-2001-0230 +CVE-2001-0222 +CVE-2001-0221 +CVE-2001-0219 +CVE-2001-0218 +CVE-2001-0215 +CVE-2001-0207 +CVE-2001-0204 +CVE-2001-0203 +CVE-2001-0197 +CVE-2001-0196 +CVE-2001-0195 +CVE-2001-0194 +CVE-2001-0193 +CVE-2001-0191 +CVE-2001-0190 +CVE-2001-0189 +CVE-2001-0187 +CVE-2001-0185 +CVE-2001-0183 +CVE-2001-0182 +CVE-2001-0179 +CVE-2001-0178 +CVE-2001-0176 +CVE-2001-0175 +CVE-2001-0174 +CVE-2001-0170 +CVE-2001-0169 +CVE-2001-0166 +CVE-2001-0165 +CVE-2001-0164 +CVE-2001-0157 +CVE-2001-0156 +CVE-2001-0155 +CVE-2001-0154 +CVE-2001-0153 +CVE-2001-0152 +CVE-2001-0151 +CVE-2001-0150 +CVE-2001-0149 +CVE-2001-0148 +CVE-2001-0147 +CVE-2001-0144 +CVE-2001-0143 +CVE-2001-0142 +CVE-2001-0141 +CVE-2001-0140 +CVE-2001-0139 +CVE-2001-0138 +CVE-2001-0137 +CVE-2001-0136 +CVE-2001-0130 +CVE-2001-0129 +CVE-2001-0128 +CVE-2001-0126 +CVE-2001-0125 +CVE-2001-0124 +CVE-2001-0123 +CVE-2001-0122 +CVE-2001-0121 +CVE-2001-0120 +CVE-2001-0119 +CVE-2001-0118 +CVE-2001-0117 +CVE-2001-0116 +CVE-2001-0115 +CVE-2001-0111 +CVE-2001-0110 +CVE-2001-0109 +CVE-2001-0108 +CVE-2001-0106 +CVE-2001-0105 +CVE-2001-0100 +CVE-2001-0099 +CVE-2001-0096 +CVE-2001-0095 +CVE-2001-0094 +CVE-2001-0092 +CVE-2001-0091 +CVE-2001-0090 +CVE-2001-0089 +CVE-2001-0085 +CVE-2001-0083 +CVE-2001-0081 +CVE-2001-0080 +CVE-2001-0078 +CVE-2001-0077 +CVE-2001-0072 +CVE-2001-0071 +CVE-2001-0069 +CVE-2001-0066 +CVE-2001-0063 +CVE-2001-0062 +CVE-2001-0061 +CVE-2001-0060 +CVE-2001-0059 +CVE-2001-0058 +CVE-2001-0057 +CVE-2001-0056 +CVE-2001-0055 +CVE-2001-0054 +CVE-2001-0053 +CVE-2001-0050 +CVE-2001-0043 +CVE-2001-0042 +CVE-2001-0041 +CVE-2001-0040 +CVE-2001-0039 +CVE-2001-0036 +CVE-2001-0035 +CVE-2001-0034 +CVE-2001-0033 +CVE-2001-0028 +CVE-2001-0026 +CVE-2001-0021 +CVE-2001-0020 +CVE-2001-0018 +CVE-2001-0017 +CVE-2001-0016 +CVE-2001-0015 +CVE-2001-0014 +CVE-2001-0013 +CVE-2001-0012 +CVE-2001-0011 +CVE-2001-0010 +CVE-2001-0009 +CVE-2001-0008 +CVE-2001-0007 +CVE-2001-0006 +CVE-2001-0005 +CVE-2001-0004 +CVE-2001-0003 +CVE-2001-0002 +CVE-2001-0001 +CVE-2000-1212 +CVE-2000-1211 +CVE-2000-1210 +CVE-2000-1203 +CVE-2000-1200 +CVE-2000-1196 +CVE-2000-1195 +CVE-2000-1193 +CVE-2000-1190 +CVE-2000-1189 +CVE-2000-1187 +CVE-2000-1184 +CVE-2000-1182 +CVE-2000-1181 +CVE-2000-1180 +CVE-2000-1179 +CVE-2000-1178 +CVE-2000-1174 +CVE-2000-1171 +CVE-2000-1170 +CVE-2000-1169 +CVE-2000-1167 +CVE-2000-1166 +CVE-2000-1165 +CVE-2000-1164 +CVE-2000-1163 +CVE-2000-1162 +CVE-2000-1149 +CVE-2000-1148 +CVE-2000-1146 +CVE-2000-1145 +CVE-2000-1144 +CVE-2000-1143 +CVE-2000-1142 +CVE-2000-1141 +CVE-2000-1140 +CVE-2000-1139 +CVE-2000-1137 +CVE-2000-1136 +CVE-2000-1135 +CVE-2000-1132 +CVE-2000-1131 +CVE-2000-1124 +CVE-2000-1123 +CVE-2000-1122 +CVE-2000-1121 +CVE-2000-1120 +CVE-2000-1119 +CVE-2000-1115 +CVE-2000-1113 +CVE-2000-1112 +CVE-2000-1111 +CVE-2000-1109 +CVE-2000-1108 +CVE-2000-1107 +CVE-2000-1106 +CVE-2000-1101 +CVE-2000-1099 +CVE-2000-1097 +CVE-2000-1096 +CVE-2000-1095 +CVE-2000-1094 +CVE-2000-1089 +CVE-2000-1080 +CVE-2000-1077 +CVE-2000-1075 +CVE-2000-1074 +CVE-2000-1073 +CVE-2000-1072 +CVE-2000-1071 +CVE-2000-1070 +CVE-2000-1069 +CVE-2000-1068 +CVE-2000-1061 +CVE-2000-1060 +CVE-2000-1059 +CVE-2000-1058 +CVE-2000-1057 +CVE-2000-1056 +CVE-2000-1055 +CVE-2000-1054 +CVE-2000-1051 +CVE-2000-1050 +CVE-2000-1049 +CVE-2000-1047 +CVE-2000-1045 +CVE-2000-1044 +CVE-2000-1043 +CVE-2000-1042 +CVE-2000-1041 +CVE-2000-1040 +CVE-2000-1038 +CVE-2000-1036 +CVE-2000-1034 +CVE-2000-1032 +CVE-2000-1031 +CVE-2000-1027 +CVE-2000-1026 +CVE-2000-1024 +CVE-2000-1022 +CVE-2000-1019 +CVE-2000-1018 +CVE-2000-1016 +CVE-2000-1014 +CVE-2000-1011 +CVE-2000-1010 +CVE-2000-1007 +CVE-2000-1006 +CVE-2000-1005 +CVE-2000-1004 +CVE-2000-1003 +CVE-2000-1002 +CVE-2000-1001 +CVE-2000-1000 +CVE-2000-0996 +CVE-2000-0995 +CVE-2000-0994 +CVE-2000-0993 +CVE-2000-0992 +CVE-2000-0991 +CVE-2000-0990 +CVE-2000-0989 +CVE-2000-0984 +CVE-2000-0983 +CVE-2000-0982 +CVE-2000-0981 +CVE-2000-0980 +CVE-2000-0979 +CVE-2000-0978 +CVE-2000-0977 +CVE-2000-0976 +CVE-2000-0975 +CVE-2000-0974 +CVE-2000-0973 +CVE-2000-0972 +CVE-2000-0970 +CVE-2000-0969 +CVE-2000-0968 +CVE-2000-0967 +CVE-2000-0966 +CVE-2000-0965 +CVE-2000-0964 +CVE-2000-0962 +CVE-2000-0961 +CVE-2000-0960 +CVE-2000-0959 +CVE-2000-0958 +CVE-2000-0957 +CVE-2000-0956 +CVE-2000-0953 +CVE-2000-0952 +CVE-2000-0951 +CVE-2000-0949 +CVE-2000-0948 +CVE-2000-0947 +CVE-2000-0946 +CVE-2000-0945 +CVE-2000-0944 +CVE-2000-0943 +CVE-2000-0942 +CVE-2000-0941 +CVE-2000-0938 +CVE-2000-0937 +CVE-2000-0936 +CVE-2000-0935 +CVE-2000-0934 +CVE-2000-0933 +CVE-2000-0932 +CVE-2000-0930 +CVE-2000-0929 +CVE-2000-0928 +CVE-2000-0927 +CVE-2000-0926 +CVE-2000-0925 +CVE-2000-0924 +CVE-2000-0923 +CVE-2000-0922 +CVE-2000-0921 +CVE-2000-0920 +CVE-2000-0919 +CVE-2000-0917 +CVE-2000-0915 +CVE-2000-0914 +CVE-2000-0913 +CVE-2000-0912 +CVE-2000-0911 +CVE-2000-0910 +CVE-2000-0909 +CVE-2000-0908 +CVE-2000-0901 +CVE-2000-0900 +CVE-2000-0897 +CVE-2000-0896 +CVE-2000-0895 +CVE-2000-0894 +CVE-2000-0892 +CVE-2000-0891 +CVE-2000-0890 +CVE-2000-0888 +CVE-2000-0887 +CVE-2000-0886 +CVE-2000-0884 +CVE-2000-0883 +CVE-2000-0878 +CVE-2000-0877 +CVE-2000-0876 +CVE-2000-0875 +CVE-2000-0874 +CVE-2000-0873 +CVE-2000-0871 +CVE-2000-0870 +CVE-2000-0869 +CVE-2000-0868 +CVE-2000-0867 +CVE-2000-0865 +CVE-2000-0864 +CVE-2000-0863 +CVE-2000-0862 +CVE-2000-0861 +CVE-2000-0860 +CVE-2000-0859 +CVE-2000-0858 +CVE-2000-0856 +CVE-2000-0854 +CVE-2000-0853 +CVE-2000-0852 +CVE-2000-0851 +CVE-2000-0850 +CVE-2000-0849 +CVE-2000-0848 +CVE-2000-0847 +CVE-2000-0846 +CVE-2000-0844 +CVE-2000-0839 +CVE-2000-0838 +CVE-2000-0837 +CVE-2000-0834 +CVE-2000-0830 +CVE-2000-0829 +CVE-2000-0825 +CVE-2000-0824 +CVE-2000-0818 +CVE-2000-0816 +CVE-2000-0813 +CVE-2000-0811 +CVE-2000-0810 +CVE-2000-0809 +CVE-2000-0808 +CVE-2000-0807 +CVE-2000-0806 +CVE-2000-0805 +CVE-2000-0804 +CVE-2000-0803 +CVE-2000-0799 +CVE-2000-0797 +CVE-2000-0796 +CVE-2000-0795 +CVE-2000-0792 +CVE-2000-0790 +CVE-2000-0788 +CVE-2000-0787 +CVE-2000-0786 +CVE-2000-0783 +CVE-2000-0782 +CVE-2000-0781 +CVE-2000-0780 +CVE-2000-0779 +CVE-2000-0778 +CVE-2000-0777 +CVE-2000-0776 +CVE-2000-0773 +CVE-2000-0771 +CVE-2000-0770 +CVE-2000-0768 +CVE-2000-0767 +CVE-2000-0766 +CVE-2000-0765 +CVE-2000-0764 +CVE-2000-0763 +CVE-2000-0762 +CVE-2000-0761 +CVE-2000-0758 +CVE-2000-0754 +CVE-2000-0753 +CVE-2000-0751 +CVE-2000-0750 +CVE-2000-0749 +CVE-2000-0747 +CVE-2000-0745 +CVE-2000-0744 +CVE-2000-0743 +CVE-2000-0742 +CVE-2000-0741 +CVE-2000-0740 +CVE-2000-0739 +CVE-2000-0738 +CVE-2000-0737 +CVE-2000-0733 +CVE-2000-0732 +CVE-2000-0731 +CVE-2000-0730 +CVE-2000-0729 +CVE-2000-0728 +CVE-2000-0727 +CVE-2000-0726 +CVE-2000-0725 +CVE-2000-0720 +CVE-2000-0718 +CVE-2000-0717 +CVE-2000-0716 +CVE-2000-0712 +CVE-2000-0711 +CVE-2000-0708 +CVE-2000-0707 +CVE-2000-0706 +CVE-2000-0705 +CVE-2000-0703 +CVE-2000-0702 +CVE-2000-0700 +CVE-2000-0699 +CVE-2000-0698 +CVE-2000-0694 +CVE-2000-0693 +CVE-2000-0685 +CVE-2000-0684 +CVE-2000-0683 +CVE-2000-0682 +CVE-2000-0681 +CVE-2000-0679 +CVE-2000-0678 +CVE-2000-0677 +CVE-2000-0676 +CVE-2000-0675 +CVE-2000-0674 +CVE-2000-0673 +CVE-2000-0672 +CVE-2000-0671 +CVE-2000-0670 +CVE-2000-0669 +CVE-2000-0668 +CVE-2000-0666 +CVE-2000-0665 +CVE-2000-0664 +CVE-2000-0663 +CVE-2000-0662 +CVE-2000-0661 +CVE-2000-0660 +CVE-2000-0655 +CVE-2000-0654 +CVE-2000-0652 +CVE-2000-0651 +CVE-2000-0650 +CVE-2000-0644 +CVE-2000-0643 +CVE-2000-0642 +CVE-2000-0641 +CVE-2000-0640 +CVE-2000-0639 +CVE-2000-0638 +CVE-2000-0637 +CVE-2000-0636 +CVE-2000-0635 +CVE-2000-0634 +CVE-2000-0633 +CVE-2000-0632 +CVE-2000-0631 +CVE-2000-0630 +CVE-2000-0628 +CVE-2000-0627 +CVE-2000-0624 +CVE-2000-0622 +CVE-2000-0621 +CVE-2000-0620 +CVE-2000-0619 +CVE-2000-0616 +CVE-2000-0615 +CVE-2000-0613 +CVE-2000-0611 +CVE-2000-0610 +CVE-2000-0604 +CVE-2000-0603 +CVE-2000-0602 +CVE-2000-0601 +CVE-2000-0600 +CVE-2000-0599 +CVE-2000-0598 +CVE-2000-0597 +CVE-2000-0596 +CVE-2000-0595 +CVE-2000-0594 +CVE-2000-0593 +CVE-2000-0591 +CVE-2000-0590 +CVE-2000-0588 +CVE-2000-0587 +CVE-2000-0586 +CVE-2000-0585 +CVE-2000-0584 +CVE-2000-0583 +CVE-2000-0582 +CVE-2000-0581 +CVE-2000-0579 +CVE-2000-0577 +CVE-2000-0576 +CVE-2000-0575 +CVE-2000-0573 +CVE-2000-0571 +CVE-2000-0570 +CVE-2000-0569 +CVE-2000-0568 +CVE-2000-0567 +CVE-2000-0566 +CVE-2000-0565 +CVE-2000-0561 +CVE-2000-0558 +CVE-2000-0557 +CVE-2000-0556 +CVE-2000-0555 +CVE-2000-0553 +CVE-2000-0552 +CVE-2000-0551 +CVE-2000-0550 +CVE-2000-0549 +CVE-2000-0548 +CVE-2000-0542 +CVE-2000-0541 +CVE-2000-0540 +CVE-2000-0539 +CVE-2000-0538 +CVE-2000-0537 +CVE-2000-0536 +CVE-2000-0534 +CVE-2000-0533 +CVE-2000-0532 +CVE-2000-0530 +CVE-2000-0529 +CVE-2000-0528 +CVE-2000-0525 +CVE-2000-0523 +CVE-2000-0522 +CVE-2000-0521 +CVE-2000-0519 +CVE-2000-0518 +CVE-2000-0517 +CVE-2000-0516 +CVE-2000-0515 +CVE-2000-0514 +CVE-2000-0513 +CVE-2000-0512 +CVE-2000-0511 +CVE-2000-0510 +CVE-2000-0508 +CVE-2000-0507 +CVE-2000-0506 +CVE-2000-0505 +CVE-2000-0504 +CVE-2000-0502 +CVE-2000-0501 +CVE-2000-0500 +CVE-2000-0499 +CVE-2000-0498 +CVE-2000-0497 +CVE-2000-0495 +CVE-2000-0494 +CVE-2000-0493 +CVE-2000-0490 +CVE-2000-0489 +CVE-2000-0488 +CVE-2000-0486 +CVE-2000-0485 +CVE-2000-0484 +CVE-2000-0483 +CVE-2000-0482 +CVE-2000-0481 +CVE-2000-0478 +CVE-2000-0477 +CVE-2000-0475 +CVE-2000-0474 +CVE-2000-0472 +CVE-2000-0471 +CVE-2000-0470 +CVE-2000-0469 +CVE-2000-0468 +CVE-2000-0467 +CVE-2000-0466 +CVE-2000-0465 +CVE-2000-0464 +CVE-2000-0463 +CVE-2000-0462 +CVE-2000-0461 +CVE-2000-0460 +CVE-2000-0459 +CVE-2000-0458 +CVE-2000-0457 +CVE-2000-0456 +CVE-2000-0455 +CVE-2000-0454 +CVE-2000-0453 +CVE-2000-0452 +CVE-2000-0451 +CVE-2000-0448 +CVE-2000-0447 +CVE-2000-0446 +CVE-2000-0445 +CVE-2000-0443 +CVE-2000-0442 +CVE-2000-0441 +CVE-2000-0440 +CVE-2000-0439 +CVE-2000-0438 +CVE-2000-0437 +CVE-2000-0436 +CVE-2000-0435 +CVE-2000-0432 +CVE-2000-0431 +CVE-2000-0430 +CVE-2000-0428 +CVE-2000-0427 +CVE-2000-0426 +CVE-2000-0425 +CVE-2000-0424 +CVE-2000-0421 +CVE-2000-0419 +CVE-2000-0418 +CVE-2000-0417 +CVE-2000-0416 +CVE-2000-0414 +CVE-2000-0411 +CVE-2000-0410 +CVE-2000-0409 +CVE-2000-0408 +CVE-2000-0407 +CVE-2000-0406 +CVE-2000-0405 +CVE-2000-0404 +CVE-2000-0403 +CVE-2000-0402 +CVE-2000-0399 +CVE-2000-0398 +CVE-2000-0397 +CVE-2000-0396 +CVE-2000-0395 +CVE-2000-0394 +CVE-2000-0393 +CVE-2000-0392 +CVE-2000-0391 +CVE-2000-0390 +CVE-2000-0389 +CVE-2000-0388 +CVE-2000-0387 +CVE-2000-0382 +CVE-2000-0381 +CVE-2000-0380 +CVE-2000-0379 +CVE-2000-0378 +CVE-2000-0377 +CVE-2000-0376 +CVE-2000-0375 +CVE-2000-0374 +CVE-2000-0373 +CVE-2000-0372 +CVE-2000-0371 +CVE-2000-0370 +CVE-2000-0369 +CVE-2000-0368 +CVE-2000-0367 +CVE-2000-0366 +CVE-2000-0363 +CVE-2000-0362 +CVE-2000-0361 +CVE-2000-0360 +CVE-2000-0359 +CVE-2000-0356 +CVE-2000-0354 +CVE-2000-0353 +CVE-2000-0352 +CVE-2000-0351 +CVE-2000-0350 +CVE-2000-0349 +CVE-2000-0348 +CVE-2000-0347 +CVE-2000-0346 +CVE-2000-0344 +CVE-2000-0342 +CVE-2000-0341 +CVE-2000-0340 +CVE-2000-0339 +CVE-2000-0338 +CVE-2000-0337 +CVE-2000-0336 +CVE-2000-0335 +CVE-2000-0334 +CVE-2000-0332 +CVE-2000-0331 +CVE-2000-0330 +CVE-2000-0329 +CVE-2000-0328 +CVE-2000-0327 +CVE-2000-0324 +CVE-2000-0323 +CVE-2000-0322 +CVE-2000-0320 +CVE-2000-0319 +CVE-2000-0318 +CVE-2000-0316 +CVE-2000-0315 +CVE-2000-0314 +CVE-2000-0313 +CVE-2000-0311 +CVE-2000-0310 +CVE-2000-0309 +CVE-2000-0308 +CVE-2000-0307 +CVE-2000-0306 +CVE-2000-0305 +CVE-2000-0304 +CVE-2000-0303 +CVE-2000-0302 +CVE-2000-0301 +CVE-2000-0298 +CVE-2000-0297 +CVE-2000-0296 +CVE-2000-0294 +CVE-2000-0292 +CVE-2000-0290 +CVE-2000-0289 +CVE-2000-0287 +CVE-2000-0285 +CVE-2000-0283 +CVE-2000-0282 +CVE-2000-0279 +CVE-2000-0278 +CVE-2000-0277 +CVE-2000-0276 +CVE-2000-0274 +CVE-2000-0273 +CVE-2000-0272 +CVE-2000-0268 +CVE-2000-0267 +CVE-2000-0265 +CVE-2000-0264 +CVE-2000-0263 +CVE-2000-0262 +CVE-2000-0261 +CVE-2000-0260 +CVE-2000-0258 +CVE-2000-0257 +CVE-2000-0255 +CVE-2000-0254 +CVE-2000-0253 +CVE-2000-0252 +CVE-2000-0251 +CVE-2000-0249 +CVE-2000-0247 +CVE-2000-0246 +CVE-2000-0245 +CVE-2000-0243 +CVE-2000-0240 +CVE-2000-0238 +CVE-2000-0237 +CVE-2000-0236 +CVE-2000-0235 +CVE-2000-0234 +CVE-2000-0233 +CVE-2000-0232 +CVE-2000-0231 +CVE-2000-0230 +CVE-2000-0229 +CVE-2000-0228 +CVE-2000-0226 +CVE-2000-0225 +CVE-2000-0224 +CVE-2000-0223 +CVE-2000-0222 +CVE-2000-0221 +CVE-2000-0218 +CVE-2000-0217 +CVE-2000-0215 +CVE-2000-0212 +CVE-2000-0211 +CVE-2000-0210 +CVE-2000-0209 +CVE-2000-0208 +CVE-2000-0207 +CVE-2000-0206 +CVE-2000-0202 +CVE-2000-0201 +CVE-2000-0200 +CVE-2000-0196 +CVE-2000-0195 +CVE-2000-0194 +CVE-2000-0193 +CVE-2000-0192 +CVE-2000-0191 +CVE-2000-0189 +CVE-2000-0186 +CVE-2000-0185 +CVE-2000-0184 +CVE-2000-0183 +CVE-2000-0182 +CVE-2000-0181 +CVE-2000-0180 +CVE-2000-0179 +CVE-2000-0178 +CVE-2000-0175 +CVE-2000-0174 +CVE-2000-0172 +CVE-2000-0171 +CVE-2000-0170 +CVE-2000-0169 +CVE-2000-0168 +CVE-2000-0166 +CVE-2000-0165 +CVE-2000-0164 +CVE-2000-0162 +CVE-2000-0161 +CVE-2000-0159 +CVE-2000-0157 +CVE-2000-0156 +CVE-2000-0152 +CVE-2000-0150 +CVE-2000-0149 +CVE-2000-0148 +CVE-2000-0146 +CVE-2000-0145 +CVE-2000-0144 +CVE-2000-0141 +CVE-2000-0140 +CVE-2000-0139 +CVE-2000-0131 +CVE-2000-0130 +CVE-2000-0128 +CVE-2000-0127 +CVE-2000-0121 +CVE-2000-0120 +CVE-2000-0117 +CVE-2000-0116 +CVE-2000-0113 +CVE-2000-0112 +CVE-2000-0111 +CVE-2000-0107 +CVE-2000-0100 +CVE-2000-0099 +CVE-2000-0098 +CVE-2000-0097 +CVE-2000-0095 +CVE-2000-0094 +CVE-2000-0092 +CVE-2000-0091 +CVE-2000-0090 +CVE-2000-0089 +CVE-2000-0088 +CVE-2000-0087 +CVE-2000-0083 +CVE-2000-0080 +CVE-2000-0076 +CVE-2000-0075 +CVE-2000-0073 +CVE-2000-0072 +CVE-2000-0070 +CVE-2000-0065 +CVE-2000-0064 +CVE-2000-0063 +CVE-2000-0062 +CVE-2000-0060 +CVE-2000-0057 +CVE-2000-0056 +CVE-2000-0053 +CVE-2000-0052 +CVE-2000-0051 +CVE-2000-0050 +CVE-2000-0048 +CVE-2000-0045 +CVE-2000-0044 +CVE-2000-0043 +CVE-2000-0042 +CVE-2000-0041 +CVE-2000-0040 +CVE-2000-0039 +CVE-2000-0037 +CVE-2000-0036 +CVE-2000-0034 +CVE-2000-0033 +CVE-2000-0032 +CVE-2000-0031 +CVE-2000-0030 +CVE-2000-0029 +CVE-2000-0027 +CVE-2000-0026 +CVE-2000-0025 +CVE-2000-0024 +CVE-2000-0023 +CVE-2000-0022 +CVE-2000-0020 +CVE-2000-0018 +CVE-2000-0015 +CVE-2000-0014 +CVE-2000-0013 +CVE-2000-0012 +CVE-2000-0011 +CVE-2000-0010 +CVE-2000-0009 +CVE-2000-0007 +CVE-2000-0006 +CVE-2000-0004 +CVE-2000-0003 +CVE-2000-0002 +CVE-2000-0001 +CVE-1999-1568 +CVE-1999-1565 +CVE-1999-1556 +CVE-1999-1550 +CVE-1999-1542 +CVE-1999-1537 +CVE-1999-1535 +CVE-1999-1531 +CVE-1999-1530 +CVE-1999-1520 +CVE-1999-1512 +CVE-1999-1507 +CVE-1999-1494 +CVE-1999-1490 +CVE-1999-1488 +CVE-1999-1486 +CVE-1999-1481 +CVE-1999-1478 +CVE-1999-1476 +CVE-1999-1473 +CVE-1999-1472 +CVE-1999-1468 +CVE-1999-1456 +CVE-1999-1455 +CVE-1999-1452 +CVE-1999-1437 +CVE-1999-1433 +CVE-1999-1432 +CVE-1999-1423 +CVE-1999-1419 +CVE-1999-1414 +CVE-1999-1411 +CVE-1999-1409 +CVE-1999-1407 +CVE-1999-1402 +CVE-1999-1397 +CVE-1999-1386 +CVE-1999-1385 +CVE-1999-1384 +CVE-1999-1382 +CVE-1999-1380 +CVE-1999-1379 +CVE-1999-1365 +CVE-1999-1363 +CVE-1999-1362 +CVE-1999-1360 +CVE-1999-1359 +CVE-1999-1358 +CVE-1999-1356 +CVE-1999-1351 +CVE-1999-1341 +CVE-1999-1339 +CVE-1999-1337 +CVE-1999-1336 +CVE-1999-1335 +CVE-1999-1333 +CVE-1999-1332 + {DSA-308} +CVE-1999-1331 +CVE-1999-1330 +CVE-1999-1329 +CVE-1999-1328 +CVE-1999-1327 +CVE-1999-1326 +CVE-1999-1325 +CVE-1999-1324 +CVE-1999-1321 +CVE-1999-1320 +CVE-1999-1318 +CVE-1999-1317 +CVE-1999-1316 +CVE-1999-1309 +CVE-1999-1301 +CVE-1999-1298 +CVE-1999-1297 +CVE-1999-1294 +CVE-1999-1290 +CVE-1999-1288 +CVE-1999-1284 +CVE-1999-1279 +CVE-1999-1276 +CVE-1999-1263 +CVE-1999-1262 +CVE-1999-1259 +CVE-1999-1258 +CVE-1999-1249 +CVE-1999-1246 +CVE-1999-1243 +CVE-1999-1233 +CVE-1999-1226 +CVE-1999-1223 +CVE-1999-1222 +CVE-1999-1217 +CVE-1999-1215 +CVE-1999-1214 +CVE-1999-1209 +CVE-1999-1208 +CVE-1999-1205 +CVE-1999-1204 +CVE-1999-1203 +CVE-1999-1201 +CVE-1999-1199 +CVE-1999-1198 +CVE-1999-1197 +CVE-1999-1194 +CVE-1999-1193 +CVE-1999-1192 +CVE-1999-1191 +CVE-1999-1189 +CVE-1999-1188 +CVE-1999-1181 +CVE-1999-1177 +CVE-1999-1175 +CVE-1999-1167 +CVE-1999-1163 +CVE-1999-1162 +CVE-1999-1161 +CVE-1999-1160 +CVE-1999-1159 +CVE-1999-1157 +CVE-1999-1156 +CVE-1999-1148 +CVE-1999-1147 +CVE-1999-1146 +CVE-1999-1145 +CVE-1999-1144 +CVE-1999-1143 +CVE-1999-1142 +CVE-1999-1140 +CVE-1999-1139 +CVE-1999-1138 +CVE-1999-1137 +CVE-1999-1136 +CVE-1999-1132 +CVE-1999-1131 +CVE-1999-1127 +CVE-1999-1122 +CVE-1999-1121 +CVE-1999-1120 +CVE-1999-1119 +CVE-1999-1118 +CVE-1999-1117 +CVE-1999-1116 +CVE-1999-1115 +CVE-1999-1114 +CVE-1999-1111 +CVE-1999-1109 +CVE-1999-1105 +CVE-1999-1104 +CVE-1999-1103 +CVE-1999-1102 +CVE-1999-1100 +CVE-1999-1099 +CVE-1999-1098 +CVE-1999-1094 +CVE-1999-1093 +CVE-1999-1090 +CVE-1999-1087 +CVE-1999-1085 +CVE-1999-1080 +CVE-1999-1074 +CVE-1999-1059 +CVE-1999-1057 +CVE-1999-1055 +CVE-1999-1048 +CVE-1999-1047 +CVE-1999-1045 +CVE-1999-1044 +CVE-1999-1037 +CVE-1999-1035 +CVE-1999-1034 +CVE-1999-1032 +CVE-1999-1028 +CVE-1999-1027 +CVE-1999-1021 +CVE-1999-1019 +CVE-1999-1014 +CVE-1999-1011 +CVE-1999-1010 +CVE-1999-1008 +CVE-1999-1007 +CVE-1999-1005 +CVE-1999-1004 +CVE-1999-1001 +CVE-1999-1000 +CVE-1999-0999 +CVE-1999-0998 +CVE-1999-0997 + {DSA-377} +CVE-1999-0996 +CVE-1999-0995 +CVE-1999-0994 +CVE-1999-0992 +CVE-1999-0991 +CVE-1999-0989 +CVE-1999-0987 +CVE-1999-0986 +CVE-1999-0982 +CVE-1999-0981 +CVE-1999-0980 +CVE-1999-0979 +CVE-1999-0978 +CVE-1999-0977 +CVE-1999-0976 +CVE-1999-0975 +CVE-1999-0974 +CVE-1999-0973 +CVE-1999-0972 +CVE-1999-0971 +CVE-1999-0969 +CVE-1999-0968 +CVE-1999-0967 +CVE-1999-0966 +CVE-1999-0965 +CVE-1999-0964 +CVE-1999-0963 +CVE-1999-0962 +CVE-1999-0961 +CVE-1999-0960 +CVE-1999-0959 +CVE-1999-0958 +CVE-1999-0957 +CVE-1999-0956 +CVE-1999-0955 +CVE-1999-0954 +CVE-1999-0953 +CVE-1999-0951 +CVE-1999-0950 +CVE-1999-0947 +CVE-1999-0946 +CVE-1999-0945 +CVE-1999-0943 +CVE-1999-0942 +CVE-1999-0940 +CVE-1999-0939 +CVE-1999-0938 +CVE-1999-0937 +CVE-1999-0936 +CVE-1999-0935 +CVE-1999-0934 +CVE-1999-0933 +CVE-1999-0932 +CVE-1999-0931 +CVE-1999-0930 +CVE-1999-0928 +CVE-1999-0927 +CVE-1999-0924 +CVE-1999-0922 +CVE-1999-0921 +CVE-1999-0920 +CVE-1999-0918 +CVE-1999-0917 +CVE-1999-0916 +CVE-1999-0915 +CVE-1999-0914 +CVE-1999-0912 +CVE-1999-0909 +CVE-1999-0908 +CVE-1999-0907 +CVE-1999-0906 +CVE-1999-0905 +CVE-1999-0904 +CVE-1999-0903 +CVE-1999-0902 +CVE-1999-0901 +CVE-1999-0900 +CVE-1999-0899 +CVE-1999-0898 +CVE-1999-0897 +CVE-1999-0896 +CVE-1999-0895 +CVE-1999-0894 +CVE-1999-0893 +CVE-1999-0892 +CVE-1999-0891 +CVE-1999-0890 +CVE-1999-0889 +CVE-1999-0888 +CVE-1999-0887 +CVE-1999-0886 +CVE-1999-0884 +CVE-1999-0883 +CVE-1999-0881 +CVE-1999-0880 +CVE-1999-0879 +CVE-1999-0878 +CVE-1999-0877 +CVE-1999-0876 +CVE-1999-0875 +CVE-1999-0874 +CVE-1999-0873 +CVE-1999-0871 +CVE-1999-0870 +CVE-1999-0869 +CVE-1999-0868 +CVE-1999-0867 +CVE-1999-0866 +CVE-1999-0865 +CVE-1999-0864 +CVE-1999-0861 +CVE-1999-0859 +CVE-1999-0858 +CVE-1999-0856 +CVE-1999-0854 +CVE-1999-0853 +CVE-1999-0851 +CVE-1999-0849 +CVE-1999-0848 +CVE-1999-0847 +CVE-1999-0842 +CVE-1999-0839 +CVE-1999-0838 +CVE-1999-0837 +CVE-1999-0836 +CVE-1999-0835 +CVE-1999-0834 +CVE-1999-0833 +CVE-1999-0832 +CVE-1999-0831 +CVE-1999-0826 +CVE-1999-0824 +CVE-1999-0823 +CVE-1999-0820 +CVE-1999-0819 +CVE-1999-0817 +CVE-1999-0815 +CVE-1999-0814 +CVE-1999-0813 +CVE-1999-0812 +CVE-1999-0811 +CVE-1999-0810 +CVE-1999-0809 +CVE-1999-0807 +CVE-1999-0806 +CVE-1999-0804 +CVE-1999-0803 +CVE-1999-0802 +CVE-1999-0801 +CVE-1999-0800 +CVE-1999-0799 +CVE-1999-0797 +CVE-1999-0796 +CVE-1999-0794 +CVE-1999-0793 +CVE-1999-0791 +CVE-1999-0790 +CVE-1999-0789 +CVE-1999-0788 +CVE-1999-0787 +CVE-1999-0786 +CVE-1999-0785 +CVE-1999-0783 +CVE-1999-0782 +CVE-1999-0781 +CVE-1999-0780 +CVE-1999-0779 +CVE-1999-0778 +CVE-1999-0777 +CVE-1999-0775 +CVE-1999-0774 +CVE-1999-0773 +CVE-1999-0772 +CVE-1999-0771 +CVE-1999-0770 +CVE-1999-0769 +CVE-1999-0768 +CVE-1999-0766 +CVE-1999-0765 +CVE-1999-0764 +CVE-1999-0763 +CVE-1999-0762 +CVE-1999-0761 +CVE-1999-0760 +CVE-1999-0759 +CVE-1999-0758 +CVE-1999-0756 +CVE-1999-0755 +CVE-1999-0754 +CVE-1999-0753 +CVE-1999-0752 +CVE-1999-0751 +CVE-1999-0749 +CVE-1999-0747 +CVE-1999-0746 +CVE-1999-0745 +CVE-1999-0744 +CVE-1999-0743 +CVE-1999-0742 +CVE-1999-0740 +CVE-1999-0735 +CVE-1999-0734 +CVE-1999-0733 +CVE-1999-0732 +CVE-1999-0731 +CVE-1999-0730 +CVE-1999-0729 +CVE-1999-0728 +CVE-1999-0727 +CVE-1999-0726 +CVE-1999-0725 +CVE-1999-0724 +CVE-1999-0723 +CVE-1999-0722 +CVE-1999-0721 +CVE-1999-0720 +CVE-1999-0719 +CVE-1999-0718 +CVE-1999-0717 +CVE-1999-0716 +CVE-1999-0715 +CVE-1999-0714 +CVE-1999-0713 +CVE-1999-0711 +CVE-1999-0710 + {DSA-576-1} +CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...) +CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...) +CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...) +CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...) +CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) +CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) +CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...) +CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...) +CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) +CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) +CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) +CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) +CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...) +CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) +CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...) +CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...) +CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...) +CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...) +CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) +CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) +CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...) +CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...) +CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) +CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...) +CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...) +CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...) +CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...) +CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...) +CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...) +CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...) +CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...) +CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...) +CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its ...) +CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...) +CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...) +CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...) +CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...) +CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...) +CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) +CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) +CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...) +CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...) +CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...) +CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...) +CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...) +CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) +CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) +CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...) +CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...) +CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...) +CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...) +CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...) +CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...) +CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...) +CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...) +CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...) +CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...) +CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...) +CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...) +CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...) +CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...) +CVE-2000-0434 (The administrative password for the Allmanage web site administration ...) +CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...) +CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...) +CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...) +CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...) +CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...) +CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) +CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) +CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) +CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) +CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...) +CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...) +CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...) +CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...) +CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...) +CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...) +CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...) +CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...) +CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...) +CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...) +CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...) +CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...) +CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...) +CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...) +CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...) +CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...) +CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...) +CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...) +CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...) +CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...) +CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...) +CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...) +CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...) +CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...) +CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...) +CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...) +CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...) +CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...) +CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...) +CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...) +CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...) +CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...) +CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...) +CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...) +CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...) +CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...) +CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...) +CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...) +CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...) +CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...) +CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...) +CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...) +CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...) +CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...) +CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...) +CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...) +CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...) +CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...) +CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...) +CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...) +CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...) +CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...) +CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...) +CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...) +CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...) +CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...) +CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...) +CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...) +CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) +CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) +CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) +CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) +CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...) +CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...) +CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...) +CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...) +CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...) +CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...) +CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access ...) +CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...) +CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...) +CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify ...) +CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...) +CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify ...) +CVE-2000-0134 (The Check It Out shopping cart application allows remote users to ...) +CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...) +CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...) +CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) +CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) +CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) +CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) +CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote ...) +CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...) +CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...) +CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) +CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) +CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) +CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) +CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...) +CVE-2000-0108 (The Intellivend shopping cart application allows remote users to ...) +CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...) +CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...) +CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...) +CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...) +CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...) +CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...) +CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...) +CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...) +CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...) +CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...) +CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its ...) +CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...) +CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...) +CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...) +CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...) +CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...) +CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) +CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) +CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) +CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) +CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...) +CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...) +CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...) +CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...) +CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...) +CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...) +CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...) +CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...) +CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...) +CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...) +CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password ...) +CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...) +CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...) +CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...) +CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...) +CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...) +CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...) +CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is ...) +CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...) +CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...) + {DSA-664-1} + - cpio 2.5-1.2 (bug #293379) +CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...) +CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...) +CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...) +CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...) +CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...) +CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...) +CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...) +CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...) +CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...) +CVE-1999-1560 (Vulnerability in a script in Texas A&M University (TAMU) Tiger allows ...) +CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...) +CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...) +CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...) +CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...) +CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...) +CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...) +CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...) +CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...) +CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...) +CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...) +CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...) +CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...) +CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) +CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) +CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) +CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) +CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...) +CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...) +CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) +CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) +CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) +CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...) +CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...) +CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...) +CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...) +CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...) +CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...) +CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...) +CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...) +CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...) +CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...) +CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...) +CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...) +CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...) +CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...) +CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...) +CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...) +CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...) +CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...) +CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...) +CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...) +CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...) +CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...) +CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...) +CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...) +CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...) +CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...) +CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...) +CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...) +CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...) +CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...) +CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...) +CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...) +CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...) +CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...) +CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...) +CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...) +CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...) +CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...) +CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...) +CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...) +CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...) +CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...) +CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...) +CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...) +CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...) +CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...) +CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...) +CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...) +CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...) +CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...) +CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...) +CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...) +CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...) +CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...) +CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...) +CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...) +CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...) +CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...) +CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...) +CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...) +CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...) +CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...) +CVE-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) +CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) +CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) +CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) +CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) +CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) +CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) +CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) +CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) +CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) +CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...) +CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...) +CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...) +CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...) +CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...) +CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...) +CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...) +CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...) +CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...) +CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ...) +CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...) +CVE-1999-1429 (DIT TransferPro installs devices with world-readable and ...) +CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...) +CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...) +CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...) +CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...) +CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...) +CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...) +CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...) +CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...) +CVE-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled ...) +CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...) +CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...) +CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...) +CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...) +CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...) +CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...) +CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...) +CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...) +CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...) +CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...) +CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...) +CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...) +CVE-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option ...) +CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...) +CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...) +CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...) +CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...) +CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...) +CVE-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows ...) +CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...) +CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...) +CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...) +CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...) +CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...) +CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...) +CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...) +CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...) +CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...) +CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...) +CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) +CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) +CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) +CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...) +CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...) +CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) +CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) +CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) +CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) +CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) +CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) +CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) +CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...) +CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...) +CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...) +CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...) +CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...) +CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...) +CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...) +CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...) +CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...) +CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...) +CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...) +CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...) +CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...) +CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...) +CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...) +CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...) +CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...) +CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...) +CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...) +CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...) +CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...) +CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...) +CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...) +CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...) +CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...) +CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...) +CVE-1999-1310 + REJECTED +CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...) +CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...) +CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...) +CVE-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...) +CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...) +CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...) +CVE-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...) +CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...) +CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" ...) +CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...) +CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...) +CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...) +CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) +CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) +CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) +CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) +CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...) +CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...) +CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...) +CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...) +CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers ...) +CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...) +CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...) +CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...) +CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...) +CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...) +CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...) +CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...) +CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...) +CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...) +CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...) +CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...) +CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...) +CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...) +CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...) +CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...) +CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...) +CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...) +CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...) +CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...) +CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...) +CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...) +CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...) +CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...) +CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...) +CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...) +CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...) +CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...) +CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...) +CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...) +CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) +CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) +CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) +CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) +CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...) +CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...) +CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) +CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) +CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) +CVE-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...) +CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...) +CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...) +CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...) +CVE-1999-1228 (Various modems that do not implement a guard time, or are configured ...) +CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...) +CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...) +CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...) +CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...) +CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...) +CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...) +CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...) +CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...) +CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...) +CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...) +CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...) +CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...) +CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...) +CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...) +CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...) +CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...) +CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...) +CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...) +CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...) +CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...) +CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...) +CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...) +CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...) +CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...) +CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...) +CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...) +CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...) +CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...) +CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...) +CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...) +CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...) +CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...) +CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...) +CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...) +CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...) +CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...) +CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...) +CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) +CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) +CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) +CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) +CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...) +CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...) +CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...) +CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...) +CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...) +CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...) +CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...) +CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...) +CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...) +CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...) +CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...) +CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) +CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) +CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) +CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) +CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...) +CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...) +CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...) +CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) +CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) +CVE-1999-1108 + REJECTED +CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) +CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...) +CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) +CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) +CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) +CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) +CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...) +CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...) +CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...) +CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...) +CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...) +CVE-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, ...) +CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...) +CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...) +CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...) +CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...) +CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...) +CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...) +CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...) +CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...) +CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...) +CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...) +CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...) +CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...) +CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...) +CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...) +CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...) +CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...) +CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...) +CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...) +CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...) +CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...) +CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...) +CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...) +CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...) +CVE-1999-1056 + REJECTED +CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...) +CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) +CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) +CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) +CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) +CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...) +CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) +CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) +CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) +CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) +CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...) +CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...) +CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...) +CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) +CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) +CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) +CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) +CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...) +CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...) +CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...) +CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...) +CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...) +CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...) +CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...) +CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...) +CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) +CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) +CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) +CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) +CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...) +CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...) +CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...) +CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...) +CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) +CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) +CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) +CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) +CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...) +CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...) +CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...) +CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...) +CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...) +CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...) +CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...) +CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...) +CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...) +CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...) +CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...) +CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...) +CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...) +CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...) +CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...) +CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) +CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) +CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) +CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) +CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...) +CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...) +CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...) +CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...) +CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...) +CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...) +CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...) +CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...) +CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...) +CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...) +CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...) +CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...) +CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...) +CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...) +CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...) +CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...) +CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) +CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) +CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) +CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) +CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...) +CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...) +CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...) +CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...) +CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...) +CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...) +CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...) +CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...) +CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...) +CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...) +CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...) +CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...) +CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...) +CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...) +CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) +CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) +CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) +CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) +CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) +CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) +CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) +CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...) +CVE-1999-0677 (The WebRamp web administration utility has a default password. ...) +CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...) +CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...) +CVE-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for ...) +CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...) +CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...) +CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate ...) +CVE-1999-0663 (A system-critical program, library, or file has a checksum or other ...) +CVE-1999-0662 (A system-critical program or library does not have the appropriate ...) +CVE-1999-0661 (A system is running a version of software that was replaced with a ...) +CVE-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...) +CVE-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...) +CVE-1999-0658 (DCOM is running. ...) +CVE-1999-0657 (WinGate is being used. ...) +CVE-1999-0656 (The ugidd service is running. ...) +CVE-1999-0655 (A service may include useful information in its banner or help ...) +CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...) +CVE-1999-0653 (A component service related to NIS+ is running. ...) +CVE-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...) +CVE-1999-0651 (The rsh/rlogin service is running. ...) +CVE-1999-0650 (The netstat service is running. ...) +CVE-1999-0649 (The FSP service is running. ...) +CVE-1999-0648 (The X25 service is running. ...) +CVE-1999-0647 (The bootparam (bootparamd) service is running. ...) +CVE-1999-0646 (The LDAP service is running. ...) +CVE-1999-0645 (The IRC service is running. ...) +CVE-1999-0644 (The NNTP news service is running. ...) +CVE-1999-0643 (The IMAP service is running. ...) +CVE-1999-0642 (A POP service is running. ...) +CVE-1999-0641 (The UUCP service is running. ...) +CVE-1999-0640 (The Gopher service is running. ...) +CVE-1999-0639 (The chargen service is running. ...) +CVE-1999-0638 (The daytime service is running. ...) +CVE-1999-0637 (The systat service is running. ...) +CVE-1999-0636 (The discard service is running. ...) +CVE-1999-0635 (The echo service is running. ...) +CVE-1999-0634 (The SSH service is running. ...) +CVE-1999-0633 (The HTTP/WWW service is running. ...) +CVE-1999-0632 (The RPC portmapper service is running. ...) +CVE-1999-0631 (The NFS service is running. ...) +CVE-1999-0630 (The NT Alerter and Messenger services are running. ...) +CVE-1999-0629 (The ident/identd service is running. ...) +CVE-1999-0625 (The rpc.rquotad service is running. ...) +CVE-1999-0624 (The rstat/rstatd service is running. ...) +CVE-1999-0623 (The X Windows service is running. ...) +CVE-1999-0622 (A component service related to DNS service is running. ...) +CVE-1999-0621 (A component service related to NETBIOS is running. ...) +CVE-1999-0620 (A component service related to NIS is running. ...) +CVE-1999-0619 (The Telnet service is running. ...) +CVE-1999-0618 (The rexec service is running. ...) +CVE-1999-0617 (The SMTP service is running. ...) +CVE-1999-0616 (The TFTP service is running. ...) +CVE-1999-0615 (The SNMP service is running. ...) +CVE-1999-0614 (The FTP service is running. ...) +CVE-1999-0613 (The rpc.sprayd service is running. ...) +CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...) +CVE-1999-0610 (An incorrect configuration of the Webcart CGI program ...) +CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program ...) +CVE-1999-0607 (An incorrect configuration of the QuikStore shopping cart ...) +CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart ...) +CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart ...) +CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...) +CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...) +CVE-1999-0602 (A network intrusion detection system (IDS) does not properly ...) +CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...) +CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the ...) +CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...) +CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...) +CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...) +CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...) +CVE-1999-0595 (A Windows NT system does not clear the system page file during ...) +CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...) +CVE-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...) +CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...) +CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...) +CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...) +CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate ...) +CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...) +CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...) +CVE-1999-0586 (A network service is running on a nonstandard port. ...) +CVE-1999-0585 (A Windows NT administrator account has the default name of ...) +CVE-1999-0584 (A Windows NT file system is not NTFS. ...) +CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...) +CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...) +CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...) +CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...) +CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event ...) +CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event ...) +CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success ...) +CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success ...) +CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success ...) +CVE-1999-0572 (.reg files are associated with the Windows NT registry editor ...) +CVE-1999-0571 (A router's configuration service or management interface (such as a ...) +CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...) +CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...) +CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...) +CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...) +CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...) +CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) +CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) +CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) +CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...) + - webmin 1.160-1 +CVE-1999-0556 (Two or more Unix accounts have the same UID. ...) +CVE-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root ...) +CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...) +CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...) +CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...) +CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...) +CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...) +CVE-1999-0546 (The Windows NT guest account is enabled. ...) +CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...) +CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...) +CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) +CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) +CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) +CVE-1999-0533 (A DNS server allows inverse queries. ...) +CVE-1999-0532 (A DNS server allows zone transfers. ...) +CVE-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...) +CVE-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...) +CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...) +CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...) +CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...) +CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) +CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...) +CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) +CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...) +CVE-1999-0521 (An NIS domain name is easily guessable. ...) +CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...) +CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...) +CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...) +CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...) +CVE-1999-0516 (An SNMP community name is guessable. ...) +CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...) +CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...) +CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...) +CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary ...) +CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...) +CVE-1999-0508 (An account on a router, firewall, or other network device has a ...) +CVE-1999-0507 (An account on a router, firewall, or other network device has a guessable ...) +CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...) +CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable ...) +CVE-1999-0504 (A Windows NT local user or administrator account has a default, null, ...) +CVE-1999-0503 (A Windows NT local user or administrator account has a guessable ...) +CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...) +CVE-1999-0501 (A Unix account has a guessable password. ...) +CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...) +CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...) +CVE-1999-0497 (Anonymous FTP is enabled. ...) +CVE-1999-0495 (A remote attacker can gain access to a file system using .. (dot dot) ...) +CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) +CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) +CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) +CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) +CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) +CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) +CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...) +CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...) +CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...) +CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...) +CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...) +CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...) +CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...) +CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...) +CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...) +CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...) +CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...) +CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...) +CVE-1999-0452 (A service or application has a backdoor password that was placed there ...) +CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...) +CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...) +CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...) +CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...) +CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...) +CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...) +CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...) +CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...) +CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...) +CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...) +CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...) +CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...) +CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...) +CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...) +CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...) +CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...) +CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...) +CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...) +CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...) +CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...) +CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...) +CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...) +CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...) +CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...) +CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...) +CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...) +CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...) +CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...) +CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...) +CVE-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...) +CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...) +CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...) +CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...) +CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...) +CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...) +CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...) +CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...) +CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...) +CVE-1999-0306 (buffer overflow in HP xlock program. ...) +CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...) +CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...) +CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...) +CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...) +CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...) +CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...) +CVE-1999-0282 + REJECTED +CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...) +CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...) +CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...) +CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...) +CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...) +CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...) +CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...) +CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...) +CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...) +CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...) +CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...) +CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...) +CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...) +CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...) +CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...) +CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...) +CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...) +CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...) +CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...) +CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...) +CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...) +CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...) +CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...) +CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...) +CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...) +CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...) +CVE-1999-0198 (finger .@host on some systems may print information on some user accounts. ...) +CVE-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...) +CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...) +CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...) +CVE-1999-0187 + REJECTED +CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...) +CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...) +CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...) +CVE-1999-0165 (NFS cache poisoning. ...) +CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...) +CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...) +CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...) +CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...) +CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...) +CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...) +CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...) +CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...) +CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...) +CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...) +CVE-1999-0110 + REJECTED +CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...) +CVE-1999-0106 (Finger redirection allows finger bombs. ...) +CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...) +CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...) +CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...) +CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...) +CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...) +CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...) +CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...) +CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...) +CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...) +CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...) +CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...) +CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...) +CVE-1999-0020 + REJECTED diff --git a/data/CVE/2000.list b/data/CVE/2000.list new file mode 100644 index 0000000000..efb9194477 --- /dev/null +++ b/data/CVE/2000.list @@ -0,0 +1,285 @@ +CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) + NOT-FOR-US: FTGate +CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...) + NOT-FOR-US: Oracle +CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...) + NOT-FOR-US: Oracle +CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...) + NOT-FOR-US: Phorum +CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...) + NOT-FOR-US: Phorum +CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...) + NOT-FOR-US: Phorum +CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...) + NOT-FOR-US: Phorum +CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...) + NOT-FOR-US: Phorum +CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...) + NOT-FOR-US: Phorum +CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...) + NOT-FOR-US: Phorum +CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...) + NOT-FOR-US: microsoft +CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) + - snort 1.6.1-1 +CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) + NOT-FOR-US: Xitami +CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...) + NOT-FOR-US: Caucho Technology Resin +CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...) + NOT-FOR-US: Quikstore Shopping Cart +CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...) + NOT-FOR-US: AIX +CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) + - lpr 1:0.48-1 +CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) + - lpr 1:0.48-1 +CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...) + - gcc-3.3 1:3.3.4-1 +CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft ...) + NOT-FOR-US: Windows +CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...) + NOT-FOR-US: Windows +CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...) + NOT-FOR-US: AIX +CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...) + NOT-FOR-US: Lotus Domino +CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...) +CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...) +CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...) +CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...) +CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...) +CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...) +CVE-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...) +CVE-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...) +CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...) +CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...) +CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...) +CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...) +CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...) +CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...) +CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...) +CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...) +CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...) +CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...) +CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...) +CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...) +CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...) +CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...) +CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...) +CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...) +CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...) +CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...) +CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...) +CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...) +CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...) +CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...) +CVE-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...) +CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...) +CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...) +CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...) +CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...) +CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...) +CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...) +CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...) +CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...) +CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...) +CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...) +CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...) +CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...) +CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...) +CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...) +CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...) +CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...) +CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...) +CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...) +CVE-2000-1209 (The "sa" account is installed with a default null password on (1) ...) +CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...) +CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...) +CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...) +CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...) +CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...) +CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...) +CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...) +CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...) +CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which ...) +CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...) +CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...) +CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...) +CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...) +CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...) +CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...) +CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...) +CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...) +CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...) +CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...) +CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...) +CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...) +CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...) +CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...) +CVE-2000-1161 (The installation of AdCycle banner management system leaves the ...) +CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...) +CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...) +CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...) +CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...) +CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...) +CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) +CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) +CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...) +CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...) +CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...) +CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) +CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) +CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) +CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) +CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...) +CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...) +CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) +CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...) +CVE-2000-1127 (registrar in the HP resource monitor service allows local users to ...) +CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...) +CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...) +CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...) +CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...) +CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...) +CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...) +CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...) +CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) +CVE-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) +CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) +CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) +CVE-2000-1100 (The default configuration for PostACI webmail system installs the ...) +CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...) +CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...) +CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...) +CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...) +CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...) +CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...) +CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...) +CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...) +CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...) +CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...) +CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...) +CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...) +CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...) +CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...) +CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...) +CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...) +CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...) +CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...) +CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...) +CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...) +CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...) +CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...) +CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...) +CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...) +CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...) +CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...) +CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...) +CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...) +CVE-2000-1030 (CS&T CorporateTime for the Web returns different error messages for ...) +CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...) +CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...) +CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...) +CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access ...) +CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...) +CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...) +CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...) +CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...) +CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...) +CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...) +CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...) +CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...) +CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...) +CVE-2000-0998 (Format string vulnerability in top program allows local attackers to ...) +CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...) +CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...) +CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...) +CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...) +CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...) +CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...) +CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...) +CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...) +CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...) +CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...) +CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...) +CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...) +CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...) +CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...) +CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...) +CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...) +CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...) +CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...) +CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...) +CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...) +CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...) +CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...) +CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...) +CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...) +CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...) +CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...) +CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...) +CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...) +CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...) +CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...) +CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...) +CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...) +CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...) +CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...) +CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...) +CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...) +CVE-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...) +CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) +CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) +CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...) +CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...) +CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...) +CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...) +CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...) +CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...) +CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...) +CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...) +CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...) +CVE-2000-0812 (The administration module in Sun Java web server allows remote ...) +CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...) +CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...) +CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...) +CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...) +CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...) +CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...) +CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...) +CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...) +CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...) +CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...) +CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...) +CVE-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals ...) +CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...) +CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...) +CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...) +CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...) +CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...) +CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...) +CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...) +CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...) +CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) +CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) +CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) +CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) +CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...) +CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...) +CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...) +CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...) +CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...) +CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...) +CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...) +CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...) +CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...) +CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) +CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) +CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...) +CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...) +CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...) +CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...) +CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...) +CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...) + - kdebase 4:2.2.2-14.6 diff --git a/data/CVE/2001.list b/data/CVE/2001.list new file mode 100644 index 0000000000..fef216b38f --- /dev/null +++ b/data/CVE/2001.list @@ -0,0 +1,1125 @@ +CVE-2001-XXXX [crypt++ passes passwords through the command line] + - crypt++el <unfixed> (bug #105562; low) +CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local] + - gnupg 1.0.7-1 (bug #107374) +CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...) + NOT-FOR-US: ScriptEase +CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...) + NOT-FOR-US: UnixWare/OpenUnix +CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...) + NOT-FOR-US: SCO +CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...) + NOT-FOR-US: CDE +CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...) + NOTE: insufficient info to check, but not same code base +CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...) + NOT-FOR-US: Apple +CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...) + NOT-FOR-US: Trend Micro InterScan VirusWall +CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...) + NOT-FOR-US: Trend Micro InterScan VirusWall +CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...) + NOTE: presumably fixed in linux 2.4.12 +CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...) + NOT-FOR-US: Microsoft +CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...) + NOT-FOR-US: Microsoft +CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...) + NOT-FOR-US: Openwave WAP gateway +CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...) + NOT-FOR-US: CMG WAP gateway +CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) + NOT-FOR-US: Lotus Domino +CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...) + - vanessa-logger 0.0.2 +CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...) + NOT-FOR-US: MacOS +CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...) + NOT-FOR-US: HP-UX +CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...) + NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS +CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...) + - nvi 1.79-16a.1 + NOTE: was DSA 085 +CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...) + NOTE: DSA 082 + - xvt 2.1-13 +CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...) + NOT-FOR-US: Microsoft +CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...) + NOT-FOR-US: OpenBSD +CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...) + - snort 1.8.3 +CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...) + NOT-FOR-US: AIX +CVE-2001-1556 (The log files in Apache web server contain information directly ...) + NOTE: documented issue in apache, unlikely to be changed + NOTE: see http://httpd.apache.org/docs/logs.html +CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...) + NOT-FOR-US: Solaris +CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...) + NOT-FOR-US: AIX +CVE-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...) + - setiathome <not-affected> (not suid in debian) +CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...) + NOT-FOR-US: Microsoft +CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...) + NOTE: no info in CVE db about fix + TODO: check with current kernel on a system with quotas +CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...) + NOT-FOR-US: Centra +CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...) + NOT-FOR-US: Tiny Personal Firewall +CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...) + NOT-FOR-US: Tiny Personal Firewall +CVE-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ...) + NOT-FOR-US: Outlook +CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...) + NOT-FOR-US: Pathways Homecare +CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...) + NOT-FOR-US: Macromedia JRun +CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...) + NOT-FOR-US: Macromedia JRun +CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...) + NOT-FOR-US: Axis network camera +CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...) + NOT-FOR-US: NAI WebShield SMTP +CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...) + NOT-FOR-US: BSDI UUCP +CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...) + NOT-FOR-US: IPRoute router software + NOTE: This is not for iproute/iproute2. + NOTE: From Chris Gragsone's message on BUGTRAQ: + NOTE: "IPRoute, by David F. Mischler, is PC-based router software + NOTE: "for networks running the Internet Protocol (IP)." +CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...) + NOT-FOR-US: MSIE +CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...) + NOT-FOR-US: SpeedXess HA-120 DSL router +CVE-2001-1537 (The default "basic" security setting' in config.php for TWIG webmail ...) + NOTE: current twig package seems to have secure cookies enabled + NOTE: still uses "basic" security setting. +CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...) + NOT-FOR-US: Autogalaxy +CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...) + - slash <unfixed> (bug #328927; low) +CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...) + - apache (bug #328919; unimportant) + - apache2 <unfixed> (unimportant) + NOTE: Cookies are only used for invading user privacy, + NOTE: not for authentication, so apache and apache2 should be fine. +CVE-2001-1533 (** DISPUTED * ...) + NOT-FOR-US: Microsoft +CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...) + NOT-FOR-US: WebX +CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...) + NOT-FOR-US: Claris Emailer +CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...) + NOTE: verified current webmin is ok +CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...) + NOT-FOR-US: AIX +CVE-2001-1528 (AmTote International homebet program returns different error messages ...) + NOT-FOR-US: AmTote International homebet +CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...) + NOT-FOR-US: easynews +CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...) + NOT-FOR-US: easynews +CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...) + NOT-FOR-US: easynews +CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...) + NOT-FOR-US: PHP-Nuke +CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...) + NOT-FOR-US: PHP-Nuke +CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...) + NOT-FOR-US: PHP-Nuke +CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...) + NOT-FOR-US: PHP-Nuke +CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...) + NOT-FOR-US: Xircom REX +CVE-2001-1519 (** DISPUTED ** ...) + NOT-FOR-US: RunAs +CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...) + NOT-FOR-US: RunAs +CVE-2001-1517 (** DISPUTED ** ...) + NOT-FOR-US: RunAs +CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...) + NOT-FOR-US: phpReview +CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...) + NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows +CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...) + NOT-FOR-US: ColdFusion +CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...) + NOT-FOR-US: JRun +CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...) + NOT-FOR-US: JRun +CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...) + NOT-FOR-US: JRun +CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...) + NOT-FOR-US: JRun +CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...) + NOT-FOR-US: HP-UX +CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...) + - lprng <not-affected> (Not suid in Debian) + - cupsys <not-affected> (Not suid in Debian) +CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...) + - openssh 1:3.0.1 +CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) + NOT-FOR-US: HP Secure OS layer +CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) + - tinc 1.0pre5-1 +CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Lotus Notes +CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) + NOT-FOR-US: Sun +CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) + NOT-FOR-US: WebCart +CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) + NOTE: Fix went into proftpd CVS on 2002-12-12 + - proftpd 1.2.8-1 +CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) + - proftpd 1.2.4-1 +CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) + NOT-FOR-US: Check Point +CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) + NOT-FOR-US: mod_bf +CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) + NOT-FOR-US: Microsoft +CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) + - thttpd 2.21 +CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) + NOT-FOR-US: Network Query Tool +CVE-2001-1494 (script command in the util-linux package before 2.11n allows local ...) + - util-linux 2.11n-1 +CVE-2001-1492 + REJECTED +CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) + NOT-FOR-US: Opera +CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...) + NOTE: mozilla is quite easily DOSable with all sorts of large html + NOTE: files, probably not worth following up on. +CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) + NOT-FOR-US: Microsoft +CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...) + NOT-FOR-US: Open Projects ircd +CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...) + NOTE: verified not present in 4.0.5-4sarge1 +CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...) + NOT-FOR-US: Alcatel hardware issue +CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) + - libpam-opie <unfixed> (bug #112279; low) +CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) + NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now +CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) + NOT-FOR-US: Xitami +CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) + NOT-FOR-US: Sun Java +CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...) + NOT-FOR-US: Sun +CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) + NOT-FOR-US: UnixWare +CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...) + NOT-FOR-US: BEA Tuxedo +CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" ...) + NOT-FOR-US: Commercial SSH +CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...) + NOT-FOR-US: Commercial SSH +CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...) + NOT-FOR-US: Commercial SSH +CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...) + NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol +CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...) + - phpbb2 2.0.6c-1 +CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...) + - phpbb2 2.0.6c-1 +CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...) + NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol +CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...) + NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol +CVE-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...) + NOT-FOR-US: phpSecurePages +CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...) + NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn't seem + NOTE: to seed at all; my tests indicate it generates no dups in + NOTE: some 100000 passwords. +CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...) + NOT-FOR-US: VanDyke SecureCRT +CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...) + NOT-FOR-US: SurfControl SuperScout +CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...) + NOT-FOR-US: Crystal Reports +CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...) + NOT-FOR-US: RhinoSoft Serv-U +CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...) + NOT-FOR-US: RSA Security SecurID +CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...) + NOT-FOR-US: RSA Security SecurID +CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...) + NOT-FOR-US: PostNuke +CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...) + - openssh 1:3.0.1p1-1 +CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...) + NOT-FOR-US: Novell Groupwise +CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...) + NOT-FOR-US: CrazyWWWBoard +CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...) + NOT-FOR-US: Gauntlet Firewall +CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...) + NOT-FOR-US: Netegrity SiteMinder +CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...) + - mysql-dfsg 3.23.33-1 +CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...) + - mysql-dfsg 3.23.33-1 +CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...) + NOT-FOR-US: Windows +CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...) + NOT-FOR-US: Windows +CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...) + NOT-FOR-US: Windows +CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...) + NOT-FOR-US: Mandrake specific packaging flaw +CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...) + NOT-FOR-US: Magic eDeveloper +CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...) + NOT-FOR-US: Windows +CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...) + NOT-FOR-US: MacOS X +CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...) + NOT-FOR-US: Lotus Domino +CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...) + NOTE: Generic protocol flaw +CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...) + NOTE: Generic protocol flaw +CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...) + - inn2 2.3.3+20020922-1 + - innfeed 0.10.1.7-7 +CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...) + NOT-FOR-US: VisualAge for Java +CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...) + NOT-FOR-US: AIX +CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...) + NOT-FOR-US: HP-UX +CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...) + NOT-FOR-US: Handspring Visor +CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...) + NOT-FOR-US: easyScripts easyNews +CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...) + NOT-FOR-US: Dallas Semiconductor iButton DS1991 +CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...) + NOT-FOR-US: Tru64 UNIX +CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...) + NOT-FOR-US: IOS +CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...) + NOT-FOR-US: Cherokee +CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...) + NOT-FOR-US: Cherokee +CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) + NOT-FOR-US: Nokia Firewall appliances +CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) + NOT-FOR-US: Cayman DSL router +CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) + NOTE: I could track this down to this posting + NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html + NOTE: This looks very obscure an does not contain useful information on how this + NOTE: was triggered and even then it's not a problem, as mcedit usage does not + NOTE: have a remote impact and is not suid +CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) + NOT-FOR-US: IPC@CHIP Embedded web server +CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) + NOT-FOR-US: ColdFusion +CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) + NOT-FOR-US: Alcatel Speed Touch +CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...) + NOT-FOR-US: Alcatel Speed Touch +CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) + NOT-FOR-US: Alcatel Speed Touch +CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...) + NOT-FOR-US: Advanced Poll +CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...) + NOT-FOR-US: WinVNC +CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...) + NOT-FOR-US: no_package + NOTE: Debian's nvi recover script is very different +CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...) + NOT-FOR-US: Solaris +CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...) +CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...) +CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) +CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...) +CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) +CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + NOTE: discussion at: + NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html + NOTE: listed sarge version contains a fix like the patch from Gentoo + - ncompress 4.2.4-15 +CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...) +CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...) +CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...) +CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...) +CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...) +CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...) +CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...) +CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...) +CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...) +CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...) +CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...) +CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...) +CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...) +CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...) +CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...) +CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...) +CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...) +CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...) +CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...) +CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...) +CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...) +CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...) +CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with ...) +CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...) +CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...) +CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the ...) +CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...) +CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...) +CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...) +CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...) +CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...) +CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...) +CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...) +CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...) +CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...) +CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...) +CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...) +CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...) +CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...) +CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...) +CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...) +CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...) +CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...) +CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...) +CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...) +CVE-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...) +CVE-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...) +CVE-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...) +CVE-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...) +CVE-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) +CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...) +CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...) +CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...) +CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...) +CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...) +CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) +CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) +CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...) +CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...) +CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...) +CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...) +CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...) +CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...) +CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...) +CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...) +CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...) +CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...) +CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...) +CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...) +CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...) +CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...) +CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...) +CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...) +CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...) +CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...) +CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...) +CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...) +CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...) +CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...) +CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...) +CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...) +CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...) +CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...) +CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...) +CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...) +CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...) +CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...) +CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...) +CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...) +CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...) +CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...) +CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...) +CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...) +CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...) +CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...) +CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...) +CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...) +CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...) +CVE-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, ...) +CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...) +CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...) +CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...) +CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...) +CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...) +CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...) +CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...) +CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...) +CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...) +CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...) +CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...) +CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...) +CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...) +CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...) +CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...) +CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...) +CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...) +CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...) +CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) +CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) +CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...) +CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...) +CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...) +CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...) +CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...) +CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...) +CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...) +CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...) +CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...) +CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...) +CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...) +CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...) +CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...) +CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...) +CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...) +CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...) +CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...) +CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...) +CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...) +CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...) +CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...) +CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...) +CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...) +CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...) +CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...) +CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...) +CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...) +CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...) +CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...) +CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...) +CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...) +CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...) +CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...) +CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...) +CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...) +CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...) +CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...) +CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...) +CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...) +CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...) +CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...) +CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...) +CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...) +CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...) +CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...) +CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...) +CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...) +CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...) +CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...) +CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...) +CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...) +CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...) +CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...) +CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...) +CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in ...) +CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...) +CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...) +CVE-2001-1167 + REJECTED +CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...) +CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...) +CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...) +CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...) +CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...) +CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...) +CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...) +CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...) +CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...) +CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...) +CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...) +CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...) +CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...) +CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...) +CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...) +CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...) +CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...) +CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...) +CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...) +CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...) +CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...) +CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...) +CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...) +CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...) +CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...) +CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...) +CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...) +CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...) +CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...) +CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...) +CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...) +CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...) +CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...) +CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...) +CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...) +CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...) +CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...) +CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...) +CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...) +CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...) +CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...) +CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...) +CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...) +CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...) +CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...) +CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...) +CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...) +CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...) +CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...) +CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...) +CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...) +CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...) +CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...) +CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...) +CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...) +CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...) +CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...) +CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...) +CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...) +CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...) +CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...) +CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) +CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) +CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...) +CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...) +CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...) +CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...) +CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...) +CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...) +CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...) +CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...) +CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...) +CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...) +CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...) + {DSA-148} +CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...) +CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...) +CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...) +CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...) +CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...) +CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...) +CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...) +CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...) +CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...) +CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...) +CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...) +CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...) +CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...) +CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...) +CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...) +CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...) +CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...) +CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...) +CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...) +CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...) +CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...) +CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...) +CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...) +CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...) +CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...) +CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...) +CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...) +CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...) +CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...) +CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...) +CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...) +CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...) +CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...) +CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...) +CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...) +CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...) +CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...) +CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...) +CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...) +CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...) +CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...) +CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...) +CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...) +CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...) +CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...) +CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...) +CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...) +CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...) +CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...) +CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...) +CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...) +CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...) +CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...) +CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...) +CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another ...) +CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...) +CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...) +CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...) +CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...) +CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...) +CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...) +CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...) +CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...) +CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...) +CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...) +CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...) +CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...) + {DSA-301} +CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...) +CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...) +CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...) +CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...) +CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...) +CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...) +CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...) +CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...) +CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...) +CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...) +CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...) +CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...) +CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...) +CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...) +CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...) +CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...) +CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) +CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...) +CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...) +CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...) +CVE-2001-0885 + RESERVED +CVE-2001-0883 + RESERVED +CVE-2001-0882 + RESERVED +CVE-2001-0881 + RESERVED +CVE-2001-0880 + RESERVED +CVE-2001-0878 + RESERVED +CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...) +CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...) +CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...) +CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...) +CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...) +CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...) +CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...) +CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...) +CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...) +CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...) +CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...) +CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...) +CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...) +CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...) +CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...) +CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...) +CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak ...) +CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...) +CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...) +CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...) +CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...) +CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...) +CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...) +CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...) +CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...) +CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...) +CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...) +CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...) +CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...) +CVE-2001-0814 + RESERVED +CVE-2001-0813 + RESERVED +CVE-2001-0812 + RESERVED +CVE-2001-0811 + RESERVED +CVE-2001-0810 + RESERVED +CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...) +CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) +CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) +CVE-2001-0802 + RESERVED +CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) +CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...) +CVE-2001-0798 + RESERVED +CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...) +CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...) +CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...) +CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...) +CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...) +CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) +CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) +CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...) +CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...) +CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) +CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) +CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) +CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...) +CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...) +CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...) +CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...) + {DSA-695-1} + - xli 1.17.0-17 +CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...) +CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...) +CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...) +CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...) +CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...) +CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...) +CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...) +CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...) +CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...) +CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...) +CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...) +CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...) +CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...) +CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...) +CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...) +CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...) +CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...) +CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...) +CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...) +CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...) + - cfingerd 1.4.3-1.1 (bug #104394) + NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates + NOTE: its changes. +CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...) +CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...) +CVE-2001-0725 + RESERVED +CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...) +CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) +CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) +CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...) +CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) +CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) +CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) +CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) +CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...) +CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...) +CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) +CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) +CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...) +CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...) +CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...) +CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...) +CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...) +CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...) +CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...) +CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...) +CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...) +CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...) +CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...) +CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...) +CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...) +CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...) +CVE-2001-0673 + RESERVED +CVE-2001-0672 + RESERVED +CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...) +CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...) +CVE-2001-0661 + RESERVED +CVE-2001-0657 + RESERVED +CVE-2001-0656 + RESERVED +CVE-2001-0655 + RESERVED +CVE-2001-0654 + RESERVED +CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...) +CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...) +CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...) +CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...) +CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...) +CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...) +CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...) +CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...) +CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...) +CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...) +CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...) +CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...) +CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...) +CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...) +CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...) +CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...) +CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...) +CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...) +CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...) +CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...) +CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...) +CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...) +CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...) +CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...) +CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...) +CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...) +CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...) +CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...) +CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...) +CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...) +CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...) +CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...) +CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...) +CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...) +CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a ...) +CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...) +CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...) +CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...) +CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...) +CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...) +CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...) +CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...) +CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...) +CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...) +CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...) +CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...) +CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...) +CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...) +CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...) +CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...) +CVE-2001-0539 + RESERVED +CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...) +CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...) +CVE-2001-0532 + RESERVED +CVE-2001-0531 + RESERVED +CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...) +CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...) +CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) +CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) +CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...) +CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...) +CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...) +CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...) +CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...) +CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...) +CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...) +CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...) +CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...) +CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...) +CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...) +CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...) +CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...) +CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...) +CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...) +CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...) +CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...) +CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...) +CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...) +CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...) +CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...) +CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...) +CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...) +CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...) +CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...) +CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...) +CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...) +CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...) +CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...) +CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...) +CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...) +CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...) +CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) +CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) +CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...) +CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...) +CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...) +CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...) +CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...) +CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...) +CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...) +CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...) +CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...) +CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...) +CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...) +CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...) +CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...) +CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...) +CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...) +CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...) +CVE-2001-0418 (content.pl script in NCM Content Management System allows remote ...) +CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...) +CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...) +CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...) +CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...) +CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...) +CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...) +CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...) +CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...) +CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...) +CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...) +CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...) +CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...) +CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...) +CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...) +CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...) +CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...) +CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...) +CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...) +CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...) +CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...) +CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...) +CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...) +CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...) +CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...) +CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...) +CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...) +CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...) +CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...) +CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...) +CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...) +CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...) +CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...) +CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...) +CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...) +CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...) +CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...) +CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...) +CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...) +CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...) +CVE-2001-0343 + RESERVED +CVE-2001-0342 + RESERVED +CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...) +CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) +CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...) +CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...) +CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...) +CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...) +CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...) +CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...) +CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...) +CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...) +CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...) +CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...) +CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...) +CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...) +CVE-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...) +CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...) +CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...) +CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...) +CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...) +CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...) +CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...) +CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...) +CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...) +CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...) +CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...) +CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...) +CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...) +CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...) +CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...) +CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...) +CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...) +CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...) +CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...) +CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...) +CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...) +CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...) +CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...) +CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...) +CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...) +CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...) +CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...) +CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...) +CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...) +CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...) +CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...) +CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...) +CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...) +CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...) +CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...) +CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...) +CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...) +CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...) +CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...) +CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...) +CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) +CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...) +CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...) +CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...) +CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...) +CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...) +CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...) +CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...) +CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...) +CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...) +CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...) +CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...) +CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...) +CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...) +CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...) +CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...) +CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...) +CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...) +CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...) +CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...) +CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...) +CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...) +CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...) +CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...) +CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...) +CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...) +CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...) +CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...) +CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...) +CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...) +CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...) +CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...) +CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...) +CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...) +CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...) +CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...) +CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...) +CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...) +CVE-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) server ...) +CVE-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...) +CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...) +CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...) +CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...) +CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...) +CVE-2001-0159 + RESERVED +CVE-2001-0158 + RESERVED +CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...) +CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...) +CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...) +CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...) +CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...) +CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...) +CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...) + {DSA-195 DSA-188 DSA-187} diff --git a/data/CVE/2002.list b/data/CVE/2002.list new file mode 100644 index 0000000000..6c8e1ad6e5 --- /dev/null +++ b/data/CVE/2002.list @@ -0,0 +1,4024 @@ +CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] + - libnss-ldap 199-1 (bug #169793) +CVE-2002-XXXX [sanitizer bypassal through quoted file names] + - sanitizer <unfixed> (bug #149799; medium) + TODO: We should followup, this is probably fixed since the last three years +CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...) + - gallery 1.3.3 +CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...) + NOT-FOR-US: Pointsec +CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...) + NOT-FOR-US: SurfControl +CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...) + NOT-FOR-US: QNX +CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) + NOT-FOR-US: Novell eDirectory +CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...) + NOT-FOR-US: Blue World Lasso Web Data Engine +CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...) + NOT-FOR-US: Microsoft +CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...) + NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers +CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...) + NOT-FOR-US: Hyper NIKKI System (HNS) Lite +CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...) + - netjuke 1.0b7 +CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...) + NOT-FOR-US: HTMLsearch +CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...) + NOT-FOR-US: RCA Digital Cable Modem +CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Fwmon +CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...) + NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E +CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...) + NOTE: debian's nms-formmail is a reimplementation of old formmail +CVE-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony ...) + NOT-FOR-US: Sony VAIO +CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...) + NOT-FOR-US: OpenKeyServer +CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...) + NOT-FOR-US: WikkiTikkiTavi +CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...) + NOT-FOR-US: Microsoft +CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...) + NOT-FOR-US: Ganglia PHP RRD Web Client + NOTE: not ganglia-monitor +CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...) + - apache 1.3.24 (low) +CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...) + - libjzlib-java 0.0.7 (low) +CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Microsoft +CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...) + NOT-FOR-US: Microsoft +CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...) + - ddd <not-affected> (ddd is not setuid/gid so not exploitable) +CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...) + NOT-FOR-US: Axspawn-pam +CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...) + - maradns 0.9.01 (low) +CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...) + NOT-FOR-US: Netware +CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...) + NOT-FOR-US: Joe Testa hellbent 01 webserver +CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...) + NOT-FOR-US: Joe Testa hellbent 01 webserver +CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...) + NOT-FOR-US: SGI IRIX +CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...) + NOT-FOR-US: OpenBSD/NetBSD/FreeBSD +CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...) + NOT-FOR-US: decfingerd +CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) + NOT-FOR-US: aucho Technology Resin server +CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...) + NOT-FOR-US: Solaris +CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) + NOT-FOR-US: clump/os +CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) + TODO: check firebird as it's based on InterBase 6.0 +CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...) + NOT-FOR-US: magicHTML +CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...) + NOT-FOR-US: WWWeBBB forum +CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...) + NOT-FOR-US: Portix +CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...) + NOT-FOR-US: Novell Netware +CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...) + NOT-FOR-US: FTGate +CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...) + NOT-FOR-US: Microsoft +CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...) + NOT-FOR-US: FTGate +CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...) + - kernel-patch-openmosix <unfixed> (bug #319621; low) + NOTE: filed bug with ftp.debian.org for removal (#319817) +CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...) + NOT-FOR-US: FTGate +CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...) + NOT-FOR-US: Microsoft +CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...) + NOT-FOR-US: Lil' HTTP server +CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...) + NOT-FOR-US: ICQ +CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...) + NOT-FOR-US: Mailidx +CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...) + NOT-FOR-US: Microsoft +CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...) + NOT-FOR-US: Sun Java +CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...) + NOT-FOR-US: Tru64 +CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...) + NOT-FOR-US: SecureClean +CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...) + NOT-FOR-US: Proprietary PGP +CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...) + NOT-FOR-US: Eraser +CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...) + NOT-FOR-US: Eraser +CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...) + NOT-FOR-US: BCWipe +CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...) + NOT-FOR-US: WebCalender +CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...) + NOT-FOR-US: PhpWebGallery +CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...) + NOT-FOR-US: AtGuard +CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...) + NOT-FOR-US: Microsoft +CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...) + NOTE: fixed in upstream 1.0.1 + NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html + - mozilla 2:1.1-1 (low) +CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...) + - links2 2.1pre16-2 (low) +CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) + NOT-FOR-US: Intel motherboards +CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...) + NOT-FOR-US: TeeKai +CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...) + NOT-FOR-US: TeeKai +CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...) + NOT-FOR-US: TeeKai +CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...) + NOT-FOR-US: TeeKai +CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...) + NOT-FOR-US: TeeKai +CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...) + NOT-FOR-US: Cisco +CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) + NOT-FOR-US: Cisco +CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) + - modlogan 0.7.12-1 (low) +CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) + - modlogan 0.7.12-1 (low) +CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...) + TODO: check +CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...) + NOT-FOR-US: PFinger +CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...) + - sketch 0.6.13-1 (low) +CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) + NOT-FOR-US: X-News +CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...) + NOT-FOR-US: x-stat +CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...) + NOT-FOR-US: x-stat +CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...) + TODO: check +CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...) + NOT-FOR-US: QNX +CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...) + NOT-FOR-US: QNX +CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...) + NOT-FOR-US: QNX +CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...) + NOT-FOR-US: QNX +CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...) + NOT-FOR-US: NGPT + NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html + NOTE: NPTL does not have this problem. +CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...) + NOT-FOR-US: Cisco +CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...) + NOT-FOR-US: Sun +CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...) + NOT-FOR-US: RealityScape +CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...) + NOT-FOR-US: Email Sanitizer +CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...) + NOT-FOR-US: FAQManager +CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...) + NOT-FOR-US: PHPNuke +CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...) + NOT-FOR-US: Microsoft +CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...) + NOT-FOR-US: Microsoft +CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...) + NOT-FOR-US: PHP, Mircrosoft +CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...) + NOT-FOR-US: Microsoft +CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...) + NOT-FOR-US: DOOW +CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...) + NOT-FOR-US: BrowseFTP +CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) + NOT-FOR-US: Lotus Domino +CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...) + - imp 3:2.2.6-5 (high) +CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) + NOT-FOR-US: We use the OTHER beep program :P +CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...) + NOTE: only affects old-stable +CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...) + NOT-FOR-US: wbboard +CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...) + NOT-FOR-US: Netgear hardware +CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...) + NOT-FOR-US: osCommerce +CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...) + NOT-FOR-US: SAS/Base +CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...) + NOT-FOR-US: SAS/Base +CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...) + TODO: check +CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...) + NOT-FOR-US: PostNuke +CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) + NOT-FOR-US: Lotus Domino +CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...) + TODO: Check this, Mozilla is in the archive +CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...) + NOT-FOR-US: Apache +CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...) + NOT-FOR-US: faqomatic +CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...) + TODO: Check this, htdig is in the archive +CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...) + NOT-FOR-US: Tomcat +CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) + NOT-FOR-US: Tomcat +CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...) + NOT-FOR-US: Tomcat +CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...) + NOT-FOR-US: Tomcat +CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...) + NOT-FOR-US: Sun +CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...) + NOT-FOR-US: Compaq +CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...) + NOT-FOR-US: Compaq +CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...) + NOT-FOR-US: Compaq +CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...) + NOT-FOR-US: jmcce +CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...) + NOT-FOR-US: OpenVMS +CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...) + NOT-FOR-US: VVOS +CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...) + NOT-FOR-US: UnixWare +CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...) + NOT-FOR-US: ZoneAlarm +CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...) + NOT-FOR-US: Postnuke +CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...) + NOT-FOR-US: Postnuke +CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...) + NOT-FOR-US: Windows +CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...) + NOT-FOR-US: WebBBS +CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...) + NOT-FOR-US: Windows +CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...) + NOT-FOR-US: osCommerce +CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...) + NOT-FOR-US: Resin +CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Resin +CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Resin +CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...) + NOT-FOR-US: Resin +CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) + NOT-FOR-US: Perception LiteServe +CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) + NOT-FOR-US: iSMTP +CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) + NOT-FOR-US: Microsoft +CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) + NOT-FOR-US: QNX +CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) + NOTE: verified current version is not vulnerable to exploit +CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) + NOT-FOR-US: Microsoft +CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) + NOT-FOR-US: Solaris +CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) + NOT-FOR-US: Watchguard SOHO +CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...) + NOT-FOR-US: IPFilter +CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) + NOT-FOR-US: Proprietary PGP +CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...) + - net-tools <unfixed> (unimportant) + NOTE: This seems to be a misunderstanding of what the PROMISC flag + NOTE: is about. ifconfig reports properly when it is set using + NOTE: "ifconfig promisc". +CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) + NOT-FOR-US: Zaurus hardware +CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) + NOT-FOR-US: Zaurus hardware +CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) + NOT-FOR-US: Microsoft +CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) + NOT-FOR-US: pp_powerSwitch +CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) + NOT-FOR-US: Sourcecraft Networking Utils +CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) + NOT-FOR-US: SnortCenter +CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) + NOT-FOR-US: Magic Notebook +CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) + NOT-FOR-US: Com21 hardware +CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) + NOT-FOR-US: XiRCON +CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) + NOT-FOR-US: My Postcards Platinum +CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) + NOT-FOR-US: Imatix Xitami +CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) + NOT-FOR-US: phpEventCalender +CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) + NOTE: No kernels in Sarge or sid affected +CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) + NOT-FOR-US: SurfinGate +CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) + NOT-FOR-US: SurfinGate +CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) + NOT-FOR-US: Cybozu Share +CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...) + NOTE: Nagios was packaged for Debian after these vulnerable versions have been released +CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...) + NOT-FOR-US: kmMail +CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...) + - pen <not-affected> (pen was introduced after this old vulnerability) +CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) + - rox 1.3.0-1 +CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) + NOT-FOR-US: Iomega hardware issue +CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) + NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a + NOTE: php function that displays the PHP logo and version information. In the bug + NOTE: log the developers seem unwilling to fix this, as it only affects a debug + NOTE: function. + TODO: check, whether the mentioned XSS still affects current PHP versions in Debian +CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) + NOT-FOR-US: AIM +CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) + NOT-FOR-US: phpRank +CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) + NOT-FOR-US: GoAhead WebServer +CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) + NOT-FOR-US: phpRank +CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) + NOT-FOR-US: Iomega NAS +CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) + - gringotts <not-affected> (fixed before Gringotts was in Debian) +CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) + - webmin 1.000-2 +CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) + NOT-FOR-US: VNSL +CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) + NOT-FOR-US: SmailMail +CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) + NOT-FOR-US: Motorola Surfboard +CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) + NOT-FOR-US: SafeTP +CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) + NOT-FOR-US: Imatix +CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) + NOT-FOR-US: RadioBird +CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) + NOT-FOR-US: LCC-Win32 +CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) + NOT-FOR-US: FlashFXP +CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Virgil CGI Scanner +CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) + NOT-FOR-US: Symantex Appliance +CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) + NOT-FOR-US: UTStarcom +CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) + NOT-FOR-US: Pingtel Xpressa +CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) + NOT-FOR-US: Pingtel Xpressa +CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) + NOT-FOR-US: Microsoft +CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) + NOT-FOR-US: Microsoft +CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) + NOT-FOR-US: PHP Arena +CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) + NOT-FOR-US: AN HTTPd +CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) + NOT-FOR-US: PHP Arena +CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) + NOT-FOR-US: 602Pro LAN SUITE +CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) + NOT-FOR-US: Aquonics File Manager +CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) + NOT-FOR-US: Aquonics File Manager +CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) + NOT-FOR-US: Tiny Personal Firewall +CVE-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) + NOT-FOR-US: Powerchute +CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) + - mysql <not-affected> (Windows specific) +CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) + NOT-FOR-US: vBulletin +CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) + - mysql <not-affected> (Windows specific) +CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) + NOT-FOR-US: FtpXQ +CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) + NOT-FOR-US: VS-ASP +CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) + NOT-FOR-US: Microsoft ADO +CVE-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) + NOT-FOR-US: Geeklog +CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) + NOT-FOR-US: Pirch +CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) + NOT-FOR-US: tip +CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) + - dump 0.4b31-1 +CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) + NOT-FOR-US: myPHPNuke +CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) + NOT-FOR-US: SkyStream +CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) + NOT-FOR-US: ZoneAlarm +CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) + NOT-FOR-US: Ingenium Learning Management System +CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) + NOT-FOR-US: Ingenium Learning Management System +CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Microsoft IIS +CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) + NOT-FOR-US: TelCondex +CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) + NOT-FOR-US: ViaVideo +CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) + NOT-FOR-US: ViaVideo +CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) + NOT-FOR-US: ghttpd +CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) + - pine <unfixed> (low) + TODO: Check, whether this still applies to current version, <unfixed> for now + NOTE: non-free +CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) + NOT-FOR-US: CGIForum +CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) + NOT-FOR-US: BBGallery +CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) + NOT-FOR-US: Pinboard +CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) + NOT-FOR-US: IceWarp Web Mail +CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) + NOT-FOR-US: Mac OS X +CVE-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: MyWebserver +CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) + - alsaplayer 0.99.72-1 +CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) + - tomcat4 <not-affected> (Windows-specific Tomcat problems) +CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) + - phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295) +CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) + NOT-FOR-US: ArGoSoft Mail Server +CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) + NOT-FOR-US: Netgear hardware +CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...) + NOT-FOR-US: IRCIT +CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...) + NOT-FOR-US: RedHat specific +CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) + NOT-FOR-US: Logsurfer +CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...) + NOT-FOR-US: CommonName Toolbar +CVE-2002-1887 (PHP remote code injection vulnerability in customize.php for ...) + NOT-FOR-US: phpMyNewsletter +CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...) + NOT-FOR-US: TightAuction +CVE-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for ...) + NOT-FOR-US: PPhlogger +CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...) + NOT-FOR-US: Py-Membres +CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) + - qt-x11-free 2:3.0.4-1 +CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...) + - flashplugin-nonfree 6.0.61.0-1 +CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...) + NOT-FOR-US: LokwaBB +CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...) + NOT-FOR-US: LokwaBB +CVE-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows remote ...) + NOT-FOR-US: w-Agora +CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...) + NOT-FOR-US: Netgear hardware +CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) + NOT-FOR-US: Microsoft +CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...) + NOT-FOR-US: Entercept Agent +CVE-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...) + NOT-FOR-US: Astrocam +CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...) + NOT-FOR-US: Microsoft +CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...) + NOT-FOR-US: Microsoft +CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...) + NOT-FOR-US: Solaris +CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...) + NOT-FOR-US: Simple Web Server +CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) + NOT-FOR-US: Heysoft EventSave +CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) + NOT-FOR-US: Dispair +CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...) + NOT-FOR-US: ImageFolio +CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...) + NOT-FOR-US: Simple Web Server +CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...) + NOT-FOR-US: Embedded HTTP server +CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...) + NOT-FOR-US: Simple Web Server +CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...) + NOT-FOR-US: Iomega NAS +CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: SmartMail Server +CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...) + NOT-FOR-US: Sybase ASE +CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...) + NOT-FOR-US: Pramati +CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) + NOT-FOR-US: Orion +CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...) + NOT-FOR-US: Oracle +CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) + NOT-FOR-US: jo! jo Webserver +CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...) + NOT-FOR-US: HP Application Server +CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...) + NOT-FOR-US: Macromedia JRun +CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...) + NOTE: not-for-us +CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) + NOTE: not-for-us +CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) + NOTE: not-for-us +CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...) + NOTE: not-for-us +CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...) + - apache2 2.0.42-1 +CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...) + NOTE: not-for-us +CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) + NOTE: not-for-us +CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) + NOTE: not-for-us +CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) + NOTE: not-for-us +CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...) + NOTE: not-for-us +CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...) + NOTE: not-for-us +CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...) + NOTE: not-for-us +CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) + NOTE: not-for-us +CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...) + NOTE: not-for-us +CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...) + NOTE: not-for-us +CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...) + NOTE: not-for-us +CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...) + NOTE: not-for-us +CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...) + NOTE: not-for-us +CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) + NOTE: not-for-us +CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) + NOTE: not-for-us +CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) + NOTE: not-for-us +CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) + NOTE: not-for-us +CVE-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in ...) + NOTE: not-for-us +CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...) + NOTE: not-for-us +CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...) + NOTE: not-for-us +CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...) + NOTE: not-for-us +CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...) + NOTE: not-for-us +CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) + - sendmail 8.12-4 +CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) + NOTE: kernel 2.4.18 +CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) + NOT-FOR-US: WASD +CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) + NOT-FOR-US: MSIE +CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...) + NOT-FOR-US: Zeroo +CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...) + NOT-FOR-US: IBM HTTP Server on AS/400 +CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...) + NOT-FOR-US: TinyHTTPD +CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...) + NOT-FOR-US: httpbench +CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...) + NOT-FOR-US: Veritas +CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...) + NOT-FOR-US: ATPhttpd +CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...) + NOT-FOR-US: Aquonics +CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...) + NOTE: efstool not suid on debian +CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...) + NOT-FOR-US: AIM +CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...) + NOT-FOR-US: gdam123 +CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...) + NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point +CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) + NOT-FOR-US: D-Link DWL-900AP+ Access Point +CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...) + NOT-FOR-US: MySQL windows binary +CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...) + NOT-FOR-US: Meunity +CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...) + NOT-FOR-US: phpWebSite +CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) + NOT-FOR-US: Drupal +CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) + - dacode <unfixed> (bug #322605; low) +CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...) + NOT-FOR-US: NPDS +CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) + NOT-FOR-US: PHP-Nuke +CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...) + - xoops <itp> (bug #207640) +CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...) + NOT-FOR-US: ImageFolio +CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...) + NOT-FOR-US: phpRank +CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) + NOT-FOR-US: phpRank +CVE-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...) + NOT-FOR-US: MidiCart +CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...) + NOT-FOR-US: ChaiVM +CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...) + NOT-FOR-US: ChaiVM +CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) + NOT-FOR-US: HP ldapux-pamauthz +CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) + NOT-FOR-US: HP Virtualvault OS +CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) + NOT-FOR-US: Fake Identd +CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...) + NOT-FOR-US: SGI IRIX +CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) + NOT-FOR-US: microsoft +CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...) + - newsx 1.4pl6.0-2 +CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...) + - nn 6.6.4-1 +CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) + NOT-FOR-US: SGI IRIX +CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) + NOT-FOR-US: SGI IRIX +CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) + NOT-FOR-US: Zeus Administration Server +CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...) + NOT-FOR-US: HP Tru64 +CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...) + - php4 4:4.3.10-15 +CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...) + - uw-imap <unfixed> (bug #315499; low) +CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) + NOT-FOR-US: DeleGate +CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) + NOT-FOR-US: BPM Studio Pro +CVE-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...) + NOT-FOR-US: Norton +CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...) + NOT-FOR-US: Norton +CVE-2002-1777 (** DISPUTED ** ...) + NOT-FOR-US: Symantec +CVE-2002-1776 (** DISPUTED ** ...) + NOT-FOR-US: Symantec +CVE-2002-1775 (** DISPUTED ** ...) + NOT-FOR-US: Symantec +CVE-2002-1774 (** DISPUTED ** ...) + NOT-FOR-US: Symantec +CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...) + NOT-FOR-US: ICQ for MacOS X +CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...) + NOT-FOR-US: Novell Netware +CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...) + NOT-FOR-US: FormMail +CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) + NOT-FOR-US: Eudora +CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) + NOT-FOR-US: Mirosoft +CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) + NOT-FOR-US: Cisco +CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) + NOT-FOR-US: Oracle +CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) + NOT-FOR-US: Netscape + NOTE: didn't check mozilla +CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) + - evolution 1.0.5 +CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...) + NOT-FOR-US: acrobat +CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...) + NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver +CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) + NOT-FOR-US: Microsoft +CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) + NOT-FOR-US: PHProjekt +CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) + NOT-FOR-US: PHProjekt +CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) + NOT-FOR-US: PHProjekt +CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) + NOT-FOR-US: PHProjekt +CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...) + NOT-FOR-US: PHProjekt +CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: ACDSee +CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) + - tinc 1.0pre5 +CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...) + NOT-FOR-US: Novell NetWare +CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) + NOT-FOR-US: csNews +CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...) + NOT-FOR-US: csChat-R-Box +CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...) + NOT-FOR-US: csLiveSupport +CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...) + NOT-FOR-US: csGuestbook +CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...) + NOT-FOR-US: Windows 2000 Terminal Services +CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) + - slash 2.2.3 +CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...) + - vtun 2.5b2 +CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...) + - vtun 2.5b2 +CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...) + NOT-FOR-US: Microsoft +CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) + NOT-FOR-US: Microsoft +CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) + NOT-FOR-US: AOL ICQ +CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) + - libsoap-lite-perl 0.55 +CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...) + NOT-FOR-US: WorldClient +CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...) + NOT-FOR-US: WorldClient +CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...) + NOT-FOR-US: Alt-N Technologies Mdaemon +CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...) + NOT-FOR-US: Alt-N Technologies Mdaemon +CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...) + NOT-FOR-US: Astaro Security Linux +CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) + NOT-FOR-US: CGINews +CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...) + NOT-FOR-US: dlogin +CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...) + NOT-FOR-US: NewsPro +CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...) + NOT-FOR-US: Prospero MessageBoards +CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) + NOT-FOR-US: Actinic Catalog +CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) + NOT-FOR-US: IBM AS/400 +CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) + NOTE: not-fot-us (ASPjar Guestbook) +CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) + NOT-FOR-US: ASPjar Guestbook +CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) + NOT-FOR-US: askSam Web Publisher +CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...) + NOT-FOR-US: askSam Web Publisher +CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...) + NOT-FOR-US: PhotoDB +CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) + NOT-FOR-US: PHPImageView +CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...) + NOT-FOR-US: PHPImageView +CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) + NOT-FOR-US: Powerboards +CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) + NOT-FOR-US: microsoft +CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...) + NOT-FOR-US: alterMIME + TODO: track RFP: #289546 +CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...) + NOT-FOR-US: Spooky Login +CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...) + NOT-FOR-US: Bavo +CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...) + NOT-FOR-US: microsoft +CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...) + NOT-FOR-US: microsoft +CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...) + NOT-FOR-US: microsoft +CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...) + NOTE: "SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1." +CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) + NOT-FOR-US: microsoft +CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) + NOT-FOR-US: msec +CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) + NOT-FOR-US: microsoft +CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) + NOT-FOR-US: BasiliX +CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) + NOT-FOR-US: BasiliX +CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) + NOT-FOR-US: BasiliX +CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) + NOT-FOR-US: BasiliX +CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) + - phpbb2 2.0.6c-1 +CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) + NOT-FOR-US: Cisco +CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) + NOT-FOR-US: microsoft +CVE-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) + NOT-FOR-US: Zeroboard +CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...) + NOT-FOR-US: NetAuction +CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...) + NOT-FOR-US: DeltaScripts PHP Classifieds +CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...) + NOT-FOR-US: ColdFusion +CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) + NOT-FOR-US: ASP Client Check +CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) + NOT-FOR-US: Microsoft +CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) + - vtun 2.6-1 +CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) + NOT-FOR-US: Microsoft Outlook plugin +CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) + NOT-FOR-US: Norton +CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) + NOT-FOR-US: Microsoft +CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) + NOT-FOR-US: Microsoft +CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) + NOT-FOR-US: Alcatel hardware issue +CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) + NOT-FOR-US: AIX +CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) + NOT-FOR-US: AIX +CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) + NOT-FOR-US: Microsoft +CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) + NOT-FOR-US: AIX +CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) + NOT-FOR-US: AIX +CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) + NOT-FOR-US: BadBlue Enterprise Edition +CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) + NOT-FOR-US: Deerfield D2Gfx +CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) + NOT-FOR-US: BadBlue Personal Edition +CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) + NOT-FOR-US: NewsReactor +CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) + NOTE: Only present in intermediate CVS version, not released in Debian +CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) + NOT-FOR-US: COWS +CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) + NOT-FOR-US: vBulletin +CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) + NOT-FOR-US: vBulletin +CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) + NOT-FOR-US: mrtgconfig +CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) + NOT-FOR-US: BindView NetInventory +CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) + NOT-FOR-US: Unreal IRCd +CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) + NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOT-FOR-US: FreeBSD +CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) + - webmin 0.93 (medium) +CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) + NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's + NOTE: webmin package look sane and FHS compliant +CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) + NOT-FOR-US: Microsoft +CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) + NOT-FOR-US: Microsoft +CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) + NOT-FOR-US: FreeBSD +CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) + NOT-FOR-US: HP-UX +CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) + NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOT-FOR-US: FreeBSD +CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) + NOT-FOR-US: Oracle +CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) + NOT-FOR-US: Yahoo Messenger +CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) + NOT-FOR-US: Yahoo Messenger +CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...) + NOT-FOR-US: Monkey +CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) + NOT-FOR-US: Mambo +CVE-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...) + NOT-FOR-US: vBulletin +CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...) + NOT-FOR-US: PortalApp +CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...) + NOT-FOR-US: Leafnode2 development branch +CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...) + - apache 1.3.31-1 +CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) + NOTE: This is not a real world problem; it's only applicable in rare circurstances + NOTE: like someone analysing stolen user database information and even then the gain + NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. +CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...) + NOT-FOR-US: X-News +CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...) + NOT-FOR-US: Netscape Enterprise Server +CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...) + NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server +CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...) + - cryptcat 20031202-2 + NOTE: don't know when it was fixed, verified above version is ok +CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...) + - cgiemail 1.6-14 +CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) + NOT-FOR-US: Verity Search97 +CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...) + - squirrelmail 1:1.2.3 +CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...) + - squirrelmail 1:1.2.3 +CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) + - squirrelmail 1:1.2.3 +CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) + - slash <unfixed> (bug #160579; low) +CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) + NOT-FOR-US: commercial ssh +CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...) + NOT-FOR-US: commercial ssh +CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...) + NOT-FOR-US: commercial ssh +CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...) + NOT-FOR-US: RealNetworks Helix Universal Server +CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...) + - postgresql 7.2.3 +CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...) + NOT-FOR-US: Oracle +CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...) + NOT-FOR-US: Oracle +CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) + NOT-FOR-US: Oracle +CVE-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...) + NOT-FOR-US: Oracle +CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...) + NOT-FOR-US: Oracle +CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) + NOT-FOR-US: Oracle +CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...) + NOT-FOR-US: Oracle +CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...) + NOT-FOR-US: NetWare +CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) + NOT-FOR-US: QNX +CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...) + NOT-FOR-US: Oracle +CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) + NOT-FOR-US: Oracle +CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...) + NOT-FOR-US: Oracle +CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) + NOT-FOR-US: Multi-Tech ProxyServer +CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...) + NOT-FOR-US: Mike Spice Mike's Vote CGI +CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) + NOT-FOR-US: Mike Spice Quiz CGI +CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) + NOT-FOR-US: Mike Spice My Calendar +CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) + NOTE: fixed in macromedia flash shortly after discovery 3 years ago + NOTE: did not check the other flash players in debian for this +CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...) + NOT-FOR-US: Lotus Domino +CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...) + NOT-FOR-US: General protocol flaw, cannot be fixed +CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...) + NOT-FOR-US: AIX +CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) + NOT-FOR-US: AIX +CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...) + NOT-FOR-US: AIX +CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...) + NOT-FOR-US: AIX +CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...) + NOT-FOR-US: HP-UX +CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) + NOT-FOR-US: GoAhead Web Server +CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) + NOTE: HAVE_BRAILLE not set in binary build +CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...) + NOT-FOR-US: Adobe PhotoDeluxe +CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...) + NOT-FOR-US: Mike Spice's My Classifieds +CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) + - dansguardian 2.4.5-1 +CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...) + NOT-FOR-US: Computer Associates MLink +CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) + NOT-FOR-US: Cisco +CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) + NOT-FOR-US: Cisco +CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...) + NOT-FOR-US: Cisco +CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...) + NOTE: our pwck and grpck do not overflow and are not suid +CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...) + - apache2 2.0.42 +CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...) + - apache2 2.0.36 +CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) + NOT-FOR-US: AIM in MSIE +CVE-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...) + NOT-FOR-US: Solaris +CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...) + NOT-FOR-US: Solaris +CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) + NOT-FOR-US: Mailtool for OpenWindows +CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...) + NOT-FOR-US: Solaris +CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...) + NOT-FOR-US: Solaris +CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...) + NOT-FOR-US: Solaris +CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...) + NOT-FOR-US: Solaris +CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...) + NOT-FOR-US: IBM DB2 +CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...) + NOTE: mailreader. Affects 2.3.30 and 2.3.31. + NOTE: Sarge uses 2.3.29. +CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...) + {DSA-534} + - mailreader 2.3.29-9 +CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...) + {DSA-215} + - cyrus-imapd 1.5.19-9.10 +CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...) + NOT-FOR-US: SAP +CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) + NOT-FOR-US: SAP +CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...) + NOT-FOR-US: SAP +CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...) + NOT-FOR-US: SAP +CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...) + {DSA-437} + - cgiemail 1.6-20 +CVE-2002-1573 + RESERVED +CVE-2002-1572 + RESERVED +CVE-2002-1571 + RESERVED +CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...) + - ucd-snmp 4.2.3-2 +CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...) + - gv 1:3.5.8-27 +CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) + - openssl 0.9.6g-1 +CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) + NOTE: tomcat4 cross-site scripting vuln + NOTE: not sure if it's a problem or not + NOTE: contacted package maintainers, they think it's not vulnerable. + TODO: waiting for further information. +CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) + - netris 0.52-1 +CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) + - wget 1.8.1-6.1 +CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...) + NOT-FOR-US: microsoft +CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...) + - stunnel4 4.04-1 + - stunnel 2:3.24-1 +CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...) + {DSA-396} + - thttpd 2.23beta1-2.3 +CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...) + NOT-FOR-US: microsoft +CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...) + NOT-FOR-US: ion-p +CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) + NOT-FOR-US: cisco +CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) + NOT-FOR-US: cisco +CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) + NOT-FOR-US: cisco +CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...) + NOT-FOR-US: cisco +CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...) + NOT-FOR-US: cisco +CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...) + NOT-FOR-US: cisco +CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) + NOT-FOR-US: AIX +CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...) + NOT-FOR-US: Webweaver +CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...) + NOT-FOR-US: Coolsoft +CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...) + NOT-FOR-US: Coolsoft +CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...) + NOT-FOR-US: SolarWinds +CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) + NOT-FOR-US: MDaemon +CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Molly +CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...) + NOT-FOR-US: Symantec +CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...) + NOTE: problem in jetty 4.1.0, Debian started with 4.2 +CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...) + NOT-FOR-US: EMU Webmail +CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...) + NOT-FOR-US: EMU Webmail +CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...) + NOT-FOR-US: Sun +CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...) + NOT-FOR-US: Miniserver +CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...) + NOT-FOR-US: PowerFTP +CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) + NOT-FOR-US: Coolforum +CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) + NOT-FOR-US: BRU +CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...) + {DSA-227} + - openldap2 2.0.27-3 +CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...) + NOT-FOR-US: Unreal +CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...) + NOTE: linuxconf not in unstable or testing +CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) + NOT-FOR-US: webserver-4everyone +CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) + NOTE: AFD not in debian +CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...) + NOT-FOR-US: NetBSD +CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...) + NOT-FOR-US: FactoSystem +CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...) + NOT-FOR-US: SWServer +CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...) + NOT-FOR-US: Jawmail +CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) + NOT-FOR-US: Cisco +CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) + NOT-FOR-US: PlanetDNS +CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) + NOT-FOR-US: Trillian +CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) + NOT-FOR-US: Trillian +CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...) + NOT-FOR-US: Trillian +CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) + NOT-FOR-US: Trillian +CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...) + NOT-FOR-US: db4web +CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) + NOT-FOR-US: db4web +CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...) + NOTE: phpGB not in Debian +CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...) + NOTE: phpGB not in Debian +CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...) + NOTE: phpGB not in Debian +CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...) + NOT-FOR-US: HPUX +CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...) + NOT-FOR-US: HPUX +CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...) + NOT-FOR-US: HPUX +CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) + NOT-FOR-US: Shoutcase +CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...) + - flashplugin-nonfree 6.0.61.0-1 +CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) + NOT-FOR-US: Cafelog +CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...) + NOT-FOR-US: Cafelog +CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...) + NOT-FOR-US: Cafelog +CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...) + NOT-FOR-US: Organic PHP +CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Webshop Manager +CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...) + NOTE: L-Forum not in Debian +CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) + NOTE: L-Forum not in Debian +CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) + NOTE: L-Forum not in Debian +CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...) + NOTE: L-Forum not in Debian +CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...) + NOT-FOR-US: mIRC +CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) + NOT-FOR-US: OmniHTTPD +CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...) + NOT-FOR-US: MyWebServer +CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...) + NOT-FOR-US: MyWebServer +CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) + NOT-FOR-US: MyWebServer +CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) + NOTE: Blazix not in Debian +CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...) + NOT-FOR-US: IBM UniVerse +CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...) + NOTE: eUpload not in Debian +CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...) + NOTE: CERN HTTPD not in Debian +CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...) + NOT-FOR-US: Google Toolbar +CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) + NOT-FOR-US: Google Toolbar +CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...) + NOT-FOR-US: Tomahawk +CVE-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) + NOT-FOR-US: Gateway +CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...) + NOT-FOR-US: HPUX +CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...) + NOT-FOR-US: Kerio +CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Kerio +CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) + NOT-FOR-US: MidiCart +CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) + NOT-FOR-US: Belkin +CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) + NOT-FOR-US: ShoutBox +CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...) + NOTE: dotproject not in Debian +CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) + NOTE: Easy Homepage Creator not in Debian +CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...) + NOT-FOR-US: HP +CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) + NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum + NOTE: is version 2.5.x +CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) + NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum + NOTE: is version 2.5.x +CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) + NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum + NOTE: is version 2.5.x +CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...) + NOT-FOR-US: Webeasymail +CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...) + NOT-FOR-US: Webeasymail +CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) + NOT-FOR-US: Duma +CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...) + NOT-FOR-US: East Guestbook +CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...) + NOT-FOR-US: HPUX +CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...) + NOT-FOR-US: HP Openview +CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...) + NOT-FOR-US: HPUX +CVE-2002-1404 + REJECTED +CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...) + {DSA-165} + - postgresql 7.2.2-2 +CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) + {DSA-165} + - postgresql 7.2.2-2 +CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...) + {DSA-165} + - postgresql 7.2.2-2 +CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...) + - postgresql 7.2.2-2 +CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) + {DSA-165} + - postgresql 7.2.2-2 +CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...) + - postgresql 7.2.2-2 +CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...) + {DSA-202} + - im 1:141-20 +CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...) + {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} + NOTE: KDE2 not in sarge +CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) + {DSA-254} + - traceroute-nanog 6.3.0-1 +CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...) + {DSA-254} + - traceroute-nanog 6.3.0-1 +CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...) + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...) + {DSA-227} + - openldap2 2.0.27-3 +CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) + {DSA-227} + - openldap2 2.0.27-3 +CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...) + {DSA-212} + NOTE: bug in mysql 3, sarge uses mysql 4 +CVE-2002-1370 + REJECTED +CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) + NOTE: Debian uses openssh, not vulnerable +CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) + NOTE: Debian uses openssh, not vulnerable +CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...) + NOTE: Debian uses openssh, not vulnerable +CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...) + NOTE: Debian uses openssh, not vulnerable +CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...) + - ethereal 0.9.8-1 +CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) + - ethereal 0.9.8-1 +CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) + NOT-FOR-US: TYPSoft FTP Server +CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...) + NOT-FOR-US: LocalWEB2000 HTTP server +CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...) + NOT-FOR-US: CartMan +CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) + NOT-FOR-US: Melange Chat System +CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...) + - libsasl2 2.1.10-1 +CVE-2002-1346 + RESERVED +CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) + NOTE: multiple ftp client issues + TODO: check wget, ftp, ncftp, etc. +CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) + {DSA-209} + - wget 1.8.1-6.1 +CVE-2002-1343 + RESERVED +CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...) + {DSA-203} + - smb2www 980804-17 +CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...) + {DSA-220} + - squirrelmail 1:1.3.2-2 +CVE-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...) + NOT-FOR-US: Office Web Components +CVE-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...) + NOT-FOR-US: Office Web Components +CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) + NOT-FOR-US: Office Web Components +CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) + {DSA-251 DSA-250 DSA-249} + - w3mmee 0.3.p24.17-3 +CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) + NOT-FOR-US: BizDesign +CVE-2002-1333 + RESERVED +CVE-2002-1332 + RESERVED +CVE-2002-1331 + RESERVED +CVE-2002-1330 + RESERVED +CVE-2002-1329 + RESERVED +CVE-2002-1328 + RESERVED +CVE-2002-1326 + RESERVED +CVE-2002-1324 + RESERVED +CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...) + NOT-FOR-US: ClearCase +CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...) + NOTE: Realplayer not in Sarge +CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) + NOT-FOR-US: iPlanet +CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...) + NOT-FOR-US: iPlanet +CVE-2002-1314 + RESERVED +CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...) + NOT-FOR-US: Linksys +CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) + NOT-FOR-US: Macromedia +CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) + NOT-FOR-US: Macromedia +CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...) + {DSA-214} + - kdenetwork 4:2.2.2-14.20 +CVE-2002-1305 + RESERVED +CVE-2002-1304 + RESERVED +CVE-2002-1303 + RESERVED +CVE-2002-1302 + RESERVED +CVE-2002-1301 + RESERVED +CVE-2002-1300 + RESERVED +CVE-2002-1299 + RESERVED +CVE-2002-1298 + RESERVED +CVE-2002-1297 + RESERVED +CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) + NOT-FOR-US: Microsoft +CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) + NOT-FOR-US: Microsoft +CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...) + NOT-FOR-US: Microsoft +CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOT-FOR-US: Microsoft +CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...) + NOT-FOR-US: SuSE-specific lprfilter package +CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) + NOT-FOR-US: Novell iManager (eMFrame) +CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) + {DSA-204} +CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) + {DSA-204} +CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...) + NOT-FOR-US: RealSecure Event Collector +CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) + {DSA-194} +CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...) + {DSA-191} +CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...) + {DSA-192} +CVE-2002-1274 + RESERVED +CVE-2002-1273 + RESERVED +CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...) + NOT-FOR-US: MacOS +CVE-2002-1263 + REJECTED +CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...) + NOT-FOR-US: Microsoft +CVE-2002-1261 + REJECTED +CVE-2002-1259 + REJECTED +CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...) + NOT-FOR-US: Microsoft +CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...) + NOT-FOR-US: Microsoft +CVE-2002-1249 + RESERVED +CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...) + {DSA-193} +CVE-2002-1246 + RESERVED +CVE-2002-1243 + RESERVED +CVE-2002-1241 + RESERVED +CVE-2002-1240 + RESERVED +CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...) + NOT-FOR-US: Peter Sandvik's Simple Web Server +CVE-2002-1237 + RESERVED +CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...) + {DSA-185 DSA-184 DSA-183} +CVE-2002-1234 + REJECTED +CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...) + {DSA-195 DSA-188 DSA-187} +CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...) + NOT-FOR-US: Avaya Cajun switches +CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) + NOT-FOR-US: Solaris +CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...) + {DSA-178} +CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) + {DSA-178} +CVE-2002-1218 + RESERVED +CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) + NOT-FOR-US: Microsoft +CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...) + - tar 1.13.25 +CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) + {DSA-174} +CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...) + NOT-FOR-US: RadioBird Software WebServer 4 Everyone +CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...) + NOT-FOR-US: RadioBird Software WebServer 4 Everyone +CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...) + NOT-FOR-US: Eudora +CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...) + NOT-FOR-US: SolarWinds TFTP Server +CVE-2002-1208 + RESERVED +CVE-2002-1207 + RESERVED +CVE-2002-1206 + RESERVED +CVE-2002-1205 + RESERVED +CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...) + NOT-FOR-US: Netscape Communicator 4.x +CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...) + NOT-FOR-US: IBM SecureWay Firewall +CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) + NOT-FOR-US: HP Tru64 UNIX +CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...) + NOT-FOR-US: AIX +CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) + NOT-FOR-US: NetBSD +CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) + NOT-FOR-US: NetBSD +CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) + NOT-FOR-US: Sabre Desktop +CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) + NOT-FOR-US: Cisco IOS +CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + NOT-FOR-US: Microsoft IIS +CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) + NOT-FOR-US: Winamp +CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...) + NOT-FOR-US: Winamp +CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...) + {DSA-171} +CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) + {DSA-171} +CVE-2002-1173 + RESERVED +CVE-2002-1172 + RESERVED +CVE-2002-1171 + RESERVED +CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) + NOT-FOR-US: IBM Websphere +CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) + NOT-FOR-US: IBM Websphere +CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...) + NOTE: wn not in Debian testing +CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...) + NOTE: Debian uses sendmail 8.13, not vulnerable. +CVE-2002-1161 + REJECTED +CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...) + NOTE: kon2. patched, but I don't know when. + NOTE: assuming the current unstable/testing version is ok then.. + - kon2 0.3.9b-18 +CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...) + NOT-FOR-US: Microsoft Netmeeting +CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...) + NOT-FOR-US: Invision Board +CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...) + NOT-FOR-US: Microsoft SQL +CVE-2002-1144 + RESERVED +CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...) + NOT-FOR-US: Microsoft Word & Excel +CVE-2002-1136 + RESERVED +CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) + NOT-FOR-US: HP Tru64 +CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...) + NOT-FOR-US: Dino's Webserver +CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...) + {DSA-191} +CVE-2002-1130 + RESERVED +CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) + NOT-FOR-US: HP Tru64 +CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...) + NOT-FOR-US: HP Tru64 +CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) + NOT-FOR-US: HP Tru64 +CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...) + NOT-FOR-US: FreeBSD +CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...) + {DSA-166} +CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) + NOTE: Some SMTP mailscanners can be bypassed by fragmenting + NOTE: messages. + TODO: check Debian mailscanners, if any. +CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) + NOT-FOR-US: Savant Web Server +CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) + {DSA-161} +CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...) + {DSA-153} +CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...) + {DSA-153} +CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) + NOT-FOR-US: Cisco +CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) + NOT-FOR-US: Cisco +CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) + NOT-FOR-US: Cisco +CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...) + NOT-FOR-US: Cisco +CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) + - libesmtp5 0.8.11-1 +CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...) + NOT-FOR-US: Oracle +CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...) + NOT-FOR-US: ezContents +CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) + NOT-FOR-US: ezContents +CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...) + NOT-FOR-US: ezContents +CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...) + NOT-FOR-US: ezContents +CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...) + NOT-FOR-US: ezContents +CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...) + NOT-FOR-US: ezContents +CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...) + NOT-FOR-US: Abyss +CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...) + NOT-FOR-US: Abyss +CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...) + NOT-FOR-US: IPSwitch +CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) + NOT-FOR-US: Pegasus +CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...) + NOT-FOR-US: MERCUR Mailserver +CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...) + NOT-FOR-US: ZyXEL +CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...) + NOT-FOR-US: ZyXEL +CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...) + - phpwiki 1.3.4-1 +CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) + NOT-FOR-US: no_package +CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...) + NOT-FOR-US: no_package +CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) + NOT-FOR-US: no_package +CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) + NOT-FOR-US: no_package +CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) + NOT-FOR-US: no_package +CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) + NOT-FOR-US: no_package +CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...) + NOT-FOR-US: no_package +CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...) + NOT-FOR-US: no_package +CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...) + NOT-FOR-US: no_package +CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...) + NOT-FOR-US: no_package +CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) + NOT-FOR-US: no_package +CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...) + NOT-FOR-US: no_package +CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...) + NOT-FOR-US: no_package +CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) + NOT-FOR-US: no_package +CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...) + NOT-FOR-US: no_package +CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) + NOT-FOR-US: no_package +CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...) + NOT-FOR-US: no_package +CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...) + NOT-FOR-US: no_package +CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...) + NOT-FOR-US: no_package +CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) + NOT-FOR-US: no_package +CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) + NOT-FOR-US: no_package +CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...) + NOT-FOR-US: no_package +CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...) + NOT-FOR-US: no_package +CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) + NOT-FOR-US: no_package +CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...) + NOT-FOR-US: no_package +CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...) + NOT-FOR-US: no_package +CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...) + NOT-FOR-US: no_package +CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...) + NOT-FOR-US: no_package +CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...) + NOT-FOR-US: no_package +CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...) + NOT-FOR-US: no_package +CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...) + NOT-FOR-US: no_package +CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) + NOT-FOR-US: no_package +CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...) + NOT-FOR-US: no_package +CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...) + NOT-FOR-US: no_package +CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) + NOT-FOR-US: no_package +CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...) + NOT-FOR-US: no_package +CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...) + NOT-FOR-US: no_package +CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) + NOT-FOR-US: no_package +CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) + NOT-FOR-US: no_package +CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) + NOT-FOR-US: no_package +CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...) + NOT-FOR-US: no_package +CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...) + NOT-FOR-US: no_package +CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...) + NOT-FOR-US: no_package +CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...) + NOT-FOR-US: no_package +CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...) + NOT-FOR-US: no_package +CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) + NOT-FOR-US: no_package +CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) + NOT-FOR-US: no_package +CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) + NOT-FOR-US: Novell +CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) + NOT-FOR-US: Novell +CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...) + NOT-FOR-US: no_package +CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) + NOT-FOR-US: HP +CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...) + NOT-FOR-US: HP +CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...) + NOT-FOR-US: HP +CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) + {DSA-157} +CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...) + NOT-FOR-US: Microsoft +CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...) + NOT-FOR-US: Microsoft +CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...) + NOT-FOR-US: Microsoft +CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...) + NOT-FOR-US: Microsoft +CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...) + NOT-FOR-US: Microsoft +CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...) + NOT-FOR-US: Microsoft +CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...) + NOT-FOR-US: Microsoft +CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...) + NOT-FOR-US: FreeBSD +CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...) + {DSA-165} +CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...) + NOT-FOR-US: Microsoft Windows specific +CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) + NOT-FOR-US: no_package +CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...) + NOT-FOR-US: no_package +CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...) + NOT-FOR-US: no_package +CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...) + NOT-FOR-US: no_package +CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...) + NOT-FOR-US: no_package +CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...) + NOT-FOR-US: no_package +CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) + NOT-FOR-US: no_package +CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...) + NOT-FOR-US: no_package +CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...) + NOT-FOR-US: YaBB +CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) + NOT-FOR-US: Cisco +CVE-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...) + NOT-FOR-US: no_package +CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) + NOT-FOR-US: no_package +CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...) + NOT-FOR-US: no_package +CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...) + NOT-FOR-US: no_package +CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...) + NOT-FOR-US: no_package +CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) + NOT-FOR-US: Microsoft +CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) + NOT-FOR-US: no_package +CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...) + NOT-FOR-US: no_package +CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...) + NOT-FOR-US: JRun +CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) + - tomcat 3.2.3-1 +CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) + NOT-FOR-US: no_package +CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) + NOT-FOR-US: no_package +CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) + NOT-FOR-US: MyHelpDesk +CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...) + NOT-FOR-US: MyHelpDesk +CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...) + NOT-FOR-US: Netware +CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...) + NOT-FOR-US: Netware +CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) + NOT-FOR-US: pirch +CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...) + NOT-FOR-US: webMathematica +CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...) + NOT-FOR-US: mmftpd not in Debian anymore +CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...) + NOT-FOR-US: CGIScript.net not int Debian +CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...) + NOT-FOR-US: Xandros specific +CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) + NOT-FOR-US: Slurp NNTP +CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...) + NOTE: DSA-129 +CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...) + NOT-FOR-US: netstd not in Debian anymore +CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) + NOT-FOR-US: mnews +CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...) + NOT-FOR-US: Cisco +CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...) + NOT-FOR-US: SHOUTcast +CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) + NOT-FOR-US: Informix +CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...) + NOT-FOR-US: wbboard +CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...) + - phpbb2 2.0.6c-1 +CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) + - amanda 2.4.0b6-1 +CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...) + NOT-FOR-US: Falcon +CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) + - swatch 3.0.4-1 +CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...) + NOT-FOR-US: no_package +CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) + NOT-FOR-US: no_package +CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...) + NOT-FOR-US: 3com +CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...) + NOT-FOR-US: Cisco +CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...) + NOT-FOR-US: no_package +CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...) + NOT-FOR-US: no_package +CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...) + NOT-FOR-US: Compaq +CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...) + NOT-FOR-US: Cisco +CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...) + NOT-FOR-US: Cisco +CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...) + NOT-FOR-US: Cisco +CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...) + NOT-FOR-US: CFXImage +CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...) + NOT-FOR-US: LogiSense +CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...) + NOT-FOR-US: Shambala +CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) + NOT-FOR-US: Shambala +CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...) + {DSA-150} +CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...) + NOT-FOR-US: Cisco +CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...) + NOT-FOR-US: IIS +CVE-2002-0868 + RESERVED +CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...) + NOT-FOR-US: Windows +CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) + NOT-FOR-US: Microsoft +CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...) + NOT-FOR-US: Oracle +CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...) + NOT-FOR-US: Oracle +CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...) + {DSA-147} + TODO: check +CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) + NOT-FOR-US: SuSE specific +CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...) + NOT-FOR-US: Cisco +CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...) + NOT-FOR-US: iSCSI +CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...) + {DSA-195 DSA-188 DSA-187} + - apache 1.3.27-0.1 +CVE-2002-0841 + REJECTED +CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...) + {DSA-195 DSA-188 DSA-187} + - apache 1.3.27-0.1 +CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...) + {DSA-182 DSA-179 DSA-176} +CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...) + - wordtrans 1.1pre9 +CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...) + {DSA-162} +CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...) + NOT-FOR-US: Eudora +CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...) + NOT-FOR-US: Internet Explorer +CVE-2002-0828 + REJECTED +CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) + NOT-FOR-US: UnixWare +CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...) + - libnss-ldap 199-1 +CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...) + - ethereal 0.9.4-1woody1 +CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) + - ethereal 0.9.4-1woody1 +CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) + NOT-FOR-US: FreeBSD +CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...) + NOT-FOR-US: artscontrol not suid root +CVE-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...) + - mozilla 2:1.0.0-1 +CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) + NOT-FOR-US: no_package +CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) + NOTE: bugzilla 2.16.0-2.1 +CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...) + NOTE: bugzilla 2.16.0-2.1 +CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...) + NOTE: bugzilla 2.16.0-2.1 +CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...) + NOT-FOR-US: no_package +CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...) + NOT-FOR-US: HP +CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...) + NOT-FOR-US: Solaris +CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...) + NOT-FOR-US: Solaris +CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) + NOT-FOR-US: QNX +CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...) + NOT-FOR-US: Cisco +CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) + NOT-FOR-US: Novell +CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) + NOT-FOR-US: no_package +CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...) + NOT-FOR-US: no_package +CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...) + NOT-FOR-US: no_package +CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Opera +CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...) + NOT-FOR-US: Novell +CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) + NOT-FOR-US: Novell +CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...) + NOT-FOR-US: Novell +CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...) + NOT-FOR-US: Novell +CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...) + NOT-FOR-US: no_package +CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...) + NOT-FOR-US: no_package +CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) + NOT-FOR-US: no_package +CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...) + NOT-FOR-US: no_package +CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...) + - viewcvs 0.9.2-5 +CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...) + NOT-FOR-US: Quake server +CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...) + NOT-FOR-US: Cisco +CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...) + NOT-FOR-US: simpleinit +CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...) + NOT-FOR-US: Phorum +CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...) + NOT-FOR-US: HP +CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...) + - webmin 0.980-1 + - usermin 0.910-1 +CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) + - webmin 0.980-1 + - usermin 0.910-1 +CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...) + NOT-FOR-US: Talentsoft +CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) + NOT-FOR-US: CGIscript.net +CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...) + NOT-FOR-US: CGIscript.net +CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...) + NOT-FOR-US: CGIscript.net +CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...) + NOT-FOR-US: CGIscript.net +CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) + NOT-FOR-US: AIX +CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...) + NOT-FOR-US: AIX +CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) + NOT-FOR-US: AIX +CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...) + NOT-FOR-US: AIX +CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...) + NOT-FOR-US: AIX +CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) + NOT-FOR-US: AIX +CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...) + - slrn 0.9.6.2-9 +CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...) + NOT-FOR-US: PostCalendat +CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) + NOT-FOR-US: only potato was vulnerable +CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...) + NOT-FOR-US: MyGuestbook +CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...) + NOT-FOR-US: vqServer +CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...) + NOT-FOR-US: guestbook +CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...) + {DSA-140} + TODO: check +CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...) + NOT-FOR-US: windows +CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...) + NOT-FOR-US: windows +CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...) + NOT-FOR-US: internet explorer +CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...) + NOT-FOR-US: Microsoft SQL Server +CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...) + - php4 4:4.2.2-1 +CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...) + - squid 2.4.6-2 +CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) + - squid 2.4.6-2 +CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...) + NOT-FOR-US: EASM +CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) + NOT-FOR-US: HP +CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...) + NOT-FOR-US: no_package +CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...) + NOT-FOR-US: no_package +CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...) + NOT-FOR-US: no_package +CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...) + NOT-FOR-US: no_package +CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) + NOT-FOR-US: no_package +CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) + - dhcp3 3.0+3.0.1rc9-1 +CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) + NOT-FOR-US: windows +CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...) + NOT-FOR-US: windows +CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...) + NOT-FOR-US: McAfee +CVE-2002-0689 + RESERVED +CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...) + NOT-FOR-US: no_package +CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...) + - glibc 2.2.5-8 +CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...) + NOT-FOR-US: no_package +CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...) + NOT-FOR-US: no_package +CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...) + NOT-FOR-US: no_package +CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...) + NOT-FOR-US: no_package +CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) + NOT-FOR-US: no_package +CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) + NOT-FOR-US: no_package +CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) + NOT-FOR-US: no_package +CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) + NOT-FOR-US: no_package +CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...) + {DSA-201} +CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) + NOT-FOR-US: ZMerge +CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...) + - apache2 2.0.40 +CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...) + {DSA-140} + TODO: check +CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) + {DSA-136} + TODO: check +CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...) + {DSA-136} + TODO: check +CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) + {DSA-136} + TODO: check +CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...) + {DSA-136} + TODO: check +CVE-2002-1412 + {DSA-138} + TODO: check + - gallery 1.3-3 +CVE-2002-1574 + NOTE: fixed after 2.6/2.4.20 kernel +CVE-2002-1560 + NOTE: not-for-us (gbook not in Debian) +CVE-2002-1552 + NOTE: not-for-us (novell) +CVE-2002-1550 + NOTE: not-for-us (AIX) +CVE-2002-1549 + NOTE: not-for-us (lhttpd not in Debian) +CVE-2002-1548 + NOTE: not-for-us (AIX) +CVE-2002-1547 + NOTE: not-for-us (Netscreen) +CVE-2002-1543 + NOTE: not-for-us (NetBSD) +CVE-2002-1541 + NOTE: not-for-us (BadBlue not in Debian) +CVE-2002-1540 + NOTE: not-for-us (norton) +CVE-2002-1538 + NOTE: not-for-us (acusend not in Debian) +CVE-2002-1537 + - phpbb2 2.0.6c-1 + NOTE: according to http://www.securityfocus.com/archive/1/297419 + NOTE: phpBB versions above 2.0.0 are not vulnerable. +CVE-2002-1534 + NOTE: Don't know if macromedia flash player is still vulnerable + NOTE: see: http://www.securityfocus.com/archive/1/294206 + TODO: check +CVE-2002-1532 + NOTE: not-for-us (surfcontrol) +CVE-2002-1531 + NOTE: not-for-us (surfcontrol) +CVE-2002-1530 + NOTE: not-for-us (surfcontrol) +CVE-2002-1529 + NOTE: not-for-us (surfcontrol) +CVE-2002-1528 + NOTE: not-for-us (mondosearch) +CVE-2002-1524 + NOTE: not-for-us (winamp) +CVE-2002-1521 + NOTE: not-for-us (webserver 4D) +CVE-2002-1520 + NOTE: not-for-us (WatchGuard) +CVE-2002-1519 + NOTE: not-for-us (WatchGuard) +CVE-2002-1518 + NOTE: not-for-us (IRIX) +CVE-2002-1517 + NOTE: not-for-us (IRIX) +CVE-2002-1516 + NOTE: not-for-us (IRIX) +CVE-2002-1514 + NOTE: not-for-us (interbase) +CVE-2002-1513 + NOTE: not-for-us (OpenVMS) +CVE-2002-1511 + - vnc 3.3.3r2-21 +CVE-2002-1510 + - xfree86 4.1.0-7 +CVE-2002-1509 + NOTE: not-for-us (redhat and mandrake only) +CVE-2002-1505 + NOTE: not-for-us (WoltLab Burning Board not in Debian) +CVE-2002-1502 + NOTE: not-for-us (xbreaky not in Debian) +CVE-2002-1501 + NOTE: not-for-us (Enterasys) +CVE-2002-1497 + NOTE: not-for-us (Null HTTP Server not in Debian) +CVE-2002-1496 + NOTE: not-for-us (Null HTTP Server not in Debian) +CVE-2002-1494 + NOTE: not-for-us (Aestiva) +CVE-2002-1493 + NOTE: not-for-us (Lycos) +CVE-2002-1491 + NOTE: not-for-us (Cisco VPN 5000 Client for MacOS) +CVE-2002-1490 + NOTE: not-for-us (NetBSD) +CVE-2002-1479 + - cacti 0.6.8-1 +CVE-2002-1478 + {DSA-164} + - cacti 0.6.8a-2 +CVE-2002-1477 + {DSA-164} + - cacti 0.6.8a-2 +CVE-2002-1476 + NOTE: not-for-us (NetBSD) +CVE-2002-1472 + - xfree86 4.2.1-1 + NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/ + NOTE: woody is still vulnerable + NOTE: open bug #280872 +CVE-2002-1471 + - evolution 1.2.0-1 + NOTE: woody seems to be still vulnerable + NOTE: open bug #280883 +CVE-2002-1469 + - scponly 3.8-1 + NOTE: according to http://sublimation.org/scponly/ (scponly home page) + NOTE: only versions of scponly older than scponly-2.4 are affected +CVE-2002-1468 + NOTE: not-for-us (AIX) +CVE-2002-1463 + NOTE: not-for-us (symantec) +CVE-2002-1448 + NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products) +CVE-2002-1447 + NOTE: not-for-us (Cisco vpn client for UNIX) +CVE-2002-1446 + NOTE: not-for-us (nCipher PKCS#11 library) +CVE-2002-1443 + NOTE: not-for-us (Google toolbar) +CVE-2002-1438 + NOTE: not-for-us (Perl on Novell) +CVE-2002-1437 + NOTE: not-for-us (Perl on Novell) +CVE-2002-1436 + NOTE: not-for-us (Perl on Novell) +CVE-2002-1435 + NOTE: not-for-us (Achievo not in Debian) +CVE-2002-1430 + NOTE: not-for-us (Sympoll not in Debian) +CVE-2002-1425 + {DSA-141} + - mpack 1.5-9 +CVE-2002-1424 + - mpack 1.5-9 +CVE-2002-1420 + NOTE: not-for-us (OpenBSD) +CVE-2002-1419 + NOTE: not-for-us (IRIX on Origin) +CVE-2002-1418 + NOTE: not-for-us (Novell NetBasic Scripting Server) +CVE-2002-1417 + NOTE: not-for-us (Novell NetBasic Scripting Server) +CVE-2002-1414 + - qmailadmin 1.0.6-1 +CVE-2002-1413 + NOTE: not-for-us (RCONAG6 for Novell Netware SP2) +CVE-2002-1407 + NOTE: not-for-us (TinySSL not in Debian) +CVE-2002-1405 + {DSA-210} + - lynx 2.8.4.1b-4 + - lynx-ssl 1:2.8.4.1b-3.1 +CVE-2002-1403 + {DSA-219} + - dhcpcd 1:1.3.22pl2-2 + NOTE: Debian sarge uses dhcp >= 2.0 +CVE-2002-1396 + - php4 4:4.3.2+rc3-1 + NOTE: according to http://www.securityfocus.com/bid/6488 + NOTE: woody is not vulnerable +CVE-2002-1394 + {DSA-225} + - tomcat4 4.1.9-1 + NOTE: no problem in sarge packages +CVE-2002-1392 + - mgetty 1.1.30-1 + NOTE: woody version seems to be vulnerable see bug #199351 +CVE-2002-1391 + - mgetty 1.1.30-1 + NOTE: woody version seems to be vulnerable see bug #199351 +CVE-2002-1390 + {DSA-223} + - geneweb 4.09-1 +CVE-2002-1389 + {DSA-217} + - typespeed 0.4.2-2 +CVE-2002-1388 + {DSA-221} + - mhonarc 2.5.14-1 +CVE-2002-1385 + - openwebmail 1.90-1 +CVE-2002-1384 + {DSA-232 DSA-226 DSA-222} + - xpdf-i 2.01-2 + - xpdf 2.01-2 + - cupsys 1.1.18-1 +CVE-2002-1382 + - flashplugin-nonfree 6.0.69-1 +CVE-2002-1381 + - exim4 4.11-0.0.1 + - exim 3.36-14 +CVE-2002-1380 + {DSA-336} + - kernel-source-2.2.25 2.2.25-2 +CVE-2002-1377 + - vim 6.1.263-1 + NOTE: woody seems to be still vulnerable + NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003 + NOTE: but no advisory (nor fixed package) have been published yet. + NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this. + NOTE: No response from maintainer, I have mailed security team. + NOTE: Martin Schulze don't consider this as an issue for updating woody. +CVE-2002-1375 + {DSA-212} + - mysql-dfsg 4.0.7.gamma-1 + NOTE: bug in mysql 3, sarge uses mysql 4 +CVE-2002-1374 + {DSA-212} + - mysql-dfsg 4.0.7.gamma-1 + NOTE: bug in mysql 3, sarge uses mysql 4 +CVE-2002-1373 + {DSA-212} + - mysql-dfsg 4.0.7.gamma-1 + NOTE: bug in mysql 3, sarge uses mysql 4 +CVE-2002-1372 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1371 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1369 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1367 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1366 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1365 + {DSA-216} + - fetchmail 6.2.0-1 +CVE-2002-1364 + {DSA-254} + - traceroute-nanog 6.3.0-1 +CVE-2002-1363 + {DSA-213} + - libpng 1.0.12-7 + - libpng3 1.2.5-8 +CVE-2002-1362 + {DSA-211} + - micq 0.4.9.4-1 + NOTE: micq not in sarge +CVE-2002-1361 + NOTE: not-for-us (sun) +CVE-2002-1350 + {DSA-206} + - tcpdump 3.7.1-1 + NOTE: 3.7.1-1.2 fixes a different issue. + NOTE: The fix from 3.6.2-2.2 was not upload to unstable. +CVE-2002-1349 + NOTE: not-for-us (PC-cillin) +CVE-2002-1348 + {DSA-251 DSA-250 DSA-249} + - w3mmee 0.3.p24.17-3 +CVE-2002-1337 + {DSA-257} + - sendmail 8.13.0.PreAlpha4-0 + NOTE: sendmail-wide not in testing/unstable + NOTE: problem in sendmail 8.12, sarge uses 8.13 +CVE-2002-1336 + - tightvnc 1.2.6-1 +CVE-2002-1327 + NOTE: not-for-us (windows) +CVE-2002-1325 + NOTE: not-for-us (windows) +CVE-2002-1323 + {DSA-208} + - perl 5.8.0-14 +CVE-2002-1320 + NOTE: not-for-us (pine not in Debian) +CVE-2002-1319 + NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable) +CVE-2002-1318 + {DSA-200} + - samba 2.99.cvs.20020713-1 + NOTE: Problem in Samba 2, sarge uses Samba 3. +CVE-2002-1317 + NOTE: not-for-us (solaris) +CVE-2002-1313 + {DSA-198} + - nullmailer 1.00RC5-17 +CVE-2002-1311 + {DSA-197} + - courier 0.40.0-1 +CVE-2002-1308 + - mozilla 2:1.2-1 + NOTE: woody is vulnerable see #237422 +CVE-2002-1307 + {DSA-199} + - mhonarc 2.5.13-1 +CVE-2002-1296 + NOTE: not-for-us (Solaris) +CVE-2002-1284 + - kdeutils 4:3.2.1-1 +CVE-2002-1278 + NOTE: Linuxconf not in testing/unstable +CVE-2002-1277 + {DSA-190} + - wmaker 0.80.1-1 +CVE-2002-1272 + NOTE: not-for-us (Alcatel) +CVE-2002-1271 + {DSA-386} + - libmailtools-perl 1.51 +CVE-2002-1270 + NOTE: not-for-us (Mac OS X) +CVE-2002-1268 + NOTE: not-for-us (Mac OS X) +CVE-2002-1267 + NOTE: not-for-us (Mac OS X) +CVE-2002-1266 + NOTE: not-for-us (Mac OS X) +CVE-2002-1265 + NOTE: don't know which version of glibc fix this + NOTE: I've mailed maintainers. + TODO: check +CVE-2002-1264 + NOTE: not-for-us (oracle) +CVE-2002-1260 + NOTE: not-for-us (Microsoft JVM) +CVE-2002-1257 + NOTE: not-for-us (Microsoft JVM) +CVE-2002-1256 + NOTE: not-for-us (Microsoft Windows) +CVE-2002-1255 + NOTE: not-for-us (Microsoft Outlook) +CVE-2002-1253 + NOTE: not-for-us (Abuse 2.00 not in Debian) +CVE-2002-1252 + NOTE: not-for-us (PeopleSoft) +CVE-2002-1251 + {DSA-186} + - log2mail 0.2.6-1 +CVE-2002-1250 + NOTE: not-for-us (Abuse 2.00 not in Debian) +CVE-2002-1248 + NOTE: not-for-us (Xeneo Web Server) +CVE-2002-1245 + {DSA-189} + - luxman 0.41-19 +CVE-2002-1244 + NOTE: not-for-us (Pablo FTP Server) +CVE-2002-1242 + NOTE: not-for-us (PHP-Nuke not in Debian) +CVE-2002-1239 + NOTE: not-for-us (QNX) +CVE-2002-1236 + NOTE: not-for-us (Linksys) +CVE-2002-1232 + {DSA-180} + - nis 3.9-6.2 +CVE-2002-1231 + NOTE: not-for-us (SCO) +CVE-2002-1230 + NOTE: not-for-us (Windows NT) +CVE-2002-1227 + {DSA-177} + - pam 0.76-6 +CVE-2002-1224 + - kdenetwork 4:3.1.0-1 +CVE-2002-1223 + - kdegraphics 4:3.1.0-1 +CVE-2002-1222 + NOTE: not-for-us (CISCO) +CVE-2002-1221 + {DSA-196} + - bind 1:8.3.3-3 +CVE-2002-1220 + {DSA-196} + - bind 1:8.3.3-3 +CVE-2002-1219 + {DSA-196} + - bind 1:8.3.3-3 +CVE-2002-1214 + NOTE: not-for-us (Microsoft) +CVE-2002-1211 + NOTE: not-for-us (Prometheus not in Debian) +CVE-2002-1200 + {DSA-175} + - syslog-ng 1.5.21-1 +CVE-2002-1199 + NOTE: not-for-us (ypxfrd not in Debian) +CVE-2002-1198 + - bugzilla 2.16.1-1 + NOTE: woody seems to be vulnerable, bug #282500 +CVE-2002-1197 + - bugzilla 2.16.1-1 + NOTE: woody seems to be vulnerable, bug #282501 +CVE-2002-1196 + {DSA-173} + - bugzilla 2.16.0-2.1 +CVE-2002-1195 + {DSA-169} + - php3 3:3.0.18-23.2 + - php4 4:4.2.3-3 +CVE-2002-1193 + {DSA-172} + NOTE: tkmail not in testing/unstable +CVE-2002-1189 + NOTE: not-for-us (CISCO) +CVE-2002-1188 + NOTE: not-for-us (Microsoft) +CVE-2002-1187 + NOTE: not-for-us (Microsoft) +CVE-2002-1186 + NOTE: not-for-us (Microsoft) +CVE-2002-1185 + NOTE: not-for-us (Microsoft) +CVE-2002-1184 + NOTE: not-for-us (Microsoft) +CVE-2002-1183 + NOTE: not-for-us (Microsoft) +CVE-2002-1182 + NOTE: not-for-us (Microsoft) +CVE-2002-1180 + NOTE: not-for-us (Microsoft) +CVE-2002-1179 + NOTE: not-for-us (Microsoft) +CVE-2002-1178 + - jetty 4.1.0 +CVE-2002-1170 + - net-snmp 5.0.6 +CVE-2002-1169 + NOTE: not-for-us (IBM Web Traffic Express Caching Proxy Server) +CVE-2002-1160 + NOTE: not-for-us (pam_xauth) +CVE-2002-1159 + {DSA-224} +CVE-2002-1158 + {DSA-224} +CVE-2002-1157 + {DSA-181} +CVE-2002-1156 + - apache2 2.0.43 +CVE-2002-1154 + - analog 2:5.23 +CVE-2002-1153 + NOTE: not-for-us (IBM Websphere) +CVE-2002-1152 + - konqueror 3.03 +CVE-2002-1151 + {DSA-167} +CVE-2002-1148 + {DSA-170} +CVE-2002-1147 + NOTE: not-for-us (HP Procurve 4000M Switch firmware) +CVE-2002-1146 + NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc) + NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind) + - libc6 2.3 + - bind 1:8.3.3 +CVE-2002-1142 + NOTE: not-for-us (Microsoft) +CVE-2002-1141 + NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP) +CVE-2002-1140 + NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP) +CVE-2002-1139 + NOTE: not-for-us (Microsoft) +CVE-2002-1138 + NOTE: not-for-us (Microsoft) +CVE-2002-1137 + NOTE: not-for-us (Microsoft) +CVE-2002-1135 + NOTE: not-for-us (phpWebSite) +CVE-2002-1132 + {DSA-191} +CVE-2002-1126 + - mozilla 2:1.2 +CVE-2002-1123 + NOTE: not-for-us (Microsoft) +CVE-2002-1122 + NOTE: not-for-us (Microsoft) +CVE-2002-1119 + {DSA-159} +CVE-2002-1118 + NOTE: not-for-us (Oracle) +CVE-2002-1117 + NOTE: not-for-us (Veritas Backup Exec) +CVE-2002-1116 + {DSA-161} +CVE-2002-1113 + {DSA-153} +CVE-2002-1112 + {DSA-153} +CVE-2002-1111 + {DSA-153} +CVE-2002-1109 + NOTE: old amavis shell script +CVE-2002-1108 + NOTE: not-for-us (Cisco) +CVE-2002-1107 + NOTE: not-for-us (Cisco) +CVE-2002-1106 + NOTE: not-for-us (Cisco) +CVE-2002-1105 + NOTE: not-for-us (Cisco) +CVE-2002-1104 + NOTE: not-for-us (Cisco) +CVE-2002-1102 + NOTE: not-for-us (Cisco) +CVE-2002-1099 + NOTE: not-for-us (Cisco) +CVE-2002-1098 + NOTE: not-for-us (Cisco) +CVE-2002-1097 + NOTE: not-for-us (Cisco) +CVE-2002-1096 + NOTE: not-for-us (Cisco) +CVE-2002-1095 + NOTE: not-for-us (Cisco) +CVE-2002-1093 + NOTE: not-for-us (Cisco) +CVE-2002-1092 + NOTE: not-for-us (Cisco) +CVE-2002-1091 + - mozilla 2:1.0.2 +CVE-2002-1088 + NOTE: not-for-us (Novell GroupWise) +CVE-2002-1081 + NOTE: not-for-us (Abyss Web Server) +CVE-2002-1079 + NOTE: not-for-us (Abyss Web Server) +CVE-2002-1076 + NOTE: not-for-us (Ipswitch IMail) +CVE-2002-1060 + NOTE: not-for-us (CacheFlow CacheOS) +CVE-2002-1059 + NOTE: not-for-us (Van Dyke SecureCRT SSH client) +CVE-2002-1057 + NOTE: not-for-us (SmartMax MailMax POP3 daemon) +CVE-2002-1056 + NOTE: not-for-us (Microsoft) +CVE-2002-1054 + NOTE: not-for-us (Pablo FTP server) +CVE-2002-1053 + NOTE: not-for-us (W3C Jigsaw Proxy Server) +CVE-2002-1051 + {DSA-254} +CVE-2002-1050 + {DSA-148} + TODO: check +CVE-2002-1049 + {DSA-148} + TODO: check +CVE-2002-1046 + NOTE: not-for-us (Watchguard Firebox firmware) +CVE-2002-1039 + - dcl 20020706 +CVE-2002-1035 + NOTE: not-for-us (Omnicron OmniHTTPd) +CVE-2002-1031 + NOTE: not-for-us (KeyFocus (KF) web server) +CVE-2002-1030 + NOTE: not-for-us (BEA WebLogic Server and Express) +CVE-2002-1025 + NOTE: not-for-us (JRun) +CVE-2002-1024 + NOTE: not-for-us (Cisco) +CVE-2002-1015 + NOTE: not-for-us (Real) +CVE-2002-1014 + NOTE: not-for-us (Real) +CVE-2002-1013 + NOTE: not-for-us (Inktomi) +CVE-2002-1006 + NOTE: not-for-us (Betsie) +CVE-2002-1004 + NOTE: not-for-us (ArGoSoft Mail Server) +CVE-2002-1002 + NOTE: not-for-us (Novell) +CVE-2002-1000 + NOTE: not-for-us (AnalogX SimpleServer:Shout) +CVE-2002-0995 + NOTE: not-for-us (PHPAuction) +CVE-2002-0990 + NOTE: not-for-us (Symantec) +CVE-2002-0989 + {DSA-158} +CVE-2002-0988 + NOTE: not-for-us (Xsco) +CVE-2002-0987 + NOTE: not-for-us (Xsco) +CVE-2002-0986 + {DSA-168} +CVE-2002-0985 + {DSA-168} +CVE-2002-0984 + {DSA-156} +CVE-2002-0981 + NOTE: not-for-us (ndcfg) +CVE-2002-0974 + NOTE: not-for-us (Help and Support Center for Windows XP) +CVE-2002-0970 + {DSA-155} +CVE-2002-0969 + NOTE: mysql problem only affects Windows +CVE-2002-0968 + NOTE: not-for-us (AnalogX SimpleServer:WWW) +CVE-2002-0967 + NOTE: not-for-us (eDonkey) +CVE-2002-0965 + NOTE: not-for-us (Oracle) +CVE-2002-0964 + NOTE: not-for-us (Half Life) +CVE-2002-0958 + NOTE: not-for-us (PHP Reactor) +CVE-2002-0953 + NOTE: not-for-us (PHP Address) +CVE-2002-0952 + NOTE: not-for-us (Cisco) +CVE-2002-0947 + NOTE: not-for-us (Oracle) +CVE-2002-0946 + NOTE: not-for-us (SeaNox Devwex) +CVE-2002-0945 + NOTE: not-for-us (SeaNox Devwex) +CVE-2002-0941 + NOTE: not-for-us (Java on Windows) +CVE-2002-0938 + NOTE: not-for-us (Cisco) +CVE-2002-0935 + - tomcat4 4.1.9-1 +CVE-2002-0916 + - squid 2.4.7 +CVE-2002-0914 + - courier-mta 0.46 +CVE-2002-0911 + NOTE: not-for-us (Caldera Volution Manager) +CVE-2002-0906 + - sendmail 8.12.5 +CVE-2002-0904 + - kismet 2.2.2-1 +CVE-2002-0900 + NOTE: not-for-us (pks) +CVE-2002-0898 + NOTE: not-for-us (Opera) +CVE-2002-0897 + NOTE: not-for-us (LocalWEB2000) +CVE-2002-0895 + NOTE: not-for-us (MatuFtpServer) +CVE-2002-0892 + NOTE: not-for-us (NewAtlanta ServletExec ISAPI) +CVE-2002-0891 + NOTE: not-for-us (NetScreen ScreenOS) +CVE-2002-0889 + - qpopper 4.0.5-1 +CVE-2002-0887 + NOTE: not-for-us (scoadmin) +CVE-2002-0875 + {DSA-154} +CVE-2002-0873 + {DSA-152} +CVE-2002-0872 + {DSA-152} +CVE-2002-0871 + {DSA-151} +CVE-2002-0867 + NOTE: not-for-us (Microsoft) +CVE-2002-0866 + NOTE: not-for-us (Microsoft) +CVE-2002-0865 + NOTE: not-for-us (Microsoft) +CVE-2002-0864 + NOTE: not-for-us (Microsoft) +CVE-2002-0860 + NOTE: not-for-us (Microsoft) +CVE-2002-0859 + NOTE: not-for-us (Microsoft) +CVE-2002-0856 + NOTE: not-for-us (Oracle) +CVE-2002-0853 + NOTE: not-for-us (Cisco) +CVE-2002-0851 + - isdnutils 1:3.2 +CVE-2002-0850 + NOTE: not-for-us (PGP corporate desktop) +CVE-2002-0848 + NOTE: not-for-us (Cisco) +CVE-2002-0847 + {DSA-145} + TODO: check +CVE-2002-0846 + - flashplugin-nonfree 6.0.47 +CVE-2002-0845 + NOTE: not-for-us (Sun ONE) +CVE-2002-0844 + - cvs 1:1.11.2 +CVE-2002-0842 + NOTE: mod_dav for apache not vulnerable according to + NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html +CVE-2002-0840 + {DSA-195 DSA-188 DSA-187} + - apache2 2.0.43-1 + - apache 1.3.27-0.1 +CVE-2002-0836 + {DSA-207} +CVE-2002-0835 + NOTE: not-for-us (RedHat/Intel PXE daemon) + NOTE: this is not the one in Debian +CVE-2002-0831 + NOTE: not-for-us (FreeBSD) +CVE-2002-0830 + NOTE: not-for-us (BSD/NFS) +CVE-2002-0829 + NOTE: not-for-us (FreeBSD) +CVE-2002-0826 + NOTE: not-for-us (WS FTP server) +CVE-2002-0824 + NOTE: not-for-us (BSD/pppd) +CVE-2002-0823 + NOTE: not-for-us (Windows) +CVE-2002-0818 + {DSA-144} + TODO: check +CVE-2002-0817 + {DSA-139} + TODO: check +CVE-2002-0816 + NOTE: not-for-us (HP Tru64) +CVE-2002-0814 + NOTE: not-for-us (VMware) +CVE-2002-0813 + NOTE: not-for-us (Cisco) +CVE-2002-0810 + - bugzilla 2.16.0 +CVE-2002-0809 + - bugzilla 2.16.0 +CVE-2002-0808 + - bugzilla 2.16.0 +CVE-2002-0806 + - bugzilla 2.16.0 +CVE-2002-0805 + - bugzilla 2.16.0 +CVE-2002-0804 + - bugzilla 2.16.0 +CVE-2002-0802 + - postgresql 7.2 +CVE-2002-0801 + NOTE: not-for-us (Macromedia / Windows) +CVE-2002-0795 + NOTE: not-for-us (FreeBSD) +CVE-2002-0794 + NOTE: not-for-us (FreeBSD) +CVE-2002-0790 + NOTE: not-for-us (AIX) +CVE-2002-0789 + - mnogosearch 3.1.19-3 +CVE-2002-0788 + NOTE: not-for-us (windows) +CVE-2002-0785 + NOTE: not-for-us (AOL AIM) +CVE-2002-0778 + NOTE: not-for-us (CISCO) +CVE-2002-0777 + NOTE: not-for-us (Ipswitch not in Debian) +CVE-2002-0776 + NOTE: not-for-us (Hosting Controller 2002) +CVE-2002-0768 + - lukemftp 1.5-7 +CVE-2002-0766 + NOTE: not-for-us (OpenBSD) +CVE-2002-0765 + - openssh 1:3.3p1-0.0woody1 +CVE-2002-0762 + NOTE: not-for-us (SUSE specific) +CVE-2002-0761 + NOTE: not-for-us (FreeBSD and OpenLinux) +CVE-2002-0760 + NOTE: not-for-us (FreeBSD and OpenLinux) +CVE-2002-0759 + NOTE: not-for-us (FreeBSD and OpenLinux) +CVE-2002-0758 + NOTE: not-for-us (SUSE specific) +CVE-2002-0755 + NOTE: not-for-us (FreeBSD) +CVE-2002-0754 + NOTE: not-for-us (FreeBSD) +CVE-2002-0748 + NOTE: not-for-us (Labview) +CVE-2002-0741 + NOTE: not-for-us (psyBNC) +CVE-2002-0738 + {DSA-163} +CVE-2002-0737 + NOTE: not-for-us (Sambar web server) +CVE-2002-0736 + NOTE: not-for-us (Microsoft) +CVE-2002-0734 + NOTE: not-for-us (B2) +CVE-2002-0733 + - thttpd 2.21 +CVE-2002-0729 + NOTE: not-for-us (Microsoft) +CVE-2002-0727 + NOTE: not-for-us (Microsoft) +CVE-2002-0726 + NOTE: not-for-us (Microsoft) +CVE-2002-0722 + NOTE: not-for-us (Microsoft) +CVE-2002-0720 + NOTE: not-for-us (Microsoft) +CVE-2002-0719 + NOTE: not-for-us (Microsoft) +CVE-2002-0718 + NOTE: not-for-us (Microsoft) +CVE-2002-0716 + NOTE: not-for-us (SCO OpenServer) +CVE-2002-0714 + - squid 2.4.6 +CVE-2002-0710 + NOTE: not-for-us (sendform.cgi) +CVE-2002-0704 + NOTE: kernel netfilter bug, not in user space + NOTE: this is fixed in kernel 2.4.20 + TODO: check + - kernel-image-2.4.18-i386 (bug #152152; unimportant) +CVE-2002-0703 + - perl 5.8.0-7 + NOTE: woody seems to be vulnerable, bug #282527 +CVE-2002-0701 + NOTE: not-for-us (BSD) +CVE-2002-0700 + NOTE: not-for-us (Microsoft) +CVE-2002-0698 + NOTE: not-for-us (Microsoft) +CVE-2002-0697 + NOTE: not-for-us (Microsoft) +CVE-2002-0696 + NOTE: not-for-us (Microsoft) +CVE-2002-0695 + NOTE: not-for-us (Microsoft) +CVE-2002-0694 + NOTE: not-for-us (Microsoft) +CVE-2002-0692 + NOTE: not-for-us (Microsoft) +CVE-2002-0691 + NOTE: not-for-us (Microsoft) +CVE-2002-0688 + {DSA-490} +CVE-2002-0687 + - zope 2.5.1b2 +CVE-2002-0685 + NOTE: not-for-us (PGP Outlook Encryption Plug-In) +CVE-2002-0682 + - tomcat 4.0.4 +CVE-2002-0679 + NOTE: not-for-us (CDE) +CVE-2002-0678 + NOTE: not-for-us (CDE ToolTalk) +CVE-2002-0676 + NOTE: not-for-us (MacOS) +CVE-2002-0674 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0673 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0672 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0671 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0668 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0665 + NOTE: not-for-us (Microsoft) +CVE-2002-0663 + NOTE: not-for-us (Norton) +CVE-2002-0662 + {DSA-160} +CVE-2002-0658 + {DSA-137} + TODO: check +CVE-2002-0653 + TODO: check +STOP: this is approximatly the release of woody, so we can stop here +CVE-2002-0651 +CVE-2002-0650 +CVE-2002-0648 +CVE-2002-0647 +CVE-2002-0642 +CVE-2002-0640 +CVE-2002-0639 +CVE-2002-0638 +CVE-2002-0631 +CVE-2002-0630 +CVE-2002-0627 +CVE-2002-0623 +CVE-2002-0622 +CVE-2002-0621 +CVE-2002-0619 +CVE-2002-0618 +CVE-2002-0617 +CVE-2002-0616 +CVE-2002-0615 +CVE-2002-0613 +CVE-2002-0605 +CVE-2002-0601 +CVE-2002-0599 +CVE-2002-0598 +CVE-2002-0597 +CVE-2002-0594 +CVE-2002-0576 +CVE-2002-0575 +CVE-2002-0574 +CVE-2002-0573 +CVE-2002-0571 +CVE-2002-0569 +CVE-2002-0567 +CVE-2002-0553 +CVE-2002-0546 +CVE-2002-0545 +CVE-2002-0543 +CVE-2002-0542 +CVE-2002-0539 +CVE-2002-0538 +CVE-2002-0536 +CVE-2002-0532 +CVE-2002-0531 +CVE-2002-0516 +CVE-2002-0513 +CVE-2002-0512 +CVE-2002-0511 +CVE-2002-0506 +CVE-2002-0505 +CVE-2002-0501 +CVE-2002-0497 +CVE-2002-0495 +CVE-2002-0494 +CVE-2002-0493 +CVE-2002-0490 +CVE-2002-0488 +CVE-2002-0484 +CVE-2002-0473 +CVE-2002-0464 +CVE-2002-0463 +CVE-2002-0462 +CVE-2002-0454 +CVE-2002-0451 +CVE-2002-0445 +CVE-2002-0444 +CVE-2002-0443 +CVE-2002-0442 +CVE-2002-0441 +CVE-2002-0437 +CVE-2002-0435 +CVE-2002-0431 +CVE-2002-0429 + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2002-0425 +CVE-2002-0424 +CVE-2002-0423 +CVE-2002-0414 +CVE-2002-0412 +CVE-2002-0406 +CVE-2002-0404 +CVE-2002-0403 +CVE-2002-0402 +CVE-2002-0401 +CVE-2002-0400 +CVE-2002-0398 +CVE-2002-0397 +CVE-2002-0396 +CVE-2002-0395 +CVE-2002-0394 +CVE-2002-0392 + - apache2 2.0.37 +CVE-2002-0391 + {DSA-333 DSA-149 DSA-146 DSA-143 DSA-142} +CVE-2002-0389 +CVE-2002-0387 +CVE-2002-0384 +CVE-2002-0382 +CVE-2002-0381 +CVE-2002-0380 + {DSA-255} +CVE-1999-0708 +CVE-1999-0707 +CVE-1999-0706 +CVE-1999-0705 +CVE-1999-0704 +CVE-1999-0703 +CVE-1999-0702 +CVE-1999-0701 +CVE-1999-0700 +CVE-1999-0699 +CVE-1999-0697 +CVE-1999-0696 +CVE-1999-0695 +CVE-1999-0694 +CVE-1999-0693 +CVE-1999-0692 +CVE-1999-0691 +CVE-1999-0690 +CVE-1999-0689 +CVE-1999-0688 +CVE-1999-0687 +CVE-1999-0686 +CVE-1999-0685 +CVE-1999-0683 +CVE-1999-0682 +CVE-1999-0681 +CVE-1999-0680 +CVE-1999-0679 +CVE-1999-0678 +CVE-1999-0676 +CVE-1999-0675 +CVE-1999-0674 +CVE-1999-0672 +CVE-1999-0671 +CVE-1999-0668 +CVE-1999-0628 +CVE-1999-0627 +CVE-1999-0626 +CVE-1999-0612 +CVE-1999-0608 +CVE-1999-0566 +CVE-1999-0551 +CVE-1999-0526 +CVE-1999-0514 +CVE-1999-0513 +CVE-1999-0496 +CVE-1999-0494 +CVE-1999-0493 +CVE-1999-0491 +CVE-1999-0487 +CVE-1999-0485 +CVE-1999-0484 +CVE-1999-0483 +CVE-1999-0482 +CVE-1999-0481 +CVE-1999-0479 +CVE-1999-0478 +CVE-1999-0475 +CVE-1999-0474 +CVE-1999-0473 +CVE-1999-0472 +CVE-1999-0471 +CVE-1999-0470 +CVE-1999-0468 +CVE-1999-0466 +CVE-1999-0464 +CVE-1999-0463 +CVE-1999-0458 +CVE-1999-0457 +CVE-1999-0449 +CVE-1999-0448 +CVE-1999-0447 +CVE-1999-0446 +CVE-1999-0445 +CVE-1999-0442 +CVE-1999-0441 +CVE-1999-0440 +CVE-1999-0439 +CVE-1999-0438 +CVE-1999-0437 +CVE-1999-0436 +CVE-1999-0433 +CVE-1999-0432 +CVE-1999-0430 +CVE-1999-0429 +CVE-1999-0428 +CVE-1999-0425 +CVE-1999-0424 +CVE-1999-0423 +CVE-1999-0422 +CVE-1999-0421 +CVE-1999-0420 +CVE-1999-0417 +CVE-1999-0416 +CVE-1999-0415 +CVE-1999-0414 +CVE-1999-0413 +CVE-1999-0412 +CVE-1999-0410 +CVE-1999-0409 +CVE-1999-0408 +CVE-1999-0407 +CVE-1999-0405 +CVE-1999-0404 +CVE-1999-0403 +CVE-1999-0402 +CVE-1999-0396 +CVE-1999-0395 +CVE-1999-0393 +CVE-1999-0392 +CVE-1999-0391 +CVE-1999-0390 +CVE-1999-0388 +CVE-1999-0387 +CVE-1999-0386 +CVE-1999-0385 +CVE-1999-0384 +CVE-1999-0383 +CVE-1999-0382 +CVE-1999-0380 +CVE-1999-0379 +CVE-1999-0378 +CVE-1999-0377 +CVE-1999-0376 +CVE-1999-0375 +CVE-1999-0374 +CVE-1999-0373 +CVE-1999-0372 +CVE-1999-0371 +CVE-1999-0369 +CVE-1999-0368 +CVE-1999-0367 +CVE-1999-0366 +CVE-1999-0365 +CVE-1999-0363 +CVE-1999-0362 +CVE-1999-0358 +CVE-1999-0357 +CVE-1999-0355 +CVE-1999-0353 +CVE-1999-0351 +CVE-1999-0350 +CVE-1999-0349 +CVE-1999-0348 +CVE-1999-0346 +CVE-1999-0344 +CVE-1999-0343 +CVE-1999-0342 +CVE-1999-0341 +CVE-1999-0340 +CVE-1999-0339 +CVE-1999-0338 +CVE-1999-0337 +CVE-1999-0335 +CVE-1999-0334 +CVE-1999-0332 +CVE-1999-0329 +CVE-1999-0328 +CVE-1999-0327 +CVE-1999-0326 +CVE-1999-0325 +CVE-1999-0324 +CVE-1999-0323 +CVE-1999-0322 +CVE-1999-0321 +CVE-1999-0320 +CVE-1999-0318 +CVE-1999-0316 +CVE-1999-0315 +CVE-1999-0314 +CVE-1999-0313 +CVE-1999-0312 +CVE-1999-0311 +CVE-1999-0310 +CVE-1999-0309 +CVE-1999-0308 +CVE-1999-0305 +CVE-1999-0304 +CVE-1999-0303 +CVE-1999-0302 +CVE-1999-0301 +CVE-1999-0300 +CVE-1999-0299 +CVE-1999-0297 +CVE-1999-0296 +CVE-1999-0295 +CVE-1999-0294 +CVE-1999-0293 +CVE-1999-0292 +CVE-1999-0291 +CVE-1999-0290 +CVE-1999-0289 +CVE-1999-0288 +CVE-1999-0281 +CVE-1999-0280 +CVE-1999-0279 +CVE-1999-0278 +CVE-1999-0277 +CVE-1999-0276 +CVE-1999-0275 +CVE-1999-0274 +CVE-1999-0273 +CVE-1999-0272 +CVE-1999-0270 +CVE-1999-0269 +CVE-1999-0268 +CVE-1999-0267 +CVE-1999-0266 +CVE-1999-0265 +CVE-1999-0264 +CVE-1999-0263 +CVE-1999-0262 +CVE-1999-0260 +CVE-1999-0259 +CVE-1999-0256 +CVE-1999-0252 +CVE-1999-0251 +CVE-1999-0248 +CVE-1999-0247 +CVE-1999-0245 +CVE-1999-0244 +CVE-1999-0239 +CVE-1999-0237 +CVE-1999-0236 +CVE-1999-0234 +CVE-1999-0233 +CVE-1999-0230 +CVE-1999-0228 +CVE-1999-0227 +CVE-1999-0225 +CVE-1999-0224 +CVE-1999-0223 +CVE-1999-0221 +CVE-1999-0219 +CVE-1999-0218 +CVE-1999-0217 +CVE-1999-0215 +CVE-1999-0214 +CVE-1999-0212 +CVE-1999-0211 +CVE-1999-0210 +CVE-1999-0209 +CVE-1999-0208 +CVE-1999-0207 +CVE-1999-0206 +CVE-1999-0204 +CVE-1999-0203 +CVE-1999-0202 +CVE-1999-0201 +CVE-1999-0196 +CVE-1999-0194 +CVE-1999-0192 +CVE-1999-0191 +CVE-1999-0190 +CVE-1999-0189 +CVE-1999-0188 +CVE-1999-0185 +CVE-1999-0184 +CVE-1999-0183 +CVE-1999-0182 +CVE-1999-0181 +CVE-1999-0180 +CVE-1999-0179 +CVE-1999-0178 +CVE-1999-0177 +CVE-1999-0176 +CVE-1999-0175 +CVE-1999-0174 +CVE-1999-0173 +CVE-1999-0172 +CVE-1999-0170 +CVE-1999-0168 +CVE-1999-0167 +CVE-1999-0166 +CVE-1999-0164 +CVE-1999-0162 +CVE-1999-0161 +CVE-1999-0160 +CVE-1999-0159 +CVE-1999-0158 +CVE-1999-0157 +CVE-1999-0155 +CVE-1999-0153 +CVE-1999-0152 +CVE-1999-0151 +CVE-1999-0150 +CVE-1999-0149 +CVE-1999-0148 +CVE-1999-0147 +CVE-1999-0146 +CVE-1999-0145 +CVE-1999-0143 +CVE-1999-0142 +CVE-1999-0141 +CVE-1999-0139 +CVE-1999-0138 +CVE-1999-0137 +CVE-1999-0136 +CVE-1999-0135 +CVE-1999-0134 +CVE-1999-0133 +CVE-1999-0132 +CVE-1999-0131 +CVE-1999-0130 +CVE-1999-0129 +CVE-1999-0128 +CVE-1999-0126 +CVE-1999-0125 +CVE-1999-0124 +CVE-1999-0122 +CVE-1999-0120 +CVE-1999-0118 +CVE-1999-0117 +CVE-1999-0116 +CVE-1999-0115 +CVE-1999-0113 +CVE-1999-0112 +CVE-1999-0111 +CVE-1999-0109 +CVE-1999-0108 +CVE-1999-0103 +CVE-1999-0102 +CVE-1999-0101 +CVE-1999-0100 +CVE-1999-0099 +CVE-1999-0097 +CVE-1999-0096 +CVE-1999-0095 +CVE-1999-0094 +CVE-1999-0093 +CVE-1999-0091 +CVE-1999-0090 +CVE-1999-0087 +CVE-1999-0085 +CVE-1999-0084 +CVE-1999-0083 +CVE-1999-0082 +CVE-1999-0081 +CVE-1999-0080 +CVE-1999-0079 +CVE-1999-0077 +CVE-1999-0075 +CVE-1999-0074 +CVE-1999-0073 +CVE-1999-0072 +CVE-1999-0071 +CVE-1999-0070 +CVE-1999-0069 +CVE-1999-0068 +CVE-1999-0067 +CVE-1999-0066 +CVE-1999-0065 +CVE-1999-0064 +CVE-1999-0063 +CVE-1999-0062 +CVE-1999-0060 +CVE-1999-0059 +CVE-1999-0058 +CVE-1999-0057 +CVE-1999-0056 +CVE-1999-0055 +CVE-1999-0054 +CVE-1999-0053 +CVE-1999-0052 +CVE-1999-0051 +CVE-1999-0050 +CVE-1999-0049 +CVE-1999-0048 +CVE-1999-0047 +CVE-1999-0046 +CVE-1999-0045 +CVE-1999-0044 +CVE-1999-0043 +CVE-1999-0042 +CVE-1999-0041 +CVE-1999-0040 +CVE-1999-0039 +CVE-1999-0038 +CVE-1999-0037 +CVE-1999-0036 +CVE-1999-0035 +CVE-1999-0034 +CVE-1999-0032 +CVE-1999-0031 +CVE-1999-0029 +CVE-1999-0028 +CVE-1999-0027 +CVE-1999-0026 +CVE-1999-0025 +CVE-1999-0024 +CVE-1999-0023 +CVE-1999-0022 +CVE-1999-0021 +CVE-1999-0019 +CVE-1999-0018 +CVE-1999-0017 +CVE-1999-0016 +CVE-1999-0014 +CVE-1999-0013 +CVE-1999-0012 +CVE-1999-0011 +CVE-1999-0010 +CVE-1999-0009 +CVE-1999-0008 +CVE-1999-0007 +CVE-1999-0006 +CVE-1999-0005 +CVE-1999-0003 +CVE-1999-0002 +CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...) + - apache2 2.0.40 +CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...) +CVE-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...) +CVE-2002-0646 + REJECTED +CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...) +CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...) +CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...) +CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) +CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) +CVE-2002-0636 + RESERVED +CVE-2002-0635 + RESERVED +CVE-2002-0634 + RESERVED +CVE-2002-0633 + RESERVED +CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) +CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) +CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...) +CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...) +CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...) +CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...) +CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...) +CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) +CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...) +CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...) +CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) +CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...) +CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...) +CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) +CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...) +CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...) +CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...) +CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...) +CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...) +CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...) +CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...) +CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...) +CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...) +CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...) +CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) +CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...) +CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) +CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...) +CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...) +CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) +CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...) +CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...) +CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...) +CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) +CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...) +CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) +CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...) +CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...) +CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) +CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) +CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...) +CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) +CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) +CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...) +CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...) +CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...) +CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...) +CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) +CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...) +CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...) +CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) +CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...) +CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...) +CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) +CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) +CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) +CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...) +CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...) +CVE-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) +CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...) +CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...) +CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...) +CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) +CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...) +CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...) +CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...) +CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...) +CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...) +CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) +CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...) +CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) +CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...) +CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) +CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...) +CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...) +CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...) +CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) +CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) +CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...) +CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...) +CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) +CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...) +CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...) +CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) +CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...) +CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) +CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) +CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...) +CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...) +CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...) +CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...) +CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...) +CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...) +CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...) +CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...) +CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...) +CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...) +CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...) +CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...) +CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...) +CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...) +CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...) +CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) +CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...) +CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...) +CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...) +CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...) +CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...) +CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) +CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...) +CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...) +CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) +CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) +CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) +CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) +CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) +CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...) +CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...) +CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) +CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) +CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) +CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) +CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...) +CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...) +CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...) +CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...) +CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...) +CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) +CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) +CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) +CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...) +CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...) +CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...) +CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...) +CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...) +CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...) +CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...) +CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) +CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) +CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) +CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) +CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) +CVE-2002-0418 (Directory traversal vulnerability in the ...) +CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) +CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...) +CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) +CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) +CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) +CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) +CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) +CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) +CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) +CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...) +CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) +CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) +CVE-2002-0390 + RESERVED +CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...) + {DSA-147} +CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...) +CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...) +CVE-2002-0383 + RESERVED +CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) +CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) +CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) +CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) +CVE-2002-0365 + RESERVED +CVE-2002-0361 + RESERVED +CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...) +CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) +CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) +CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) +CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...) +CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...) +CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...) +CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) +CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...) +CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...) +CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) +CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...) +CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...) +CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...) +CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...) +CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) +CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...) +CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) +CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) +CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) +CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...) +CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...) +CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) +CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...) +CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...) +CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...) +CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) +CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...) +CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...) +CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...) +CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...) +CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...) +CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...) +CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) +CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) +CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) +CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...) +CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) +CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...) +CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) +CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) +CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...) +CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...) +CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...) +CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...) +CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) +CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) +CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) +CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...) +CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...) +CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...) +CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...) +CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...) +CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...) +CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...) +CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...) +CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...) +CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...) +CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) +CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) +CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...) +CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...) +CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...) +CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...) +CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...) +CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...) +CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...) +CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...) +CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...) +CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) +CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) +CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) +CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) +CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) +CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...) +CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...) +CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...) +CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...) +CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) +CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) +CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) +CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...) +CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) +CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...) +CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...) +CVE-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...) +CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) +CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) +CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...) +CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...) +CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...) +CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...) +CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) +CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) +CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) +CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) +CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) +CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) +CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) +CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...) +CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...) +CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...) +CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...) +CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...) +CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) +CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) +CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) +CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) +CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) +CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) +CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...) +CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) +CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...) +CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) +CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) +CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...) +CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...) +CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) +CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) +CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...) +CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...) +CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) +CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) +CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...) +CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) +CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...) +CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...) +CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) +CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) +CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...) +CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...) +CVE-2002-0195 + RESERVED +CVE-2002-0194 + RESERVED +CVE-2002-0192 + REJECTED +CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) +CVE-2002-0182 + RESERVED +CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) +CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) +CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) +CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...) + {DSA-380} +CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) +CVE-2002-0161 + RESERVED +CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) +CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) +CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) +CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...) +CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) +CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...) +CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) +CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) +CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) +CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) +CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) +CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) +CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) +CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) +CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) +CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) +CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) +CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) +CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...) +CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...) +CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...) +CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) +CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) +CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) +CVE-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...) +CVE-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...) +CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...) +CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...) +CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) +CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...) +CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...) +CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...) +CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) +CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...) +CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) +CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) +CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) +CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) +CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) +CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...) +CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...) +CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...) +CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) +CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...) +CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...) +CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) +CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) +CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) +CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) +CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...) +CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) +CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...) +CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...) +CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) +CVE-2002-0035 + RESERVED +CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) +CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) +CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) +CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...) + {DSA-196} +CVE-2002-0019 + RESERVED +CVE-2002-0016 + RESERVED +CVE-2002-0015 + RESERVED diff --git a/data/CVE/2003.list b/data/CVE/2003.list new file mode 100644 index 0000000000..591af4195b --- /dev/null +++ b/data/CVE/2003.list @@ -0,0 +1,2602 @@ +CVE-2003-XXXX [Incomplete reporting of failed logins in login] + - login 1:4.0.3-36 (bug #192849) +CVE-2003-XXXX [fuzz: Insecure temp file usage] + - fuzz 0.6-7.1 (bug #183047) +CVE-2003-XXXX [libsafe: does not prevent some exploit types] + TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase + - libsafe <unfixed> (bug #173227; medium) +CVE-2003-XXXX [Insecure temp files in lilo] + - lilo 1:22.4-1 (bug #173238; bug #292073; low) +CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...) + - emacs21 21.3-1 (bug #286183; medium) + TODO: check xemacs21 +CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...) + NOT-FOR-US: ECW-Shop +CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...) + NOT-FOR-US: (FreeBSD) + NOTE: old freebsd, before it was introduced in Debian +CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...) + NOT-FOR-US: Sun JSSE and JRE +CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...) + - mathopd 1.5b14 +CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...) + - gallery 1.4.1 +CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...) + NOT-FOR-US: BEA +CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...) + NOT-FOR-US: BEA +CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...) + NOT-FOR-US: BEA +CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...) + NOT-FOR-US: BEA +CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...) + NOT-FOR-US: BEA +CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...) + NOT-FOR-US: BEA +CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...) + NOT-FOR-US: BEA +CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) + NOT-FOR-US: osCommerce +CVE-2003-1218 + RESERVED +CVE-2003-1217 + RESERVED +CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) + - phpbb2 2.0.8a-1 +CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) + - phpbb2 2.0.8a-1 +CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) + NOT-FOR-US: VisualShapers +CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...) + NOT-FOR-US: MaxWebPortal +CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...) + NOT-FOR-US: MaxWebPortal +CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...) + NOT-FOR-US: PHP-Nuke +CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...) + NOT-FOR-US: MaxWebPortal +CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...) + NOT-FOR-US: Monkey +CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...) + NOT-FOR-US: Oracle +CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...) + NOT-FOR-US: Crob +CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...) + NOT-FOR-US: Crob +CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...) + NOT-FOR-US: Crob +CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) + NOT-FOR-US: Mambo +CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...) + NOT-FOR-US: Mambo +CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) + NOT-FOR-US: LedForums +CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: HTTP Commander +CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...) + NOT-FOR-US: omail webmail +CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...) + - openldap2 2.1.17-1 +CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...) + NOT-FOR-US: MDaemon +CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...) + NOT-FOR-US: MyProxy +CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...) + - cherokee 0.4.21b01-1 +CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...) + NOT-FOR-US: VieBoard +CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...) + NOT-FOR-US: VieBoard +CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...) + NOT-FOR-US: Booby +CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...) + NOT-FOR-US: Portal DB +CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...) + NOT-FOR-US: IA WebMail Server +CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) + NOT-FOR-US: e107 +CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) + NOT-FOR-US: PHPRecipeBook +CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...) + NOT-FOR-US: Nokia IPSO +CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...) + NOT-FOR-US: Unichat +CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...) + NOT-FOR-US: PHPKIT +CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...) + NOT-FOR-US: TelCondex SimpleWebServer +CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...) + NOT-FOR-US: ThWboard +CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...) + NOT-FOR-US: ThWboard +CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...) + NOT-FOR-US: Oracle Collaboration Suite +CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...) + NOT-FOR-US: MPM Guestbook +CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Advanced Poll +CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) + NOT-FOR-US: Advanced Poll +CVE-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...) + NOT-FOR-US: Advanced Poll +CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...) + NOT-FOR-US: Advanced Poll +CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) + NOT-FOR-US: MERCUR Mailserver +CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...) + NOT-FOR-US: Web Wiz Forums +CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...) + NOT-FOR-US: Sympoll +CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) + NOT-FOR-US: NullSoft Shoutcast Server +CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) + NOT-FOR-US: Centrinity FirstClass +CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...) + NOT-FOR-US: Apache Software Foundation Cocoon +CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...) + - libapache-mod-security 1.8.4-1 +CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) + NOT-FOR-US: kpopup +CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) + NOT-FOR-US: DATEV Nutzungskontrolle +CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...) + NOT-FOR-US: kpopup +CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...) + NOT-FOR-US: HTTP Commander +CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...) + NOT-FOR-US: BRS WebWeaver +CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...) + - mldonkey 2.5.11-1 +CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...) + NOT-FOR-US: Ganglia gmond +CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) + NOT-FOR-US: Tritanium Bulletin Board +CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) + NOTE: ancient and unreleased source code with backdoor +CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...) + NOT-FOR-US: FlexWATCH +CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...) + NOT-FOR-US: Plug and Play Web Server +CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...) + NOT-FOR-US: Plug and Play Web Server +CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...) + NOT-FOR-US: Citrix +CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...) + NOT-FOR-US: Sun JRE/SDK +CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...) + - xcdroast 0.98+0alpha15-1 (bug #310046) + NOTE: woody seems to be vulnerable (see bug #310046) +CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...) + NOT-FOR-US: MAILsweeper +CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) + NOT-FOR-US: byteHoard +CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) + NOT-FOR-US: WebTide +CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...) + NOT-FOR-US: Fastream +CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) + NOT-FOR-US: Novell portmapper +CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...) + NOT-FOR-US: Symantec Norton Internet Security +CVE-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...) + NOT-FOR-US: Les Visiteurs +CVE-2003-1147 + REJECTED +CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) + NOT-FOR-US: Easy PHP Photo Album +CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...) + NOT-FOR-US: OpenAutoClassifieds +CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...) + NOT-FOR-US: Perception LiteServe +CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) + NOT-FOR-US: Croteam Serious Sam demo +CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) + NOT-FOR-US: NIPrint LPD-LPR +CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...) + NOT-FOR-US: NIPrint LPD-LPR +CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...) + NOT-FOR-US: Musicqueue +CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...) + NOT-FOR-US: Musicqueue +CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...) + - apache2 <not-affected> (Red Hat specific default config) +CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...) + NOT-FOR-US: sh-httpd +CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...) + NOT-FOR-US: Chi Kien Uong Guestbook +CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...) + NOT-FOR-US: Yahoo! Messenger +CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) + NOT-FOR-US: Sun JVM +CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...) + NOT-FOR-US: The Bat! +CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) + NOT-FOR-US: Cisco +CVE-2003-1131 (PHP remote code injection vulnerability in index.php in ...) + NOT-FOR-US: ActiveCampaign KnowledgeBuilder +CVE-2003-1130 + REJECTED +CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...) + NOT-FOR-US: Yahoo Audio Conferencing ActiveX control +CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) + NOT-FOR-US: X2 XMMS Remote +CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) + NOT-FOR-US: e-Gap +CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) + NOT-FOR-US: SunOne/iPlanet +CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...) + NOT-FOR-US: SunOne +CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) + NOT-FOR-US: Sun Management Center +CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) + NOT-FOR-US: Sun JRE +CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...) + NOT-FOR-US: ScriptLogic +CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) + NOT-FOR-US: ScriptLogic +CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) + NOT-FOR-US: SSH Tectia Server +CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...) + NOTE: does not affect openssh +CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) + - setiathome 3.04 +CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) + NOT-FOR-US: RealSystem Server +CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) + NOT-FOR-US: Oracle E-Business Suite +CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...) + NOT-FOR-US: Nortel Networks Succession Communication Server +CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...) + NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways +CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...) + NOT-FOR-US: IPTel SIP Express Router +CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...) + NOT-FOR-US: Ingate Firewall and Ingate SIParator +CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...) + NOT-FOR-US: dynamicsoft +CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...) + NOT-FOR-US: Columbia SIP User Agent +CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) + NOT-FOR-US: Cisco +CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...) + NOT-FOR-US: Alcatel +CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) + NOT-FOR-US: Microsoft +CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...) + NOT-FOR-US: MSIE +CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...) + NOT-FOR-US: IBM Tivoli Firewall Toolbox +CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) + NOT-FOR-US: Hummingbird CyberDOCS +CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...) + NOT-FOR-US: Hummingbird CyberDOCS +CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...) + NOT-FOR-US: Hummingbird CyberDOCS +CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...) + NOT-FOR-US: Hummingbird CyberDOCS +CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...) + NOT-FOR-US: shar on HP-UX +CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) + NOT-FOR-US: HP-UX) +CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) + NOT-FOR-US: HP-UX) +CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...) + NOT-FOR-US: Cisco +CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) + - file 3.4.1 +CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...) + NOT-FOR-US: Apple QuickTime/Darwin Streaming Server +CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...) + NOT-FOR-US: AbsoluteTelnet +CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) + NOT-FOR-US: Zorum +CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...) + NOT-FOR-US: Zorum +CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) + NOT-FOR-US: diagmond on HP-UX +CVE-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...) + NOT-FOR-US: pMachine +CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) + NOT-FOR-US: Thomson cable modem +CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) + - monit 1:4.2.1-1 +CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...) + - monit 1:4.2.1-1 +CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) + NOT-FOR-US: Solaris +CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) + NOT-FOR-US: Solaris +CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...) + NOT-FOR-US: Solaris +CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...) + NOT-FOR-US: Solaris +CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...) + NOT-FOR-US: Solaris +CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...) + NOT-FOR-US: Solaris +CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) + NOT-FOR-US: Solaris +CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...) + NOT-FOR-US: Solaris +CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...) + NOT-FOR-US: Solaris +CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...) + NOT-FOR-US: Solaris +CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...) + NOT-FOR-US: Solaris +CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...) + NOT-FOR-US: Solaris +CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...) + NOT-FOR-US: Solaris +CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) + NOT-FOR-US: Solaris +CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) + NOT-FOR-US: Solaris +CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...) + NOT-FOR-US: Solaris +CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) + NOT-FOR-US: Solaris +CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...) + NOT-FOR-US: Solaris +CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) + NOT-FOR-US: Solaris +CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...) + NOT-FOR-US: Solaris +CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) + NOT-FOR-US: Solaris +CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) + NOT-FOR-US: Solaris +CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...) + NOT-FOR-US: Solaris +CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...) + NOT-FOR-US: Solaris +CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) + NOT-FOR-US: Solaris +CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...) + NOT-FOR-US: Solaris +CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...) + NOT-FOR-US: Solaris +CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...) + NOT-FOR-US: Solaris +CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) + NOT-FOR-US: mod_access_referer +CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...) + - xshisen 1.51-1-1 (bug #213957) +CVE-2003-1565 + REJECTED +CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...) + NOT-FOR-US: IBM DB2 +CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...) + NOT-FOR-US: IBM DB2 +CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) + NOT-FOR-US: IBM DB2 +CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...) + NOT-FOR-US: IBM DB2 +CVE-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...) + NOT-FOR-US: microsoft +CVE-2003-1047 + REJECTED +CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) + - bugzilla 2.16.4-1 +CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...) + - bugzilla 2.16.4-1 +CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) + - bugzilla 2.16.4-1 +CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) + - bugzilla 2.16.4-1 +CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) + - bugzilla 2.16.4-1 +CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...) + NOT-FOR-US: microsoft +CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...) + NOTE: linux kernel kmod local DoS, fixed in all current kernels +CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) + NOT-FOR-US: SAP +CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...) + NOT-FOR-US: SAP +CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...) + NOT-FOR-US: SAP +CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...) + NOT-FOR-US: SAP +CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...) + NOT-FOR-US: SAP +CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...) + NOT-FOR-US: SAP +CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) + NOT-FOR-US: SAP +CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) + NOT-FOR-US: Pi3Web not in debian +CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) + NOT-FOR-US: VBulletin +CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...) + NOT-FOR-US: Dameware +CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...) + {DSA-425} +CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...) + NOT-FOR-US: microsoft +CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) + NOT-FOR-US: microsoft +CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) + NOT-FOR-US: microsoft +CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) + NOT-FOR-US: microsoft +CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) + NOT-FOR-US: solaris +CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) + {DSA-424} +CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...) + NOT-FOR-US: SCO +CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...) + - irssi-text 0.8.9-0.1 +CVE-2003-1019 + RESERVED +CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...) + NOT-FOR-US: AIX +CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) + - flashplugin-nonfree 7.0.25-1 +CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: Multiple vendor MIME quote bypass filtering + TODO: unchecked +CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) + - mime-tools 5.411-2 +CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: Multiple vendor MIME RFC822 comment bypass filtering + TODO: unchecked +CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...) + {DSA-407} + - ethereal 0.10.0-1 +CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) + {DSA-407} + - ethereal 0.10.0-1 +CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...) + NOT-FOR-US: Apple +CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...) + NOT-FOR-US: Apple +CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...) + NOT-FOR-US: Apple +CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) + NOT-FOR-US: Apple +CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...) + NOT-FOR-US: Apple +CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) + NOT-FOR-US: Apple +CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...) + NOT-FOR-US: Apple +CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) + NOT-FOR-US: Cisco +CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) + NOT-FOR-US: Cisco +CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) + NOT-FOR-US: Cisco +CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) + NOT-FOR-US: Cisco +CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...) + - xchat 2.0.7 + NOTE: apparently only DOS +CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...) + NOT-FOR-US: Solaris +CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer ...) + NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control +CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...) + NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control +CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...) + NOT-FOR-US: Microsoft +CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) + - mailman 2.1.3 +CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) + NOTE: apparenlty false/bad advisory + NOTE: http://www.securityfocus.com/archive/1/348366 + NOTE: possible problemsm before 1.4.2, 1.4.2 ok +CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...) + {DSA-425} + - tcpdump 3.8.1 +CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...) + - apache 1.3.29.0.2-5 +CVE-2003-0986 + RESERVED +CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) + NOTE: fixed in 2.4.24-rc1 +CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) + NOT-FOR-US: Cisco Unity on IBM servers +CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) + NOT-FOR-US: Cisco +CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) + NOT-FOR-US: visitorbook.pl +CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) + NOT-FOR-US: visitorbook.pl +CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...) + NOT-FOR-US: visitorbook.pl +CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...) + NOT-FOR-US: gpgkeys_hkp +CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) + - cvs 1:1.11.10 +CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) + NOT-FOR-US: netware +CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...) + NOTE: nor-for-us (MacOS) +CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...) + NOT-FOR-US: Applied Watch Command Center +CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...) + {DSA-452} +CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...) + {DSA-408} + - screen 4.0.2-0.1 +CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...) + {DSA-429} +CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...) + NOT-FOR-US: Sun Fire B1600 +CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...) + NOTE: freeradius module in question is not built in debian package + NOTE: buffer overflow apparently fixed in freeradius 1.0.1 +CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) + - freeradius 0.9.2-4 +CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...) + NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control +CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...) + {DSA-436} +CVE-2003-0964 + REJECTED +CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) + - lftp 2.6.10 +CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...) + {DSA-404} +CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...) + {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} + NOTE: do_brk hole + NOTE: fixed in 2.4.23-pre7 +CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) + NOT-FOR-US: OpenCA +CVE-2003-0959 + RESERVED +CVE-2003-0958 + RESERVED +CVE-2003-0957 + RESERVED +CVE-2003-0956 + RESERVED +CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) + NOT-FOR-US: OpenBSD +CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) + NOT-FOR-US: rcp +CVE-2003-0953 + RESERVED +CVE-2003-0952 + RESERVED +CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) + NOT-FOR-US: HP-UX +CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) + NOT-FOR-US: PeopleSoft PeopleTools +CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...) + {DSA-405} +CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...) + NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. +CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) + NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. +CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...) + - clamav 0.65 +CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...) + NOT-FOR-US: Web Database Manager in web-tools for SAP DB +CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...) + NOT-FOR-US: Web Database Manager in web-tools for SAP DB +CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...) + NOT-FOR-US: Web Database Manager in web-tools for SAP DB +CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...) + NOT-FOR-US: Web Database Manager in web-tools for SAP DB +CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) + NOT-FOR-US: Web Database Manager in web-tools for SAP DB +CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) + NOT-FOR-US: Web Database Manager in web-tools for SAP DB +CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...) + NOT-FOR-US: SAP database server (SAP DB) +CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) + NOT-FOR-US: SAP database server (SAP DB) +CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...) + NOT-FOR-US: UnixWare +CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...) + NOT-FOR-US: PCAnywhere +CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) + - net-snmp 5.0.9 +CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...) + NOT-FOR-US: Symbol Access Portable Data Terminal +CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) + {DSA-398} +CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...) + {DSA-400} +CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) + NOT-FOR-US: Sygate Enforcer +CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...) + NOT-FOR-US: Clearswift MAILsweeper +CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) + NOT-FOR-US: Clearswift MAILsweeper +CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) + NOT-FOR-US: Clearswift MAILsweeper +CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...) + {DSA-407} + - ethereal 0.9.16-0.1 +CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) + {DSA-407} + - ethereal 0.9.16-0.1 +CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) + {DSA-407} + - ethereal 0.9.16-0.1 +CVE-2003-0923 + RESERVED +CVE-2003-0922 + RESERVED +CVE-2003-0921 + RESERVED +CVE-2003-0920 + RESERVED +CVE-2003-0919 + RESERVED +CVE-2003-0918 + RESERVED +CVE-2003-0917 + RESERVED +CVE-2003-0916 + RESERVED +CVE-2003-0915 + RESERVED +CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...) + {DSA-409} +CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...) + NOT-FOR-US: MacOS +CVE-2003-0912 + RESERVED +CVE-2003-0911 + RESERVED +CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...) + NOT-FOR-US: Windows +CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...) + NOT-FOR-US: Windows +CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...) + NOT-FOR-US: Windows +CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) + NOT-FOR-US: Windows +CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) + NOT-FOR-US: Windows +CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) + NOT-FOR-US: Windows +CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) + {DSA-402} +CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...) + {DSA-397} +CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...) + - perl 5.8.2 +CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...) + {DSA-396} +CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...) + NOT-FOR-US: IBM DB2 +CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) + NOT-FOR-US: microsoft +CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) + NOT-FOR-US: Sun/Java +CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) + NOT-FOR-US: Apple +CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...) + NOT-FOR-US: Oracle +CVE-2003-0893 + RESERVED +CVE-2003-0892 + RESERVED +CVE-2003-0891 + RESERVED +CVE-2003-0890 + RESERVED +CVE-2003-0889 + RESERVED +CVE-2003-0888 + RESERVED +CVE-2003-0887 + RESERVED +CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) + {DSA-401} +CVE-2003-0885 + RESERVED +CVE-2003-0884 + RESERVED +CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) + NOT-FOR-US: Apple +CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...) + NOT-FOR-US: Apple +CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...) + NOT-FOR-US: Apple +CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...) + NOT-FOR-US: Apple +CVE-2003-0879 + REJECTED +CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...) + NOT-FOR-US: Apple +CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...) + NOT-FOR-US: Apple +CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...) + NOT-FOR-US: Apple +CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...) + NOTE: source package only + NOTE: openslp: slpd.all_init symlink vuln + NOTE: this file is not used in Debian, so it's not a problem for us. + NOTE: source package still distributes the file, however. + - openslp 1.0.11a-1 +CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) + NOT-FOR-US: Deskpro +CVE-2003-0873 + RESERVED +CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) + NOT-FOR-US: SCO +CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) + NOT-FOR-US: Apple +CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) + NOT-FOR-US: Opera +CVE-2003-0869 + RESERVED +CVE-2003-0868 + RESERVED +CVE-2003-0867 + REJECTED +CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) + {DSA-395} +CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) + {DSA-435} + - mpg123 0.59r-15 +CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...) + - ircd-irc2 2.10.3p5-1 +CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...) + NOTE: php4, this bug appears not to have been fixed. + NOTE: submitted to BTS on libapache-mod-php4 + NOTE: developer claims there is no problem +CVE-2003-0862 + REJECTED +CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) + - php4 4:4.3.3-1 +CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...) + - php4 4:4.3.3-1 +CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...) + NOTE: affects glibc 2.2.4, Debian uses 2.3.2 +CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) + {DSA-415} +CVE-2003-0857 + RESERVED +CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...) + {DSA-492} + - iproute 20010824-13.1 +CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...) + - pan 0.13.4-1 +CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...) + {DSA-705-1} + - coreutils 5.2.1-1 +CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...) + - coreutils 5.2.1-1 +CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) + - sylpheed-claws 0.9.8claws-1 +CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...) + NOTE: affects openssl 0.9.6. Testing uses 0.9.7. +CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) + {DSA-410} + - libnids1 1.18-1 +CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...) + - cfengine2 2.0.9+2.1.0b3-1 +CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...) + {DSA-428} + - slocate 2.7-3 +CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...) + NOT-FOR-US: SuSE +CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...) + NOT-FOR-US: SuSE +CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) + NOT-FOR-US: JBoss +CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) + NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode + NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. +CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) + NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode + NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. +CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) + NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode + NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. +CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...) + NOT-FOR-US: Peoplesoft +CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...) + NOT-FOR-US: HPUX +CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) + NOT-FOR-US: microsoft +CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) + NOT-FOR-US: microsoft +CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...) + NOT-FOR-US: IBM DB2 +CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) + NOT-FOR-US: IBM DB2 +CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) + NOT-FOR-US: mplayer +CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) + NOT-FOR-US: CDE +CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) + {DSA-392} + - webfs 1.20 +CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...) + {DSA-392} + - webfs 1.20 +CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...) + - proftpd 1.2.9-1 +CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...) + {DSA-390} + NOTE: marbles package not in testing or unstable +CVE-2003-0829 + RESERVED +CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...) + {DSA-391} + - freesweep 0.88-4.1 (bug #242616) +CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) + NOT-FOR-US: IBM DB2 +CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...) + {DSA-717-1} + - lsh-utils 1.4.2-6 +CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...) + NOT-FOR-US: microsoft +CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) + NOT-FOR-US: microsoft +CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) + NOT-FOR-US: microsoft +CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) + NOT-FOR-US: microsoft +CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...) + NOT-FOR-US: microsoft +CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) + NOT-FOR-US: microsoft +CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) + NOT-FOR-US: microsoft +CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) + NOT-FOR-US: microsoft +CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) + NOT-FOR-US: microsoft +CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) + NOT-FOR-US: microsoft +CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) + NOT-FOR-US: microsoft +CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) + NOT-FOR-US: microsoft +CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...) + NOT-FOR-US: microsoft +CVE-2003-0811 + RESERVED +CVE-2003-0810 + RESERVED +CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...) + NOT-FOR-US: microsoft +CVE-2003-0808 + RESERVED +CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) + NOT-FOR-US: microsoft +CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...) + NOT-FOR-US: microsoft +CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...) + {DSA-387} + NOTE: gopherd not in testing or unstable (deprecated) +CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...) + NOT-FOR-US: BSD +CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) + NOT-FOR-US: Nokia +CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) + NOT-FOR-US: Nokia +CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) + NOT-FOR-US: Nokia +CVE-2003-0800 + RESERVED +CVE-2003-0799 + RESERVED +CVE-2003-0798 + RESERVED +CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) + NOT-FOR-US: SGI IRIX +CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) + NOT-FOR-US: SGI IRIX +CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...) + {DSA-415} +CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) + - gdm 2.4.4.4 +CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...) + - gdm 2.4.4.4 +CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) + - fetchmail 6.2.5 +CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...) + - mozilla-browser 2:1.5 +CVE-2003-0790 + REJECTED +CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) + - apache2 2.0.48 +CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...) + - cupsys 1.1.19 +CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) + - ssh 1:3.7.1p2 +CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...) + - ssh 1:3.7.1p2 +CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...) + {DSA-389} +CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) + NOT-FOR-US: IBM TSM +CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) + {DSA-385} +CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...) + {DSA-467} +CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...) + {DSA-467} +CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...) + {DSA-381} +CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...) + - asterisk 0.7.0 +CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) + {DSA-379} +CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...) + {DSA-379} +CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) + {DSA-379} +CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...) + {DSA-379} +CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...) + {DSA-379} +CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) + {DSA-379} +CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) + NOT-FOR-US: WS_FTP server +CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...) + - libapache-gallery-perl 0.7 +CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...) + NOT-FOR-US: IkonBoard +CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...) + NOT-FOR-US: ICQ Web Front +CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) + NOT-FOR-US: microsoft +CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...) + NOT-FOR-US: RogerWilco +CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...) + NOT-FOR-US: ftp desktop (windows) +CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...) + NOT-FOR-US: winamp +CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...) + NOT-FOR-US: Escapade Scripting Engine (ESP +CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) + NOT-FOR-US: Escapade Scripting Engine (ESP +CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...) + NOT-FOR-US: foxweb +CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...) + - asterisk 0.5.0 +CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: optisoft blubster +CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...) + NOT-FOR-US: IBM DB2 +CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...) + NOT-FOR-US: IBM DB2 +CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) + NOT-FOR-US: check point firewall +CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...) + NOT-FOR-US: sitebuilder +CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...) + NOT-FOR-US: gtkftpd +CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) + NOT-FOR-US: newsPHP +CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...) + NOT-FOR-US: newsPHP +CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...) + NOT-FOR-US: AttilaPHP +CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...) + NOT-FOR-US: PY-Membres +CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...) + NOT-FOR-US: PY-Membres +CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) + NOT-FOR-US: SAP +CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...) + NOT-FOR-US: SAP +CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...) + NOT-FOR-US: SAP +CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...) + NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb +CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...) + NOT-FOR-US: castlerock SNMPc +CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...) + - leafnode 1.9.42 +CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) + {DSA-376} + - exim 3.36-8 +CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) + NOT-FOR-US: SCO +CVE-2003-0741 + RESERVED +CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) + - stunnel 2:3.26 + - stunnel4 2:4.04 +CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...) + NOT-FOR-US: VMware +CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) + NOT-FOR-US: phpWebSite +CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) + NOT-FOR-US: phpWebSite +CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...) + NOT-FOR-US: phpWebSite +CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) + NOT-FOR-US: phpWebSite +CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...) + - libpam-ldap 164-1 + - libnss-ldap 207-1 +CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...) + NOT-FOR-US: BEA weblogic +CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) + NOT-FOR-US: cisco +CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) + NOT-FOR-US: cisco +CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...) + {DSA-380} +CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...) + NOT-FOR-US: tellurian tftpdNT +CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) + - horde2 2.2.4 +CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) + NOT-FOR-US: oracle +CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) + NOT-FOR-US: RealOne player +CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...) + NOT-FOR-US: Real Networks Server / Helix Server +CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...) + NOT-FOR-US: HP Tru64 +CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) + - gkrellmd 2.1.14 +CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...) + NOT-FOR-US: solaris +CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...) + - pine 4.58 +CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) + - pine 4.58 +CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) + NOT-FOR-US: microsoft +CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...) + NOT-FOR-US: microsoft +CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...) + NOT-FOR-US: microsoft +CVE-2003-0716 + RESERVED +CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...) + NOT-FOR-US: microsoft +CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...) + NOT-FOR-US: microsoft +CVE-2003-0713 + RESERVED +CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) + NOT-FOR-US: microsoft +CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...) + NOT-FOR-US: pchealth for windows +CVE-2003-0710 + RESERVED +CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...) + - whois 4.6.7 +CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) + {DSA-375} +CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...) + {DSA-375} +CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...) + {DSA-378} +CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) + {DSA-378} +CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...) + NOT-FOR-US: KisMAC for Mac OS X +CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...) + NOT-FOR-US: KisMAC for Mac OS X +CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) + NOT-FOR-US: microsoft +CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) + NOT-FOR-US: microsoft +CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...) + NOTE: fixed in 2.4.22-pre3 +CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) + NOTE: fixed in 2.4.21-rc2 +CVE-2003-0698 + REJECTED + NOTE: see CVE-2003-0743 +CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) + NOT-FOR-US: AIX +CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...) + NOT-FOR-US: AIX +CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) + {DSA-383 DSA-382} +CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...) + {DSA-384} +CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...) + {DSA-383 DSA-382} + - openssh 1:3.6.1p2-6.0 +CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...) + {DSA-388} +CVE-2003-0691 + RESERVED +CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...) + {DSA-443 DSA-388} +CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) + - libc6 2.2.5 +CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...) + - sendmail 8.12.9 +CVE-2003-0687 + REJECTED +CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...) + {DSA-374} +CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...) + {DSA-372} +CVE-2003-0684 + RESERVED +CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) + NOT-FOR-US: SGI +CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) + {DSA-383 DSA-382} + - openssh 1:3.6.1p2-9 +CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) + {DSA-384} +CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) + NOT-FOR-US: SGI IRIX +CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) + NOT-FOR-US: SGI IRIX +CVE-2003-0678 + RESERVED +CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) + NOT-FOR-US: Cisco +CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) + NOT-FOR-US: Sun iPlanet +CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...) + {DSA-370} +CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) + NOT-FOR-US: sustworks IPNetSentryX +CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...) + NOT-FOR-US: sustworks IPNetSentryX +CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...) + NOT-FOR-US: solaris +CVE-2003-0668 + RESERVED +CVE-2003-0667 + RESERVED +CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...) + NOT-FOR-US: microsoft +CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...) + NOT-FOR-US: microsoft +CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...) + NOT-FOR-US: microsoft +CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...) + NOT-FOR-US: microsoft +CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...) + NOT-FOR-US: microsoft +CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) + NOT-FOR-US: microsoft +CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...) + NOT-FOR-US: microsoft +CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...) + NOT-FOR-US: microsoft +CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...) + NOT-FOR-US: docview / caldera +CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...) + {DSA-365} +CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) + {DSA-366} +CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...) + - cdrecord 4:2.0+a18-1 +CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...) + {DSA-373} +CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...) + NOT-FOR-US: NetBSD +CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...) + {DSA-367} +CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...) + NOT-FOR-US: mod_mylo for apache +CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...) + NOT-FOR-US: gamespy +CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...) + {DSA-368} +CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...) + {DSA-472} +CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...) + NOT-FOR-US: Cisco +CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...) + NOT-FOR-US: ActiveX +CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) + {DSA-364} +CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...) + - kdbg 1.2.9-1 +CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...) + {DSA-358} + NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3) +CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...) + NOT-FOR-US: Watchguard / win +CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...) + NOT-FOR-US: Watchguard / win +CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...) + NOT-FOR-US: BEA WebLogic +CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...) + NOT-FOR-US: novell ichain +CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...) + NOT-FOR-US: novell ichain +CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...) + NOT-FOR-US: novell ichain +CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) + NOT-FOR-US: novell ichain +CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...) + NOT-FOR-US: novell ichain +CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...) + NOT-FOR-US: oracle +CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) + NOT-FOR-US: oracle +CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) + NOT-FOR-US: oracle +CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...) + NOT-FOR-US: VMware +CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...) + {DSA-359} +CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...) + NOT-FOR-US: peoplesoft +CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) + NOT-FOR-US: peoplesoft +CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) + NOT-FOR-US: peoplesoft +CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) + NOT-FOR-US: peoplesoft +CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) + {DSA-360} +CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) + NOT-FOR-US: BEA WebLogic +CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) + NOT-FOR-US: BEA Tuxedo +CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) + NOT-FOR-US: BEA Tuxedo +CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) + NOT-FOR-US: BEA Tuxedo +CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) + {DSA-364} +CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...) + {DSA-358} + NOTE: fixed in 2.4.21-pre3 +CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...) + {DSA-431} +CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) + {DSA-362} +CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...) + NOT-FOR-US: McAfee +CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...) + {DSA-371} +CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) + {DSA-355} +CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...) + {DSA-369} +CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...) + - crafty 19.3-1 +CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...) + {DSA-356} +CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...) + NOT-FOR-US: McAfee +CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) + NOT-FOR-US: Solaris +CVE-2003-0608 + RESERVED +CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...) + {DSA-354} +CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...) + {DSA-353} + - sup 1.8-9 +CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...) + NOT-FOR-US: Microsoft +CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...) + - bugzilla 2.16.3 + NOTE: in 2.17.x : we need at least 2.17.4 +CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) + - bugzilla 2.16.3 + NOTE: in 2.17.x : we need at least 2.17.4 +CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...) + NOT-FOR-US: Apple +CVE-2003-0600 + RESERVED +CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) + {DSA-365} +CVE-2003-0598 + REJECTED +CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...) + NOT-FOR-US: Unixware +CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...) + {DSA-352} + - fdclone 2.02a +CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...) + NOT-FOR-US: WiTango Application Server and Tango 2000 +CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...) + NOTE: cannot find reference to it being fixed. + TODO: check +CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...) + NOT-FOR-US: opera +CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...) + {DSA-459} +CVE-2003-0591 + REJECTED +CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) + NOT-FOR-US: Splatt Forum +CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...) + NOT-FOR-US: Digi-ads +CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...) + NOT-FOR-US: Digi-news +CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) + NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB) +CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...) + NOT-FOR-US: Brooky eStore +CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...) + NOT-FOR-US: Brooky eStore +CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...) + NOT-FOR-US: BRU +CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) + NOT-FOR-US: BRU +CVE-2003-0582 + REJECTED +CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) + {DSA-360} +CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...) + NOT-FOR-US: IBM U2 UniVerse +CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...) + NOT-FOR-US: IBM U2 UniVerse +CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) + NOT-FOR-US: IBM U2 UniVerse +CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) + - mpg123 0.59r-1 +CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) + NOT-FOR-US: IRIX +CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) + NOT-FOR-US: IRIX +CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...) + NOT-FOR-US: IRIX +CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) + NOT-FOR-US: IRIX +CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) + NOT-FOR-US: IRIX +CVE-2003-0571 + RESERVED +CVE-2003-0570 + RESERVED +CVE-2003-0569 + RESERVED +CVE-2003-0568 + RESERVED +CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) + NOT-FOR-US: Cisco +CVE-2003-0566 + RESERVED +CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...) + NOTE: affects many implementations of the X.400 protocol + TODO: see if anything in debian uses X.400 and is vulnerable. +CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...) + NOTE: affects multiple S/MIME implementations + NOTE: checked current mozilla, which contains safe NSS 3.9.1 + - mozilla 2:1.7.3 + TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable +CVE-2003-0563 + RESERVED +CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) + NOT-FOR-US: Novell Netware +CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) + NOT-FOR-US: IglooFTP +CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...) + NOT-FOR-US: VP-ASP +CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) + NOT-FOR-US: phpforum +CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...) + NOT-FOR-US: LeapFTP +CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...) + NOT-FOR-US: StoreFront +CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Polycom MGC +CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) + NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 +CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...) + NOT-FOR-US: NeoModus Direct Connect +CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) + NOT-FOR-US: Netscape +CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre3 +CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre3 +CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre3 +CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) + - gdm 2.4.1.5 +CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) + - gdm 2.4.1.5 +CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...) + - gdm 2.4.1.5 +CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) + NOT-FOR-US: up2date +CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) + {DSA-394 DSA-393} +CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...) + {DSA-394 DSA-393} +CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) + {DSA-394 DSA-393} +CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...) + - apache2 2.0.48 + - apache 1.3.29 +CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...) + {DSA-710-1} + NOTE: does not affect evolution on debian + - gtkhtml 1.0.4-6.2 +CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...) + {DSA-363} +CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...) + {DSA-343} +CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...) + {DSA-342} +CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...) + {DSA-341} +CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) + {DSA-346} +CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...) + {DSA-345} +CVE-2003-0534 + RESERVED +CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...) + NOT-FOR-US: Microsoft +CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) + NOT-FOR-US: Microsoft +CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) + NOT-FOR-US: Microsoft +CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) + NOT-FOR-US: Microsoft +CVE-2003-0529 + RESERVED +CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...) + NOT-FOR-US: Microsoft +CVE-2003-0527 + RESERVED +CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) + NOT-FOR-US: Microsoft +CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...) + NOT-FOR-US: Microsoft +CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...) + NOTE: appears specific to the knoppix CD +CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...) + NOT-FOR-US: ProductCart +CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...) + NOT-FOR-US: ProductCart +CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) + NOT-FOR-US: cPanel is not our cpanel +CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) + NOT-FOR-US: Trillian +CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...) + NOT-FOR-US: Microsoft +CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) + NOT-FOR-US: MacOS +CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...) + - mgetty 1.1.29 (bug #199351) +CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...) + - mgetty 1.1.29 (bug #199351) +CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...) + {DSA-347} +CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) + NOT-FOR-US: Safari +CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) + NOT-FOR-US: MSIE +CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) + NOT-FOR-US: Cisco +CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) + NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices +CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) + NOT-FOR-US: ezbounce +CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) + NOT-FOR-US: Cyberstrong eShop +CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...) + NOT-FOR-US: acroread +CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) + NOT-FOR-US: Microsoft +CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...) + NOT-FOR-US: Microsoft +CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...) + NOT-FOR-US: Microsoft +CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) + {DSA-365} +CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...) + NOT-FOR-US: Microsoft +CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) + NOT-FOR-US: Apple Quicktime +CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre10 +CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...) + {DSA-338} +CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) + {DSA-335} +CVE-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...) + NOT-FOR-US: Intersystems Cache database +CVE-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...) + NOT-FOR-US: Intersystems Cache database +CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) + NOT-FOR-US: Microsoft +CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) + NOT-FOR-US: lednews; not in debian +CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...) + NOT-FOR-US: snitz forums; not in debian +CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) + NOT-FOR-US: snitz forums; not in debian +CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...) + NOT-FOR-US: snitz forums; not in debian +CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) + NOT-FOR-US: xoop; not in debian +CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) + NOT-FOR-US: Dantz Retrospect +CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...) + {DSA-330} +CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) + NOT-FOR-US: Kerio Mail server +CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...) + NOT-FOR-US: Kerio Mail server +CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...) + - phpbb2 2.0.6 +CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...) + NOT-FOR-US: Progress 4GL Compiler +CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...) + - phpbb2 2.0.6d-3 +CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) + NOT-FOR-US: XMB Forum +CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...) + - tutos 1.1.20030715-1 +CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) + - tutos 1.1.20030715-1 +CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...) + NOT-FOR-US: VMware +CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...) + NOT-FOR-US: WebBBS; not in debian +CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...) + NOT-FOR-US: bahamut and other irc daemons; not in debian +CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...) + - wzdftpd 0.2 +CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre4 +CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...) + NOT-FOR-US: iWeb server +CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...) + NOT-FOR-US: iWeb server +CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...) + NOT-FOR-US: SGI IRIX +CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) + NOT-FOR-US: SGI IRIX +CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...) + NOT-FOR-US: webadmin / win +CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...) + NOT-FOR-US: symantec activex +CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) + NOT-FOR-US: microsoft +CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...) + {DSA-363} +CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...) + NOTE: fixed in linux 2.4.21 +CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) + {DSA-357} +CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) + NOTE: generic .c version fixed in 2.6.x but not in 2.4.x + NOTE: arch specific asm versions: + NOTE: x86 is not affected + NOTE: ppc32 fixed in 2.4.22-rc4 + NOTE: not an issue on alpha, see bug #280492 + - kernel-source-2.4.27 2.4.27-8 + NOTE: above fixes s390x, ppc64 and s390 and generic C version +CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) + NOTE: fixed in linux 2.4.22-pre8 +CVE-2003-0463 + RESERVED +CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...) + {DSA-423 DSA-358} +CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...) + {DSA-423 DSA-358} +CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...) + NOT-FOR-US: apache for win and os/2 +CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) + {DSA-361} +CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) + NOT-FOR-US: HP +CVE-2003-0457 + RESERVED + - mysql-dfsg 4.0.21-4 +CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...) + NOT-FOR-US: visnetic website +CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...) + {DSA-331} +CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...) + {DSA-334} +CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...) + {DSA-348} +CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...) + {DSA-329} +CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) + {DSA-327} +CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...) + {DSA-321} +CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...) + NOT-FOR-US: progress database +CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...) + NOT-FOR-US: portmon; not in debian +CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...) + NOT-FOR-US: microsoft +CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) + NOT-FOR-US: microsoft +CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...) + {DSA-328} +CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...) + {DSA-337} +CVE-2003-0443 + RESERVED +CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...) + {DSA-351} +CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...) + {DSA-326} +CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) + {DSA-339} +CVE-2003-0439 + RESERVED +CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) + {DSA-325} +CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...) + - mnogosearch-common 3.2.11 +CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...) + - mnogosearch-common 3.2.11 +CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...) + {DSA-322} +CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) + NOTE: various pdf viewers + NOTE: kpdf does not seem to support hyperlinks; so not vulnerable + NOTE: gpdf 2.8.0 does not seem to be vulnerable + - xpdf 2.02pl1-1 +CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...) + {DSA-315} +CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) + {DSA-324} +CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) + {DSA-324} +CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...) + - ethereal 0.9.13 +CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...) + {DSA-324} +CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...) + {DSA-324} +CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) + {DSA-320} +CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...) + NOT-FOR-US: Apple +CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...) + NOT-FOR-US: Apple +CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) + NOT-FOR-US: Apple +CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...) + NOT-FOR-US: Apple +CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) + NOT-FOR-US: Apple +CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) + NOT-FOR-US: Apple +CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...) + NOT-FOR-US: Apple +CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) + NOT-FOR-US: SMC +CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) + NOTE: only linux 2.0.x +CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...) + NOT-FOR-US: Son hServer +CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) + NOT-FOR-US: bandmin; +CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) + NOT-FOR-US: Remote PC Access +CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) + NOT-FOR-US: Sun ONE +CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) + NOT-FOR-US: Sun ONE +CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...) + NOT-FOR-US: Sun ONE +CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...) + NOT-FOR-US: Sun ONE +CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...) + NOT-FOR-US: AnalogX proxy +CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...) + NOT-FOR-US: BRS WebWeaver +CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) + NOT-FOR-US: Uptimes Project upclient; +CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...) + - gbatnav 1.0.4-4 +CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...) + NOT-FOR-US: PalmVNC +CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...) + NOT-FOR-US: Vignette +CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...) + NOT-FOR-US: Vignette +CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...) + NOT-FOR-US: Vignette +CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) + NOT-FOR-US: Vignette +CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...) + NOT-FOR-US: Vignette +CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) + NOT-FOR-US: Vignette / AIX +CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...) + NOT-FOR-US: Vignette StoryServer +CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...) + NOT-FOR-US: Vignette StoryServer +CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) + NOT-FOR-US: FastTrack network code (Kazaa) +CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...) + - linux-atm 2.4.1 +CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...) + NOT-FOR-US: BLNews +CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...) + NOT-FOR-US: Privacyware Privatefirewall +CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) + NOT-FOR-US: ST FTP Service (DOS) +CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) + NOT-FOR-US: Magic WinMail Server +CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) + - opt 3.19 +CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...) + NOT-FOR-US: RSA ACE/Agent +CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...) + NOTE: pam is not vulnerable in default confuguration + NOTE: pam is not vulnerable at all in sarge, according to maintainer +CVE-2003-0387 + RESERVED +CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) + NOTE: fixed in current openssh, which always does reverse mapping now +CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...) + {DSA-310} + - xaos 3.1r-4 +CVE-2003-0384 + RESERVED +CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...) + {DSA-309} +CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...) + {DSA-323} +CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...) + {DSA-314} +CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) + NOT-FOR-US: MaxOS +CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) + NOT-FOR-US: MaxOS +CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) + NOT-FOR-US: iisPROTECT +CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...) + NOT-FOR-US: Eudora +CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) + NOT-FOR-US: XMBforum aka Partagium) +CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) + - nessus 2.0.6 +CVE-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...) + - nessus 2.0.6 +CVE-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...) + - nessus 2.0.6 +CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) + NOT-FOR-US: Prishtina FTP client +CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...) + {DSA-361} +CVE-2003-0369 + RESERVED +CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...) + NOT-FOR-US: Nokia Gateway GPRS +CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...) + {DSA-308} +CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) + {DSA-318} +CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...) + NOT-FOR-US: ICQLite +CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) + {DSA-442 DSA-336 DSA-332 DSA-311} +CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...) + - licq 1.2-7-1 +CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) + {DSA-307} +CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) + {DSA-307} +CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) + {DSA-307} +CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...) + {DSA-316} +CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...) + {DSA-350 DSA-316} +CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...) + {DSA-313} +CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...) + {DSA-313} +CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) + NOT-FOR-US: Safari +CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) + - gs-gpl 7.07 +CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...) + NOT-FOR-US: Microsoft +CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2003-0351 + REJECTED +CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...) + NOT-FOR-US: Microsoft +CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) + NOT-FOR-US: Microsoft +CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...) + NOT-FOR-US: Microsoft +CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) + NOT-FOR-US: Microsoft +CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) + NOT-FOR-US: Microsoft +CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) + NOT-FOR-US: Microsoft +CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...) + NOT-FOR-US: Microsoft +CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) + NOT-FOR-US: BlackMoon FTP Server +CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) + NOT-FOR-US: BlackMoon FTP Server +CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...) + NOT-FOR-US: Owl Intranet Engine +CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...) + NOT-FOR-US: Puresecure +CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...) + NOT-FOR-US: WsMp3 +CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) + NOT-FOR-US: WsMp3 +CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...) + NOT-FOR-US: lsadmin +CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) + NOT-FOR-US: Eudora +CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...) + NOT-FOR-US: Slaskware specific +CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...) + - ircii-pana 1:1.0-0c19.20030512-1 +CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) + NOT-FOR-US: C-Kermit on HP-UX +CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...) + NOT-FOR-US: BadBlue +CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...) + NOT-FOR-US: ttForum +CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) + NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. +CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...) + NOT-FOR-US: CesarFTP +CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...) + {DSA-399 DSA-306} +CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...) + NOT-FOR-US: Sybase Adaptive Server Enterprise +CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) + NOTE: bug does exist in slocate. + NOTE: only impacts security if kernel has been recompiled to allow + NOTE: an absurd 536870912 bytes of command line arguments. This is + NOTE: very unlikely, and if you do exploit it, you get only slocate + NOTE: gid. +CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...) + NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. +CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...) + {DSA-287} +CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...) + {DSA-298 DSA-291} +CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...) + {DSA-306} +CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...) + {DSA-306} +CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) + NOT-FOR-US: ttCMS +CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...) + NOT-FOR-US: SmartMax MailMax +CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) + NOT-FOR-US: PHP-Nuke +CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...) + NOT-FOR-US: iisPROTECT +CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...) + NOT-FOR-US: Venturi Client +CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Snowblind Web Server +CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Snowblind Web Server +CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) + NOT-FOR-US: Snowblind Web Server +CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) + NOT-FOR-US: Snowblind Web Server +CVE-2003-0311 + RESERVED +CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...) + NOTE: author apparently fixed hole by time vuln was reported, + NOTE: and I guess that fix made it into new upstream versions, + NOTE: but I did not check in detail +CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) + NOT-FOR-US: MSIE +CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) + {DSA-305} +CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...) + NOT-FOR-US: Poster version.two +CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...) + NOT-FOR-US: Windows +CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) + NOT-FOR-US: Cisco +CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...) + NOT-FOR-US: one||zero (aka One or Zero) Helpdesk +CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...) + NOT-FOR-US: one||zero (aka One or Zero) Helpdesk +CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) + NOT-FOR-US: Eudora +CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...) + NOT-FOR-US: Microsort +CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...) + NOTE: sylpheed and sylpheed-claws might still be vulnerable + NOTE: but it's only a crasher +CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) + NOTE: mutt and balsa might still be vulnerable + NOTE: but it's only a crasher +CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) + - mozilla 2:1.5-1 + NOTE: May have been fixed in an earlier version. Not clear how + NOTE: Mozilla's a/b versions map to the Debian version. +CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...) + - uw-imap 7:2002c + NOTE: did not check pine +CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...) + - evolution 1.3.2 +CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) + NOT-FOR-US: vBulletin +CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) + NOT-FOR-US: php-proxima +CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...) + NOT-FOR-US: PalmOS +CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...) + NOT-FOR-US: Inktomi +CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...) + NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router +CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) + NOT-FOR-US: eServ +CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...) + - cdrtools 4:2.0+a14-1 +CVE-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...) + NOT-FOR-US: IP Messenger for Win +CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...) + NOT-FOR-US: Movable Type +CVE-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...) + NOT-FOR-US: Snitz Forums +CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) + NOT-FOR-US: bad sendmail config on AIX +CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...) + NOT-FOR-US: Adobe Acrobat +CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) + NOT-FOR-US: Phorum +CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...) + {DSA-344} +CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...) + - firebird2 1.5.1-1 + NOTE: firebird (1) in debian is very insecure and vulnerable, but + NOTE: the server is not included, just the libraries. See bug #251458 +CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...) + NOT-FOR-US: SMTP Service for ESMTP CMailServer +CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) + NOT-FOR-US: PHP-Nuke +CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...) + NOT-FOR-US: HappyMail +CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...) + NOT-FOR-US: HappyMail +CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...) + NOT-FOR-US: Pi3Web +CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: YaBB SE +CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...) + NOT-FOR-US: ListProc +CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...) + NOTE: old version of Request Tracker not in debian. +CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...) + NOT-FOR-US: miniPortail +CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...) + NOT-FOR-US: Personal FTP Server +CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) + NOT-FOR-US: Apple Airport +CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) + NOT-FOR-US: youbin +CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) + NOT-FOR-US: SLWebMail on Windows +CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...) + NOT-FOR-US: SLWebMail on Windows +CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...) + NOT-FOR-US: SLWebMail on Windows +CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...) + NOT-FOR-US: SDBINST for SAP database +CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) + NOT-FOR-US: SLMail +CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...) + NOT-FOR-US: FTGatePro +CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) + {DSA-299} +CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...) + {DSA-302} +CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) + NOT-FOR-US: Cisco +CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) + NOT-FOR-US: Cisco +CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) + NOT-FOR-US: Cisco +CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) + NOT-FOR-US: AIX +CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) + - kopete 3.2.0 +CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...) + - gnupg 1.2.2 +CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) + - apache2 2.0.47 +CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...) + - apache2 2.0.47 +CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) + {DSA-349} +CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) + NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 + - nis 3.11 +CVE-2003-0250 + RESERVED +CVE-2003-0249 + RESERVED +CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...) + - apache2 2.0.46 +CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) + NOT-FOR-US: Happycgi.com Happymall +CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...) + NOT-FOR-US: MacOS +CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...) + NOT-FOR-US: FrontRange GoldMine / win +CVE-2003-0240 (The web-based administration capability for various Axis Network ...) + NOT-FOR-US: Axis Network Camera +CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...) + NOT-FOR-US: Mirabilis ICQ / windows +CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...) + NOT-FOR-US: Mirabilis ICQ / windows +CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) + NOT-FOR-US: Mirabilis ICQ / windows +CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...) + NOT-FOR-US: Mirabilis ICQ / windows +CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) + NOT-FOR-US: Mirabilis ICQ / windows +CVE-2003-0234 + RESERVED +CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...) + NOT-FOR-US: microsoft +CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...) + NOT-FOR-US: microsoft +CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...) + NOT-FOR-US: microsoft +CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...) + NOT-FOR-US: microsoft +CVE-2003-0229 + RESERVED +CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...) + NOT-FOR-US: microsoft +CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) + NOT-FOR-US: microsoft +CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...) + NOT-FOR-US: microsoft +CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) + NOT-FOR-US: microsoft +CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...) + NOT-FOR-US: microsoft +CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...) + NOT-FOR-US: microsoft +CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) + NOT-FOR-US: oracle +CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) + NOT-FOR-US: HP tru64 +CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) + NOT-FOR-US: Kerio Personal Firewall +CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) + NOT-FOR-US: Kerio Personal Firewall +CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...) + NOT-FOR-US: Monkey http daemon; not in debian +CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...) + NOT-FOR-US: Neoteris Instant Virtual Extranet +CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...) + NOT-FOR-US: cisco +CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...) + NOT-FOR-US: bttlxeForum / win +CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...) + {DSA-292} +CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...) + {DSA-295} +CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...) + {DSA-289} +CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) + - xinetd 1:2.3.11 +CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...) + NOT-FOR-US: cisco +CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...) + {DSA-297} +CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...) + NOT-FOR-US: macromedia flash +CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...) + {DSA-286} +CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) + {DSA-294} +CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) + {DSA-294} +CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...) + {DSA-296 DSA-293 DSA-284} +CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) + {DSA-281} +CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...) + {DSA-279} +CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) + {DSA-280} +CVE-2003-0200 + RESERVED +CVE-2003-0199 + RESERVED +CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) + NOT-FOR-US: MacOS +CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) + NOT-FOR-US: Interbase Database +CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...) + {DSA-280} +CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...) + {DSA-317} +CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...) + NOTE: apparently a redhat specific compilation prolem of tcpdump +CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) + {DSA-575-1} + - catdoc 0.91.5-2 +CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...) + - apache2 2.0.47 +CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...) + - ssh 1:3.8.1p1-8.sarge.4 +CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...) + - apache2 2.0.46 +CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...) + {DSA-304} +CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...) + NOTE: only affects kernel 2.4.19, 2.4.20. +CVE-2003-0186 + RESERVED +CVE-2003-0185 + RESERVED +CVE-2003-0184 + RESERVED +CVE-2003-0183 + RESERVED +CVE-2003-0182 + RESERVED +CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) + NOT-FOR-US: Lotus Domino Web Server +CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) + NOT-FOR-US: Lotus Domino Web Server +CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...) + NOT-FOR-US: Lotus Domino Web Server +CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...) + NOT-FOR-US: Lotus Domino Web Server +CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...) + NOT-FOR-US: IRIX +CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...) + NOT-FOR-US: IRIX +CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) + NOT-FOR-US: IRIX +CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...) + NOT-FOR-US: IRIX +CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...) + {DSA-283} +CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) + NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) +CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...) + NOT-FOR-US: MacOS +CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...) + NOT-FOR-US: AIX +CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) + NOT-FOR-US: HP Instant TopTools +CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...) + NOT-FOR-US: Apple QuickTime Player +CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...) + {DSA-300 DSA-274} +CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...) + NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) +CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) + - eog 2.2.1 +CVE-2003-0164 + RESERVED +CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) + NOTE: Gaim-Encryption Plugin not in debian +CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) + {DSA-271} +CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) + {DSA-290 DSA-278} +CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) + - squirrelmail 1:1.2.11 +CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) + - ethereal 0.9.10 +CVE-2003-0158 + REJECTED +CVE-2003-0157 + REJECTED +CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...) + {DSA-264} +CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...) + {DSA-265} +CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) + {DSA-265} +CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) + {DSA-265} +CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...) + {DSA-265} +CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...) + {DSA-303} +CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...) + NOT-FOR-US: McAfee ePolicy Orchestrator +CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...) + NOT-FOR-US: McAfee ePolicy Orchestrator +CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...) + {DSA-288} +CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...) + {DSA-263} +CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) + {DSA-275 DSA-267} +CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...) + NOT-FOR-US: acroread +CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...) + NOT-FOR-US: Real +CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) + {DSA-268} +CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) + {DSA-273 DSA-266} +CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...) + {DSA-273 DSA-269 DSA-266} +CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) + NOT-FOR-US: Nokia Serving GPRS support node +CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...) + {DSA-285} +CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...) + NOTE: red-hat specific compilation problem of vsftpd +CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...) + - apache2 2.0.46 +CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...) + - evolution 1.2.4 +CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) + - apache2 2.0.45 +CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) + {DSA-288} +CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...) + - evolution 1.2.3 +CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...) + - evolution 1.2.3 +CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) + - evolution 1.2.3 +CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...) + {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} +CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) + NOT-FOR-US: SOHO Routefinder 550 firmware +CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...) + NOT-FOR-US: Clearswift MAILsweeper +CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...) + NOT-FOR-US: AIX +CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...) + NOT-FOR-US: Microsoft +CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) + NOT-FOR-US: Microsoft +CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) + NOT-FOR-US: Microsoft +CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) + NOT-FOR-US: Microsoft +CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) + NOT-FOR-US: Microsoft +CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) + NOT-FOR-US: Microsoft +CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...) + NOT-FOR-US: Microsoft +CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...) + NOT-FOR-US: Microsoft +CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...) + NOT-FOR-US: Microsoft +CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...) + NOT-FOR-US: Microsoft +CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) + NOT-FOR-US: Symantec Enterprise Firewall +CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...) + NOT-FOR-US: ServerMask +CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...) + {DSA-319} +CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...) + {DSA-277} +CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...) + {DSA-277} +CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) + NOT-FOR-US: Oracle +CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...) + NOT-FOR-US: Solaris +CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...) + NOT-FOR-US: Solaris +CVE-2003-0090 + REJECTED +CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...) + NOT-FOR-US: HP-UX +CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...) + {DSA-262} +CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...) + {DSA-262} +CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...) + NOTE: mod_auth_any not in Debian +CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) + - apache2 2.0.46 + - apache 1.3.25 +CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) + {DSA-266} +CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...) + - gnome-lokkit 0.50.22-4 +CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...) + - dcgui 0.2.2 +CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...) + - plptools 0.12-0 +CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) + {DSA-266} +CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...) + NOT-FOR-US: HP UX +CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) + - krb5 1.2.4 +CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) + {DSA-248} +CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...) + {DSA-252} +CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...) + NOT-FOR-US: MacOS +CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) + NOTE: apparently fixed upstream 2002-11-12 changelog +CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...) + NOT-FOR-US: commercial ssh clients +CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...) + NOT-FOR-US: commercial ssh clients +CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) + {DSA-246} +CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) + {DSA-246} +CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) + NOTE: verified sarge version of krb5-clients not vulnerable + NOTE: nothing in changelogs +CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) + {DSA-436} +CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) + {DSA-244} +CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) + NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux +CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...) + NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux +CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...) + NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in + NOTE: chooser/mtinkc.c's version, which goes into mtinkc + NOTE: it's not installed setuid or setgid, so this is not exploitable +CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) + {DSA-228} +CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) + NOT-FOR-US: Protegrity Secure.Data Extension Feature +CVE-2003-0029 + RESERVED +CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) + {DSA-282 DSA-272 DSA-266} +CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...) + {DSA-231} +CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) + {DSA-229} +CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...) + {DSA-633-1} + TODO: check +CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...) + NOT-FOR-US: Microsoft +CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...) + NOT-FOR-US: Windows Script Engine for JScript +CVE-2003-0008 + RESERVED +CVE-2003-0006 + RESERVED +CVE-2003-0005 + RESERVED +CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...) + {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2003-1328 + NOTE: not-for-us (windows) +CVE-2003-1326 + NOTE: not-for-us (windows) +CVE-2003-1022 + {DSA-416} + - fsp 2.81.b18-1 +CVE-2003-0994 + NOTE: not-for-us (norton) +CVE-2003-0993 + - apache 1.3.29.0.2-4 +CVE-2003-0991 + {DSA-436} + - mailman 2.1-1 + NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this. + NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable +CVE-2003-0988 + - kdepim 4:3.1.5-1 +CVE-2003-0985 + {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} + NOTE: fixed in 2.4.24-rc1 +CVE-2003-0969 + {DSA-411} + - mpg321 0.2.10.3 +CVE-2003-0966 + NOTE: not-for-us (elm) +CVE-2003-0924 + {DSA-426} + - netpbm-free 2:9.25-9 +CVE-2003-0905 + NOTE: not-for-us (microsoft) +CVE-2003-0903 + NOTE: not-for-us (microsoft) +CVE-2003-0825 + NOTE: not-for-us (microsoft) +CVE-2003-0145 + {DSA-261} + - tcpdump 3.7.2-1 +CVE-2003-0143 + {DSA-259} + - qpopper 4.0.4-9 +CVE-2003-0125 + NOTE: not-for-us (SOHO Routefinder) +CVE-2003-0124 + NOTE: not-for-us (man before 1.51) +CVE-2003-0123 + NOTE: not-for-us (lotus notes) +CVE-2003-0122 + NOTE: not-for-us (lotus notes) +CVE-2003-0120 + {DSA-256} + - mhc 0.25+20030224-1 +CVE-2003-0108 + {DSA-255} + - tcpdump 3.7.1-1.2 +CVE-2003-0107 + - zlib 1:1.1.4-10 +CVE-2003-0104 + NOTE: not-for-us (peopletools) +CVE-2003-0103 + NOTE: not-for-us (nokia handset) +CVE-2003-0102 + {DSA-260} + - file 3.40-1.1 +CVE-2003-0100 + NOTE: not-for-us (cisco) +CVE-2003-0097 + - php4 4:4.3.2+rc3-1 +CVE-2003-0095 + NOTE: not-for-us (oracle) +CVE-2003-0094 + NOTE: not-for-us (mandrake specific) +CVE-2003-0093 + {DSA-261} + - tcpdump 3.7.1-1 +CVE-2003-0088 + NOTE: not-for-us (macosX) +CVE-2003-0087 + NOTE: not-for-us (AIX) +CVE-2003-0081 + {DSA-258} + - ethereal 0.9.9-2 +CVE-2003-0079 + NOTE: not-for-us (hanterm before 2.0.5) +CVE-2003-0078 + {DSA-253} + - openssl 0.9.7a-1 +CVE-2003-0077 + NOTE: not-for-us (hanterm before 2.0.5) +CVE-2003-0075 + NOTE: not-for-us (blade encoder not in Debian) +CVE-2003-0073 + {DSA-303} + - mysql 4.0.12-2 +CVE-2003-0071 + {DSA-380} + - xfree86 4.2.1-11 +CVE-2003-0070 + - vte 1:0.11.10-1 +CVE-2003-0069 + - putty 0.54-1 +CVE-2003-0068 + {DSA-496} + - eterm 0.9.2-6 +CVE-2003-0067 + NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. + NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was + NOTE: never vulnerable to the problem described. + NOTE: this CVE is bogus. +CVE-2003-0066 + - rxvt 1:2.6.4-6.1 (bug #244810) + NOTE: woody version is still vulnerable +CVE-2003-0065 + NOTE: not-for-us (uxterm not in Debian) +CVE-2003-0064 + NOTE: not-for-us (dtterm not in Debian) +CVE-2003-0063 + {DSA-380} + - xfree86 4.2.1-11 +CVE-2003-0062 + NOTE: not-for-us (NOD32 not in Debian) +CVE-2003-0059 + - krb5 1.2.5-1 +CVE-2003-0058 + - krb5 1.2.5-1 +CVE-2003-0055 + NOTE: not-for-us (apple) +CVE-2003-0054 + NOTE: not-for-us (apple) +CVE-2003-0053 + NOTE: not-for-us (apple) +CVE-2003-0052 + NOTE: not-for-us (apple) +CVE-2003-0051 + NOTE: not-for-us (apple) +CVE-2003-0050 + NOTE: not-for-us (apple) +CVE-2003-0045 + NOTE: not-for-us (windows) +CVE-2003-0043 + {DSA-246} + - tomcat 3.3.1a-1 +CVE-2003-0040 + {DSA-247} + - courier-ssl 0.40.2-3 +CVE-2003-0039 + {DSA-245} + - dhcp3 1.1.2-1 +CVE-2003-0033 + {DSA-297} + - snort 2.0.0-1 +CVE-2003-0032 + {DSA-228} + - libmcrypt 2.5.5-1 +CVE-2003-0027 + NOTE: not-for-us (sun) +CVE-2003-0024 + NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. + NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was + NOTE: never vulnerable to the problem described. + NOTE: this CVE is bogus. +CVE-2003-0023 + - rxvt 1:2.6.4-6.1 +CVE-2003-0022 + - rxvt 1:2.6.4-6.1 +CVE-2003-0021 + - eterm 0.9.2-1 + NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 + NOTE: this is fixed in eterm 0.9.2 +CVE-2003-0020 + - apache2 2.0.49 + - apache 1.3.29.0.2-4 +CVE-2003-0019 + NOTE: not-for-us (redhat 8.0 only) +CVE-2003-0018 + {DSA-423 DSA-358} + NOTE: fixed after 2.6/2.4.21 kernel +CVE-2003-0017 + NOTE: not-for-us (apache on windows) +CVE-2003-0016 + NOTE: not-for-us (apache on windows) +CVE-2003-0015 + {DSA-233} + - cvs 1.11.2-5.1 +CVE-2003-0013 + {DSA-230} + - bugzilla 2.16.2-1 +CVE-2003-0012 + {DSA-230} + - bugzilla 2.16.2-1 +CVE-2003-0009 + NOTE: not-for-us (windows) +CVE-2003-0007 + NOTE: not-for-us (windows) +CVE-2003-0004 + NOTE: not-for-us (windows) +CVE-2003-0003 + NOTE: not-for-us (windows) +CVE-2003-0002 + NOTE: not-for-us (windows) diff --git a/data/CVE/2004.list b/data/CVE/2004.list new file mode 100644 index 0000000000..f3d723ec1b --- /dev/null +++ b/data/CVE/2004.list @@ -0,0 +1,5384 @@ +CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror] + - kdebase 4:3.3.1-1 (bug #278002; low) + TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well +CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances] + - openldap2.2 <unfixed> (bug #260204) + TODO: Probably fix already uploaded? -> followup +CVE-2004-XXXX [Unspecified buffer overflow in libmng] + - libmng 1.0.8-1 (bug #250106) +CVE-2004-XXXX [Multiple buffer overflows in isoqlog] + - isoqlog 2.2-0.1 (bug #254101; bug #202634) +CVE-2004-XXXX [Firefox doesn't clear all cookies] + - mozilla-firefox <unfixed> (bug #203034; bug #235932) + TODO: Re-check this, most probably fixed by now +CVE-2004-XXXX [Insecure temp files in amanda's chg-manual] + - amanda <unfixed> (bug #226139; unknown) +CVE-2004-XXXX [Potential buffer overflow in firebird2] + - firebird2 <unfixed> (bug #264453; unknown) +CVE-2004-XXXX [Buffer overflow in wdm's login] + - wdm <unfixed> (bug #276218; unknown) +CVE-2004-XXXX [asciijump: /var/games/asciijump world writable] + - asciijump 0.0.6-1.2 (bug #269186) +CVE-2004-XXXX [Barrendero spool world-readable] + - barrendero 1.1-1 (bug #279163) +CVE-2004-XXXX [Two vulnerabilities in sredird] + - sredird 2.2.1-1.1 (bug #267098) +CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes] + - kdepim <unfixed> (bug #280287; low) + NOTE: kmail was once part of kdenetwork. +CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host] + - phpwiki <unfixed> (bug #282565; medium) +CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...) + NOT-FOR-US: Kerio WinRoute Firewall +CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...) + NOT-FOR-US: Outlook +CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...) + NOT-FOR-US: MyProxy +CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...) + TODO: check +CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...) + - squid 2.5.8 +CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is included in ...) + NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name." +CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...) + NOT-FOR-US: DiamondCS +CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...) + NOT-FOR-US: MS IE +CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...) + NOT-FOR-US: Google Toolbar +CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...) + NOT-FOR-US: PHPNews +CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...) + - wmfrog <itp> (bug #294352) +CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...) + NOT-FOR-US: Outpost Pro +CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...) + NOT-FOR-US: QuoteEngine +CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...) + NOT-FOR-US: MadBMS +CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...) + NOT-FOR-US: phpScheduleIt +CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...) + NOT-FOR-US: SillySearch +CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...) + NOT-FOR-US: Easy Chat Server +CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...) + NOT-FOR-US: Easy Chat Server +CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...) + NOT-FOR-US: Easy Chat Server +CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...) + NOT-FOR-US: ADA Image Server +CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...) + NOT-FOR-US: ADA Image Server +CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...) + - cplay 1.49-3 (medium) +CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...) + - gnubiff 2.0.0 (medium) +CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...) + - gnubiff 2.0.0 (medium) +CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...) + - gnubiff 2.0.0 (medium) +CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...) + NOT-FOR-US: Open WebMail +CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...) + NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router +CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...) + NOT-FOR-US: miniBB +CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...) + NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g +CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...) + NOT-FOR-US: aMSN 0.90 for Microsoft Windows +CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...) + NOT-FOR-US: Tutti Nova +CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...) + NOT-FOR-US: Hitachi Cosminexus Portal Framework +CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...) + NOT-FOR-US: Roger Wilco +CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...) + NOT-FOR-US: Roger Wilco +CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...) + NOT-FOR-US: Roger Wilco +CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...) + NOT-FOR-US: S-Mart Shopping Cart or RediCart +CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...) + NOT-FOR-US: *1st Class Mail Server +CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...) + NOT-FOR-US: *1st Class Mail Server +CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...) + NOT-FOR-US: Jaws +CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...) + NOT-FOR-US: Jaws +CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...) + NOT-FOR-US: Jaws +CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...) + NOT-FOR-US: F-Secure Anti-Virus +CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...) + NOT-FOR-US: Kerio +CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...) + NOT-FOR-US: proxytunnel +CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...) + NOT-FOR-US: HP printers +CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...) + NOT-FOR-US: PHP-Fusion +CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...) + NOT-FOR-US: PHP-Fusion +CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...) + NOT-FOR-US: Computer Associates Unicenter Common Services +CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...) + NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS) +CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) + NOT-FOR-US: MS IE +CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...) + NOT-FOR-US: ADM ActiveX control +CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: WinAgents TFTP Server +CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...) + NOT-FOR-US: ignitionServer +CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...) + NOT-FOR-US: Trend OfficeScan +CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...) + NOT-FOR-US: EnderUNIX spamGuard +CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...) + NOT-FOR-US: WWWguestbook +CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) + NOT-FOR-US: Axis Network Camera +CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...) + NOT-FOR-US: Axis Network Camera +CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) + NOT-FOR-US: Axis Network Camera +CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...) + NOT-FOR-US: BEA +CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...) + NOT-FOR-US: Ipswitch IMail Server +CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...) + NOT-FOR-US: Ipswitch IMail Server +CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...) + NOT-FOR-US: Hitachi Job Management Partner +CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...) + NOT-FOR-US: Hitachi Job Management Partner +CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...) + NOT-FOR-US: Keene Digital Media Server +CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...) + NOT-FOR-US: slimftpd not in debian +CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...) + NOT-FOR-US: smtp.proxy +CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...) + NOT-FOR-US: ccproxy +CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...) + NOT-FOR-US: Davenport +CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...) + NOT-FOR-US: Novell NetWare +CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...) + NOT-FOR-US: VP-ASP Shopping Cart +CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...) + NOT-FOR-US: VP-ASP Shopping Cart +CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...) + NOT-FOR-US: VP-ASP Shopping Cart +CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...) + - samhain 2.0.2 +CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...) + - samhain 2.0.2 +CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...) + - kernel-patch-vserver 1.9.2 +CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...) + - phpgroupware 0.9.14.002 +CVE-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before ...) + - phpgroupware 0.9.14.002 +CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...) + NOT-FOR-US: F-Secure Anti-Virus +CVE-2004-2404 + REJECTED + NOT-FOR-US: Leif Wright Web Blog +CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...) + NOT-FOR-US: YaBB +CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...) + NOT-FOR-US: YaBB +CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...) + NOT-FOR-US: Ipswitch IMail +CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...) + NOT-FOR-US: WinFTP Server +CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...) + NOT-FOR-US: Sidewinder +CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...) + NOT-FOR-US: Netenberg Fantastico De Luxe +CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...) + NOT-FOR-US: Blue Coat +CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...) + NOTE: shadow is a different code base, and does not have this problem +CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...) + NOTE: shadow is a different code base, and does not have this problem +CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...) + NOTE: shadow is a different code base, and does not have this problem +CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...) + NOT-FOR-US: Sun JSSE +CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...) + NOT-FOR-US: libuser +CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...) + NOT-FOR-US: jabber-gg-transport +CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...) + NOT-FOR-US: jabber-gg-transport +CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...) + NOT-FOR-US: jabber-gg-transport +CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...) + NOT-FOR-US: rexecd +CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...) + NOT-FOR-US: sercd +CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...) + NOT-FOR-US: sercd +CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...) + NOT-FOR-US: EMU Webmail +CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Winamp +CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) + NOT-FOR-US: Microsoft +CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...) + NOT-FOR-US: Microsoft +CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...) + - jetty 4.2.19-1 (medium) +CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...) + NOT-FOR-US: Twilight Utilities Web Server +CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...) + NOT-FOR-US: @Mail +CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...) + NOT-FOR-US: @Mail +CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...) + NOT-FOR-US: Alcatel OmniSwitch +CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...) + NOT-FOR-US: Twilight Utilities Web Server +CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...) + NOT-FOR-US: 1st Class Mail Server +CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...) + NOT-FOR-US: BadBlue +CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...) + NOT-FOR-US: AIM +CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...) + - bochs 2.1.1-1 +CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...) + NOT-FOR-US: Red Storm Games +CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...) + NOT-FOR-US: Trillian +CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...) + NOT-FOR-US: Lotus Domino +CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...) + NOT-FOR-US: Opt-X +CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...) + NOT-FOR-US: WFTPD +CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...) + NOT-FOR-US: GlobalScape Secure FTP Server +CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...) + NOT-FOR-US: Microsoft +CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...) + NOT-FOR-US: PHPX CMS +CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...) + NOT-FOR-US: PHPX CMS +CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...) + NOT-FOR-US: PHPX CMS +CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...) + NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0 +CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Targem Battle Mages +CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...) + NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet +CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...) + - phpbb2 2.0.6c (low) +CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...) + NOT-FOR-US: roofpoint Protection Server +CVE-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Fizmez +CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...) + NOT-FOR-US: Crafty Syntax Live Help +CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...) + NOT-FOR-US: 4nGuestbook +CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...) + NOT-FOR-US: BugPort +CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...) + NOT-FOR-US: GBook +CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...) + NOT-FOR-US: GBook +CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...) + - phpbb2 2.0.8 (low) +CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) + NOT-FOR-US: Tunez +CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...) + NOT-FOR-US: Sybari AntiGen for Domino +CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...) + NOT-FOR-US: Leif M. Wright Web Blog +CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...) + NOT-FOR-US: Forum Web Server +CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...) + NOT-FOR-US: Oracle +CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...) + NOT-FOR-US: VocalTec +CVE-2004-2343 (** DISPUTED ** ...) + NOTE: apache disputes this and I agree -- joeyh +CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: ChatterBox +CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...) + NOT-FOR-US: iSearch +CVE-2004-2340 (** UNVERIFIABLE ** ...) + NOT-FOR-US: PunkBuster Screenshot Database +CVE-2004-2339 (** DISPUTED ** ...) + NOT-FOR-US: Microsoft +CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...) + NOT-FOR-US: OpenBSD +CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...) + NOT-FOR-US: inlook +CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...) + NOT-FOR-US: Novel Groupwise +CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...) + NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X +CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...) + NOT-FOR-US: EMU Webmail +CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...) + NOT-FOR-US: Bodington +CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...) + NOT-FOR-US: WWW::Form +CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...) + NOT-FOR-US: ColdFusion +CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...) + NOT-FOR-US: ColdFusion +CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...) + NOT-FOR-US: Kerio Personal Firewal +CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...) + NOT-FOR-US: Clearswift MAILsweeper +CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Vizer +CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...) + NOT-FOR-US: IP3 Networks NetAccess +CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...) + NOT-FOR-US: DotNetNuke +CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...) + NOT-FOR-US: DotNetNuke +CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...) + NOT-FOR-US: DotNetNuke +CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...) + NOT-FOR-US: phpWebSite +CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...) + NOT-FOR-US: BEA WebLogic +CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...) + NOT-FOR-US: BEA WebLogic +CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...) + NOT-FOR-US: IBM Informatik Dynamic Server +CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...) + NOT-FOR-US: SurgeFTP Server +CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...) + NOT-FOR-US: AppWeb HTTP server +CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) + NOT-FOR-US: AppWeb HTTP server +CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) + NOT-FOR-US: AppWeb HTTP server +CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...) + NOT-FOR-US: Novell iChain Server +CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...) + TODO: check + NOTE: Did not find reference to fix in upstream changelog or any other hint that it is fixed + NOTE: pinged Maintainer +CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...) + NOT-FOR-US: AIX only +CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...) + NOT-FOR-US: Lotus Domino +CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...) + NOT-FOR-US: Lotus Domino +CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...) + NOT-FOR-US: Crob FTP Server +CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...) + NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel +CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...) + NOT-FOR-US: MS IE +CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...) + NOT-FOR-US: Solaris +CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...) + NOT-FOR-US: Computer Associates +CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...) + NOT-FOR-US: Trillian +CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...) + - mtools 3.9.9 +CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...) + {DTSA-16-1} + - kernel-source-2.6.8 <unfixed> (bug #322339; medium) + - linux-2.6 2.6.12-1 (bug #322339; medium) + NOTE: 2.4.27 not affected +CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Eudora +CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...) + - net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian) +CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...) + NOT-FOR-US: Omnicron +CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...) + NOT-FOR-US: Novell Internet Messaging System +CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) + - tutos 1.1.20031017-2.1 (bug #318633; medium) +CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...) + - tutos 1.1.20031017-2.1 (bug #318633; medium) +CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...) + NOT-FOR-US: Alt-N Technologies Mdaemon +CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...) + NOT-FOR-US: Microsoft +CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...) + NOT-FOR-US: Microsoft +CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...) + NOT-FOR-US: vBulletin +CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...) + NOT-FOR-US: Light Web File Manager +CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...) + NOT-FOR-US: ActivePerl +CVE-2004-2285 + REJECTED + NOT-FOR-US: Perl on Windows +CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...) + NOT-FOR-US: OpenWebmail +CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...) + - dansguardian 2.6.1-13 (medium) +CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...) + - dansguardian 2.7.7-2 +CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...) + NOT-FOR-US: IBM Lotus Notes +CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...) + NOT-FOR-US: IBM Lotus Notes +CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...) + NOT-FOR-US: Invision Power Board +CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...) + NOT-FOR-US: vHost +CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...) + NOT-FOR-US: aGSM Half-Life +CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...) + NOT-FOR-US: F-Secure Anti-Virus +CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...) + NOT-FOR-US: I-Mall Commerce +CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...) + NOT-FOR-US: w3m Jigsaw +CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: efFingerD +CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...) + NOT-FOR-US: efFingerD +CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...) + NOT-FOR-US: MiniShare +CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...) + NOT-FOR-US: IBM Parallel Environment +CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...) + - pads 1.1.1 (high) +CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...) + NOT-FOR-US: PimenGest2 +CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...) + NOT-FOR-US: Ansel +CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...) + NOT-FOR-US: Ansel +CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...) + - uudeview <unfixed> (bug #320541; medium) + TODO: check libconvert-uulib-perl, Florian Weimer is looking at libconvert-uulib-perl + TODO: Check, to which extent #242999 applies (there might be more?) +CVE-2004-2264 (** DISPUTED ** ...) + NOTE: less is not suid, explotability unlikely +CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...) + NOT-FOR-US: PlaySMS +CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...) + NOT-FOR-US: e107 +CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...) + NOT-FOR-US: e107 +CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...) + NOT-FOR-US: Opera +CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...) + - vsftpd 2.0.1-1 (low) +CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...) + NOT-FOR-US: Hummingbird Exceed +CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...) + NOT-FOR-US: phpMyFAQ +CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...) + NOT-FOR-US: phpMyFAQ +CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...) + NOT-FOR-US: phpMyFAQ +CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...) + NOT-FOR-US: SurgeLDAP +CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...) + NOT-FOR-US: SurgeLDAP +CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...) + NOT-FOR-US: Astaro suite +CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...) + NOT-FOR-US: Astaro suite +CVE-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before ...) + NOT-FOR-US: RemoteEditor +CVE-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before ...) + NOT-FOR-US: SecureEditor +CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...) + NOT-FOR-US: RemoteEditor +CVE-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in ...) + NOT-FOR-US: AudienceConnect +CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...) + NOT-FOR-US: Goollery +CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...) + NOT-FOR-US: Goollery +CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...) + NOT-FOR-US: Oracle +CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...) + NOT-FOR-US: Phorum +CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...) + NOT-FOR-US: Phorum +CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...) + NOT-FOR-US: Phorum +CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...) + NOT-FOR-US: Phorum +CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...) + - vpopmail <unfixed> (bug #320608; low) +CVE-2004-2238 (** DISPUTED ** ...) + NOTE: format string vuln in vpopmail doesn't seem to be real +CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...) + - moodle 1.4-1 +CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...) + - moodle 1.3.3-1 +CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...) + - moodle 1.2.1-1 +CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...) + - moodle 1.2.1-1 +CVE-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle ...) + - moodle 1.3.2-1 +CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...) + - moodle 1.4.2-1 +CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...) + NOT-FOR-US: InstallAnywhere +CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...) + NOT-FOR-US: OpenBSD +CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...) + NOT-FOR-US: Oracle +CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...) + - mozilla-firefox <not-affected> (Only affects Firefox on MacOS) +CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...) + - mozilla-firefox 1.0-1 +CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...) + - mozilla-thunderbird 1.0-3 + TODO: check Mozilla suite +CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...) + - mozilla-firefox 0.99+1.0RC1-1 +CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...) + NOT-FOR-US: Message Foundry +CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...) + NOT-FOR-US: FsPHPGallery +CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...) + NOT-FOR-US: FsPHPGallery +CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...) + NOT-FOR-US: SoftCart +CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...) + NOT-FOR-US: F-Secure Anti-Virus +CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...) + NOT-FOR-US: Microsoft +CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...) + NOT-FOR-US: PHPMyWebHosting +CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...) + NOT-FOR-US: yChat +CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) + NOT-FOR-US: Sun Java +CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...) + - rxvt-unicode 3.8-1 +CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) + NOT-FOR-US: AppWeb HTTP server +CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) + NOT-FOR-US: AppWeb HTTP server +CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...) + NOT-FOR-US: AliveSites +CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...) + NOT-FOR-US: AliveSites +CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) + NOT-FOR-US: Express-Web +CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) + NOT-FOR-US: IdealBB +CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) + NOT-FOR-US: IdealBB +CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...) + NOT-FOR-US: IdealBB +CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...) + NOT-FOR-US: NatterChat +CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...) + NOT-FOR-US: Veritas +CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...) + NOT-FOR-US: Cold Fusion +CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) + NOT-FOR-US: Ansel +CVE-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...) + NOT-FOR-US: DUclassified +CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...) + NOT-FOR-US: DUforum +CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...) + NOT-FOR-US: DUforum +CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...) + NOT-FOR-US: DUclassified +CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...) + NOT-FOR-US: DUclassmate +CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...) + NOT-FOR-US: kdocker +CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...) + NOT-FOR-US: Zanfi +CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...) + NOT-FOR-US: Zanfi +CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...) + NOT-FOR-US: MailEnable +CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...) + NOT-FOR-US: CJOverkill +CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...) + NOT-FOR-US: Turbo Traffic Trader +CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) + NOT-FOR-US: Turbo Traffic Trader +CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...) + - unzoo 4.4-3 (bug #306164) +CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...) + NOT-FOR-US: DMXReady +CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...) + NOT-FOR-US: DMXReady +CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...) + NOT-FOR-US: Digicraft Yak! +CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...) + NOT-FOR-US: WeHelpBUS +CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...) + NOT-FOR-US: Macromedia JRun +CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...) + NOT-FOR-US: WowBB Forum +CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...) + NOT-FOR-US: WowBB Forum +CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...) + NOT-FOR-US: Microsoft +CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...) + NOT-FOR-US: DevoyBB +CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...) + NOT-FOR-US: DevoyBB +CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...) + NOT-FOR-US: Microsoft +CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...) + NOT-FOR-US: ReviewPost +CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...) + NOT-FOR-US: EarlyImpact +CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...) + NOT-FOR-US: EarlyImpact +CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...) + NOT-FOR-US: EarlyImpact +CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...) + - cherokee 0.4.8 +CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...) + NOT-FOR-US: Caravan +CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...) + NOT-FOR-US: Application Access Server (A-A-S) +CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: BaSoMail +CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...) + - latex2rtf 1.9.16 +CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...) + NOT-FOR-US: Canon ImageRUNNER +CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...) + NOT-FOR-US: Lords of the Realm +CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...) + NOT-FOR-US: VP-ASP +CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...) + NOT-FOR-US: OpenBSD +CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...) + - xmlstarlet 1.0.0-1 +CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...) + - xmlstarlet 1.0.0-1 +CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...) + - serendipity <itp> (bug #312413) +CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...) + - serendipity <itp> (bug #312413) +CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...) + NOT-FOR-US: Online Recruitment Agency +CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...) + NOT-FOR-US: Online-bookmarks +CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...) + - cupsys 1.1.20final+rc1-1 (low) +CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...) + NOT-FOR-US: Real Estate Management Software +CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...) + NOT-FOR-US: Chatman +CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...) + NOT-FOR-US: INTELLIPEER Email Server +CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...) + - mysql-dfsg-4.1 4.1.5-1 +CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...) + - fprobe-ng 1.1-1 + TODO: Check, whether fprobe is affected as well +CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...) + NOT-FOR-US: Symantec Antivirus +CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) + NOT-FOR-US: MegaBBS +CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) + NOT-FOR-US: MegaBBS +CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...) + NOT-FOR-US: Baal Smart Forms +CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...) + NOT-FOR-US: Mambo Portal +CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...) + - sdd 1.52-1 +CVE-2004-2141 + REJECTED +CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...) + NOT-FOR-US: YaBB +CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...) + NOT-FOR-US: YaBB +CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...) + NOT-FOR-US: MySQLGuest +CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) + NOT-FOR-US: Microsoft +CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies +CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies +CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) + NOT-FOR-US: Oracle +CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) + NOT-FOR-US: CVSup third party modules +CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) + NOT-FOR-US: PJ CGI Nero +CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) + NOT-FOR-US: Informix Dynamic Server +CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) + - phpbb2 2.0.6d-2 +CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: SurfNOW +CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) + NOT-FOR-US: WebWeaver +CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) + NOT-FOR-US: Web Blog +CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) + NOT-FOR-US: BlackICE +CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...) + NOT-FOR-US: BlackICE +CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) + - gallery 1.4.4-pl1-1 +CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) + NOT-FOR-US: Nextplace +CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) + NOT-FOR-US: Intra Forum +CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) + NOT-FOR-US: Borland Web Server +CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) + NOT-FOR-US: Reptile Web Server +CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) + NOT-FOR-US: Tiny Server +CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Tiny Server +CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Tiny Server +CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) + NOT-FOR-US: Tiny Server +CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) + NOT-FOR-US: Oracle +CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) + NOT-FOR-US: ProxyNow! +CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) + NOT-FOR-US: BremsServer +CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) + NOT-FOR-US: BremsServer +CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) + NOT-FOR-US: Serv-U FTP Server +CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) + NOT-FOR-US: Phorum +CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + NOT-FOR-US: Q-Shop +CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) + NOT-FOR-US: Q-Shop +CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) + NOT-FOR-US: Finjan SurfinGate +CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) + NOT-FOR-US: Novell NetWare +CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) + NOT-FOR-US: Novell NetWare +CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) + NOT-FOR-US: Novell NetWare +CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) + NOT-FOR-US: Novell NetWare +CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) + NOT-FOR-US: Freesco +CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) + NOT-FOR-US: GeoHttpServer +CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) + NOT-FOR-US: GeoHttpServer +CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) + NOT-FOR-US: Need for Speed game +CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) + NOT-FOR-US: Banner engine +CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) + NOTE: fvwm: uses mktemp + NOTE: fvwm-gnome: same as fvwm + NOTE: x-base-clients: x11perfcomp uses mkdir atomically + NOTE: lvm10: does not contain lvmcreate_initrd +CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) + NOT-FOR-US: Mephistoles +CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) + - honeyd 0.8-1 +CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) + NOT-FOR-US: WebcamXP +CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) + - rsync 2.6.1-1 +CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...) + NOT-FOR-US: InoculateIT +CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...) + NOT-FOR-US: Microsoft +CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) + NOT-FOR-US: Microsoft +CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Matrix FTP Server +CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...) + NOT-FOR-US: Sophos +CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...) + NOT-FOR-US: SandSurfer +CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) + NOT-FOR-US: Sambar +CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) + NOT-FOR-US: phpcodeCabinet +CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...) + NOT-FOR-US: JShop +CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...) + NOT-FOR-US: Opera +CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...) + NOT-FOR-US: Sami FTP Server +CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...) + NOT-FOR-US: Sami FTP Server +CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...) + NOT-FOR-US: Red-Alert +CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...) + NOT-FOR-US: Red-Alert +CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...) + NOT-FOR-US: Red-Alert +CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...) + NOT-FOR-US: Nadeo +CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...) + NOT-FOR-US: Jelsoft Bulletin +CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Sophos +CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...) + NOT-FOR-US: Dream FTP +CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...) + - kernel-patch-vserver 1.9.4-1 +CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...) + NOT-FOR-US: Mambo +CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...) + NOT-FOR-US: Macallan +CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...) + NOT-FOR-US: Altiris Client Service for Windows +CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...) + NOT-FOR-US: JAWS +CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...) + NOT-FOR-US: LinPHA +CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) + - dansguardian 2.5.2-0-0.1 +CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...) + NOT-FOR-US: lostBook +CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) + NOT-FOR-US: AntiBoard +CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...) + NOT-FOR-US: AntiBoard +CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) + NOT-FOR-US: RiSearch +CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...) + NOT-FOR-US: ASPRunner +CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...) + NOTE: not-for-us +CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...) + NOTE: not-for-us +CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...) + NOTE: not-for-us +CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...) + NOTE: not-for-us +CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) + - phpbb2 2.0.10-1 +CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...) + - phpbb2 2.0.10-1 +CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...) + NOTE: not-for-us +CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...) + NOTE: not-for-us +CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...) + NOT-FOR-US: no_package +CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) + NOT-FOR-US: no_package +CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) + NOT-FOR-US: no_package +CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...) + NOT-FOR-US: no_package +CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) + NOT-FOR-US: no_package +CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...) + NOT-FOR-US: no_package +CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) + NOT-FOR-US: no_package +CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...) + NOT-FOR-US: no_package +CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...) + NOT-FOR-US: no_package +CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) + NOT-FOR-US: no_package +CVE-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...) + NOT-FOR-US: no_package +CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) + NOT-FOR-US: no_package +CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) + NOT-FOR-US: no_package +CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) + NOT-FOR-US: no_package +CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) + NOT-FOR-US: no_package +CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) + NOT-FOR-US: no_package +CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: no_package +CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...) + NOT-FOR-US: no_package +CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...) + NOT-FOR-US: no_package +CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) + NOT-FOR-US: no_package +CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...) + NOT-FOR-US: no_package +CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...) + NOT-FOR-US: no_package +CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...) + NOT-FOR-US: no_package +CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...) + NOT-FOR-US: no_package +CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...) + - icecast2 2.0.1.debian-1 +CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) + - pound 1.7-1 +CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) + NOT-FOR-US: no_package +CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...) + NOT-FOR-US: no_package +CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) + NOT-FOR-US: no_package +CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...) + NOT-FOR-US: various perls on Windows +CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) + NOT-FOR-US: osCommerce +CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...) + NOT-FOR-US: php-nuke +CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) + NOT-FOR-US: php-nuke +CVE-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...) + NOT-FOR-US: php-nuke +CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) + NOT-FOR-US: Turbo Traffic Trader C (TTT-C) +CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...) + NOT-FOR-US: netchat +CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) + NOT-FOR-US: WebCT +CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) + - wget 1.9.1-12 +CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) + NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok +CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) + NOT-FOR-US: NetBSD +CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) + NOT-FOR-US: MSIE +CVE-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...) + NOT-FOR-US: phpShop +CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) + NOT-FOR-US: NukeJokes +CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) + NOT-FOR-US: NukeJokes +CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...) + NOT-FOR-US: NukeJokes +CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) + NOT-FOR-US: OfficeScan +CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...) + NOT-FOR-US: Eudora +CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) + NOT-FOR-US: SUSE Live CD +CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...) + NOT-FOR-US: DeleGate +CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...) + NOT-FOR-US: IRIX +CVE-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...) + NOT-FOR-US: IRIX +CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...) + NOT-FOR-US: Php-Nuke +CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) + NOT-FOR-US: Windows +CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...) + NOT-FOR-US: php-nuke +CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...) + NOT-FOR-US: kolab +CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) + NOT-FOR-US: Simple Machines Forum +CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) + NOT-FOR-US: FuseTalk +CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...) + NOT-FOR-US: FuseTalk +CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...) + NOT-FOR-US: omail +CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...) + NOT-FOR-US: Serv-U +CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...) + NOT-FOR-US: aweb +CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) + NOT-FOR-US: aweb +CVE-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...) + NOT-FOR-US: Coppermine +CVE-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...) + NOT-FOR-US: Coppermine +CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) + NOT-FOR-US: Coppermine +CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...) + NOT-FOR-US: Coppermine +CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) + NOT-FOR-US: Coppermine +CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) + NOT-FOR-US: Coppermine +CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...) + NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax + NOTE: but only for 2.4. +CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...) + NOT-FOR-US: YaBB +CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) + NOT-FOR-US: Crystal Reports +CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...) + NOT-FOR-US: PROPS +CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...) + NOT-FOR-US: PROPS +CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) + - moodle 1.3 +CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) + NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager +CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...) + NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR +CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...) + NOT-FOR-US: paFileDB +CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) + NOT-FOR-US: paFileDB +CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...) + NOT-FOR-US: DiGi Web Server +CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...) + NOT-FOR-US: Samsung SmartEther SS6215Sswitch +CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) + NOT-FOR-US: OpenBB +CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) + NOT-FOR-US: OpenBB +CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...) + NOT-FOR-US: OpenBB +CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) + NOT-FOR-US: OpenBB +CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...) + NOT-FOR-US: OpenBB +CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...) + NOT-FOR-US: Network Query Tool (NQT) +CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...) + NOT-FOR-US: Network Query Tool (NQT) +CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...) + NOT-FOR-US: Protector System +CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...) + NOT-FOR-US: Protector System +CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...) + NOT-FOR-US: Protector System +CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...) + NOT-FOR-US: Protector System +CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...) + NOT-FOR-US: Unreal engine +CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) + NOT-FOR-US: PostNuke +CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...) + NOT-FOR-US: PostNuke +CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) + NOT-FOR-US: phProfession +CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...) + NOT-FOR-US: phProfession +CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) + NOT-FOR-US: phProfession +CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...) + NOT-FOR-US: Advanced Guestbook +CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...) + - xine-ui 0.99.1 +CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...) + - phpbb2 2.0.9 +CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...) + NOT-FOR-US: PostNuke +CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...) + NOTE: nonsense, all command line passwords can be intercepted at least sometimes +CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...) + NOT-FOR-US: bitdefender +CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...) + - cherokee 0.4.21b01-1 +CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) + NOT-FOR-US: Kinesphere eXchange POP3 +CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) + NOT-FOR-US: Eudora +CVE-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...) + NOT-FOR-US: phpbb as modified by przemo +CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) + NOT-FOR-US: Solaris +CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...) + NOT-FOR-US: Fastream NETFile FTP/Web Server +CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...) + - kphone 1:4.0.2 +CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...) + NOT-FOR-US: Zaep +CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...) + NOT-FOR-US: Phorum +CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...) + NOT-FOR-US: Nuked-KlaN +CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...) + NOT-FOR-US: ZoneAlarm +CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) + NOT-FOR-US: SCT Campus Pipeline +CVE-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...) + NOT-FOR-US: Gemitel +CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) + NOT-FOR-US: Citadel +CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...) + NOT-FOR-US: PhpNuke +CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) + NOT-FOR-US: PhpNuke +CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...) + NOT-FOR-US: PhpNuke +CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...) + NOT-FOR-US: tikiwiki +CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) + NOT-FOR-US: tikiwiki +CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) + NOT-FOR-US: tikiwiki +CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...) + NOT-FOR-US: tikiwiki +CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...) + NOT-FOR-US: tikiwiki +CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) + NOT-FOR-US: tikiwiki +CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) + NOT-FOR-US: MSIE +CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...) + NOT-FOR-US: X-Micro WLAN 11b Broadband Router +CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) + NOT-FOR-US: X-Micro WLAN 11b Broadband Router +CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) + NOT-FOR-US: Crackalaka +CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: rsniff +CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...) + - lcdproc 0.4.5 +CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...) + - lcdproc 0.4.5 +CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...) + - lcdproc 0.4.5 +CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...) + NOT-FOR-US: phpnuke +CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...) + NOT-FOR-US: phpnuke +CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) + NOT-FOR-US: phpnuke +CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...) + NOT-FOR-US: AzDGDatingLite +CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) + NOT-FOR-US: Symantec +CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) + - clamav 0.68.1 +CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...) + NOT-FOR-US: Mcafee FreeScan +CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...) + NOT-FOR-US: Kerio Personal Firewall +CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Mcafee FreeScan +CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) + NOT-FOR-US: Panda ActiveScan +CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) + NOT-FOR-US: Panda ActiveScan +CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...) + NOT-FOR-US: blaxxun +CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...) + NOT-FOR-US: Citrix MetaFrame Password Manager +CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...) + NOT-FOR-US: gentoo portage +CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...) + NOT-FOR-US: IGI 2 Covert Strike server +CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) + - monit 1:4.2.1 +CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) + - monit 1:4.2.1-1 +CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) + - monit 1:4.2.1-1 +CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...) + NOT-FOR-US: no_package +CVE-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...) + NOT-FOR-US: no_package +CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...) + NOT-FOR-US: no_package +CVE-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) + NOT-FOR-US: no_package +CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...) + NOT-FOR-US: no_package +CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...) + NOT-FOR-US: no_package +CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) + NOT-FOR-US: no_package +CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) + NOT-FOR-US: no_package +CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...) + NOT-FOR-US: no_package +CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...) + NOT-FOR-US: no_package +CVE-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) + NOT-FOR-US: no_package +CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) + NOT-FOR-US: no_package +CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) + NOT-FOR-US: no_package +CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...) + NOT-FOR-US: no_package +CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...) + NOT-FOR-US: no_package +CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) + NOT-FOR-US: no_package +CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...) + - openldap2 2.1.17-1 +CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) + NOT-FOR-US: no_package +CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...) + NOT-FOR-US: no_package +CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...) + NOT-FOR-US: no_package +CVE-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) + - clamav 0.70-1 +CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...) + NOT-FOR-US: no_package +CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) + NOT-FOR-US: no_package +CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...) + NOT-FOR-US: no_package +CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) + NOT-FOR-US: no_package +CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) + NOT-FOR-US: no_package +CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) + NOT-FOR-US: no_package +CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...) + NOT-FOR-US: no_package +CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...) + NOT-FOR-US: no_package +CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...) + NOT-FOR-US: no_package +CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) + - nstx 1.1-beta4-1 +CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...) + NOT-FOR-US: no_package +CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...) + NOT-FOR-US: no_package +CVE-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...) + NOT-FOR-US: no_package +CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...) + NOT-FOR-US: no_package +CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...) + NOT-FOR-US: no_package +CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...) + NOT-FOR-US: no_package +CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...) + NOT-FOR-US: no_package +CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) + NOT-FOR-US: no_package +CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...) + NOT-FOR-US: no_package +CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) + NOT-FOR-US: no_package +CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...) + NOT-FOR-US: no_package +CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) + NOT-FOR-US: no_package +CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) + NOT-FOR-US: no_package +CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...) + NOT-FOR-US: no_package +CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...) + NOT-FOR-US: no_package +CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: no_package +CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...) + NOT-FOR-US: no_package +CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) + NOT-FOR-US: no_package +CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) + NOT-FOR-US: no_package +CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) + NOT-FOR-US: no_package +CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...) + NOT-FOR-US: no_package +CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...) + NOT-FOR-US: no_package +CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...) + NOT-FOR-US: no_package +CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...) + NOT-FOR-US: no_package +CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...) + NOT-FOR-US: no_package +CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) + NOT-FOR-US: no_package +CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) + NOT-FOR-US: no_package +CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...) + NOT-FOR-US: no_package +CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...) + NOT-FOR-US: no_package +CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...) + NOT-FOR-US: no_package +CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...) + - apache2 2.0.53-1 +CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...) + NOT-FOR-US: no_package +CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...) + NOT-FOR-US: no_package +CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...) + NOT-FOR-US: no_package +CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...) + NOT-FOR-US: no_package +CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...) + NOT-FOR-US: no_package +CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...) + NOT-FOR-US: no_package +CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...) + NOT-FOR-US: no_package +CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...) + NOT-FOR-US: no_package +CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...) + NOT-FOR-US: no_package +CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...) + NOT-FOR-US: no_package +CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...) + NOT-FOR-US: no_package +CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...) + NOT-FOR-US: no_package +CVE-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...) + NOT-FOR-US: no_package +CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...) + NOT-FOR-US: no_package +CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...) + NOT-FOR-US: no_package +CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...) + NOT-FOR-US: no_package +CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...) + NOT-FOR-US: no_package +CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...) + NOT-FOR-US: no_package +CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...) + NOT-FOR-US: no_package +CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...) + NOT-FOR-US: no_package +CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...) + NOT-FOR-US: no_package +CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...) + NOT-FOR-US: no_package +CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...) + NOT-FOR-US: no_package +CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...) + - phpbb2 2.0.10-1 + NOTE: probably fixed in 2.0.6d-3 +CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...) + NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail + NOTE: see bug #308875 +CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...) + NOT-FOR-US: no_package +CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...) + NOT-FOR-US: no_package +CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...) + NOT-FOR-US: no_package +CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...) + NOT-FOR-US: no_package +CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...) + NOT-FOR-US: no_package +CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...) + NOT-FOR-US: no_package +CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...) + NOT-FOR-US: no_package +CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...) + NOT-FOR-US: no_package +CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: no_package +CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) + NOT-FOR-US: no_package +CVE-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...) + NOT-FOR-US: no_package +CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...) + NOT-FOR-US: no_package +CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...) + NOT-FOR-US: no_package +CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...) + NOT-FOR-US: no_package +CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) + NOT-FOR-US: no_package +CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) + NOT-FOR-US: Edimax Router +CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...) + NOT-FOR-US: Edimax Router +CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...) + NOT-FOR-US: ZyWALL +CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...) + NOT-FOR-US: ASP-Nuke +CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...) + NOT-FOR-US: PostCalendar +CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) + NOT-FOR-US: PortalApp +CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...) + NOT-FOR-US: Invision Power Board +CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...) + NOT-FOR-US: web server of Webcam Watchdog +CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...) + NOT-FOR-US: Net2Soft Flash FTP Server +CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...) + NOT-FOR-US: Athena Web Registration +CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...) + NOT-FOR-US: Info Touch Surfnet kiosk +CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) + NOT-FOR-US: Info Touch Surfnet kiosk +CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...) + NOT-FOR-US: ThWboard +CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...) + - openssh 1:3.8p1 +CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...) + NOT-FOR-US: Leafnode2 development branch +CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) + NOT-FOR-US: Skype +CVE-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) + NOT-FOR-US: Skype +CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...) + NOT-FOR-US: Cisco +CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...) + NOT-FOR-US: Cisco +CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...) + NOT-FOR-US: Oracle +CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) + - sharutils 1:4.2.1-12 +CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) + - sharutils 1:4.2.1-11 +CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...) + NOT-FOR-US: Scalable OGo (SOGo) +CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...) + NOT-FOR-US: not our cpanel +CVE-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...) + NOT-FOR-US: not our cpanel +CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...) + NOT-FOR-US: Symantec Brightmail AntiSpam +CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...) + NOT-FOR-US: Solaris +CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...) + NOT-FOR-US: NetScreen-Security Manager +CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...) + NOTE: only seems to affect 1.7.4, not the newer branch in debian +CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...) + NOT-FOR-US: HP-UX +CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...) + NOT-FOR-US: hsrun.exe +CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...) + NOT-FOR-US: F-Secure Anti-Virus +CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...) + - ethereal 0.10.3 +CVE-2004-1760 (The default installation of Cisco IBM Director agent does not require ...) + NOT-FOR-US: Cisco +CVE-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...) + NOT-FOR-US: Cisco +CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...) + NOT-FOR-US: Symantec DNSd +CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) + NOT-FOR-US: Apple Java plugin +CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...) + NOT-FOR-US: Gaucho +CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...) + NOT-FOR-US: Ground Control II +CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: RealVNC +CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...) + NOT-FOR-US: Attack Mitigator IPS 5500 +CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...) + NOT-FOR-US: NtRegmon +CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...) + NOT-FOR-US: NetworkEverywhere NR041 +CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...) + NOT-FOR-US: PHP Code Snippet Library +CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...) + NOT-FOR-US: Painkiller +CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...) + NOT-FOR-US: ESF Webserver +CVE-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...) + NOT-FOR-US: ESF Webserver +CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...) + NOT-FOR-US: WebAPP +CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) + NOT-FOR-US: musicd +CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) + NOT-FOR-US: musicd +CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Bird Chat +CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...) + NOT-FOR-US: JShop +CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...) + - cacti 0.8.5a-5 +CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) + - cacti 0.8.5a-5 +CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) + - sympa 4.1.5-4 (bug #298105; low) +CVE-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...) + - mantis 0.19.2-1 +CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) + NOT-FOR-US: MyDMS +CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...) + NOT-FOR-US: MyDMS +CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...) + - mantis 0.19.0-1 +CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...) + - mantis 0.19.0-1 +CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) + NOT-FOR-US: Nihuo Web Log Analyzer +CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) + NOT-FOR-US: sarad +CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: BadBlue +CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...) + NOT-FOR-US: XV +CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...) + NOT-FOR-US: XV +CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) + NOT-FOR-US: PHP-Fusion +CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) + NOT-FOR-US: PHP-Fusion +CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...) + NOT-FOR-US: Merak Webmail Server +CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...) + NOT-FOR-US: IPD +CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...) + - gv 1:3.6.1-1 +CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) + NOT-FOR-US: PForum +CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) + NOT-FOR-US: MIMEsweeper +CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...) + NOT-FOR-US: BlackICE PC Protection +CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...) + NOT-FOR-US: PRM on HP-UX +CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...) + NOT-FOR-US: TypePad +CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) + - moodle 1.4-1 +CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) + NOT-FOR-US: page.cgi +CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) + NOT-FOR-US: Datakey Rainbow iKey2032 USB token +CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Webbsyte +CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...) + NOT-FOR-US: Oracle +CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...) + NOT-FOR-US: U.S. Robotics wireless access point +CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) + NOT-FOR-US: Citadel/UX +CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...) + NOT-FOR-US: WpQuiz +CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) + NOT-FOR-US: Fusion News +CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...) + NOT-FOR-US: Lexar Safe Guard +CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...) + - cfengine2 2.1.8-1 +CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...) + - cfengine2 2.1.8-1 +CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...) + NOT-FOR-US: Pinnacle ShowCenter +CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...) + NOT-FOR-US: Pinnacle ShowCenter +CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...) + NOT-FOR-US: PopMessenger +CVE-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) + NOT-FOR-US: Computer Associates Unicenter Management Portal +CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) + NOT-FOR-US: EmuLive Server4 +CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) + NOT-FOR-US: EmuLive Server4 +CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...) + NOT-FOR-US: Symantec +CVE-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...) + NOT-FOR-US: Mambo +CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...) + NOT-FOR-US: Mambo +CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...) + NOT-FOR-US: DNS4Me +CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...) + NOT-FOR-US: DNS4Me +CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...) + - sudo 1.6.8p3-1 +CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: Pigeon Server +CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...) + NOT-FOR-US: Snitz Forums +CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...) + NOT-FOR-US: MSIE +CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...) + NOT-FOR-US: SMC router +CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...) + NOT-FOR-US: Zyxel +CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...) + NOT-FOR-US: crrtrap +CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...) + NOT-FOR-US: QNX FTP +CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...) + NOT-FOR-US: QNX +CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...) + NOT-FOR-US: Pingtel Xpressa +CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...) + NOT-FOR-US: TwinFTP +CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...) + NOT-FOR-US: PerlDesk +CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...) + NOT-FOR-US: PerlDesk +CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...) + NOT-FOR-US: Serv-U FTP +CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...) + NOT-FOR-US: Merak Mail Server +CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...) + NOT-FOR-US: Subjects +CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...) + NOT-FOR-US: Halo Combat Evolved +CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...) + NOT-FOR-US: Trillian +CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...) + NOT-FOR-US: PsNews +CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...) + NOT-FOR-US: Call of Duty +CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...) + NOT-FOR-US: Engenio/LSI Logic storage controllers +CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: YaBB +CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...) + NOT-FOR-US: MailWorks +CVE-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...) + NOT-FOR-US: CuteNews +CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...) + NOT-FOR-US: CuteNews +CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...) + NOT-FOR-US: Kerio Personal Firewall +CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...) + NOT-FOR-US: DasBlog +CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...) + NOT-FOR-US: Comersus Shopping Cart +CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...) + NOT-FOR-US: phpWebsite +CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...) + NOT-FOR-US: phpWebsite +CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...) + - ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed") + NOTE: See bug #296547 for details +CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...) + NOT-FOR-US: phpScheduleIt +CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + NOT-FOR-US: phpScheduleIt +CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...) + NOT-FOR-US: D-Link DCS-900 +CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...) + NOT-FOR-US: Msinfo32.exe +CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...) + NOT-FOR-US: Password Protect +CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...) + NOT-FOR-US: Password Protect +CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...) + NOT-FOR-US: Xedus +CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...) + NOT-FOR-US: Xedus +CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...) + NOT-FOR-US: Xedus +CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...) + NOT-FOR-US: WS_FTP +CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...) + NOT-FOR-US: WS_FTP +CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...) + NOT-FOR-US: Titan +CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...) + NOT-FOR-US: XOOPS +CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) + NOTE: This is not a real security issue; it just describes the fact that the Gecko + NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks + NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed + NOTE: during transfer any user will cancel the transfer and if you load it from the + NOTE: hard disc, well than you have "DoSed" yourself, congratulations. + NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers + NOTE: generally try to make sense of anything even remotely resembling HTML. + TODO: This is still a bug (maybe not a security one) + TODO: and needs fixing. (IMHO, fw) +CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) + NOT-FOR-US: mailcarrier +CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...) + NOT-FOR-US: Hawking Technologies HAR11A modem/router +CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...) + NOT-FOR-US: WvTftp +CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...) + NOTE: does not affect older 2.16.7 in sid. +CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...) + NOTE: does not affect older 2.16.7 in sid. +CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) + - bugzilla 2.16.7 +CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) + - moniwiki 1.0.9 +CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...) + NOT-FOR-US: Open WorkFlow Engine +CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...) + NOT-FOR-US: Open WorkFlow Engine +CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) + NOT-FOR-US: Dwc_articles +CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...) + - rssh 2.2.2 +CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) + NOT-FOR-US: ability server +CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...) + NOT-FOR-US: ability server +CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) + NOT-FOR-US: pGina +CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...) + NOT-FOR-US: Carbon Copy +CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...) + NOT-FOR-US: UBB.threads +CVE-2004-1621 (** DISPUTED ** ...) + NOT-FOR-US: Lotus Notes +CVE-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...) + NOT-FOR-US: Serendipity +CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...) + NOT-FOR-US: Privateer's Bounty: Age of Sail II +CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: Tonecast +CVE-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...) + NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there + - lynx <unfixed> (bug #296340; low) +CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) + - links 0.99+1.00pre12-1 (bug #296341; low) +CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) + NOT-FOR-US: Opera +CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...) + NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6 + NOTE: mozilla-browser 1.7.5-1 also ok +CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...) + NOTE: example page did not bother firefox 1.0+dfsg.1-6 + NOTE: mozilla-browser 1.7.5-1 also ok +CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...) + NOT-FOR-US: SalesLogix +CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...) + NOT-FOR-US: SalesLogix +CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...) + NOT-FOR-US: SalesLogix +CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...) + NOT-FOR-US: SalesLogix +CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) + NOT-FOR-US: SalesLogix +CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...) + NOT-FOR-US: SalesLogix +CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) + NOT-FOR-US: SalesLogix +CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...) + NOT-FOR-US: SalesLogix +CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...) + NOT-FOR-US: not our cpanel +CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...) + NOT-FOR-US: not our cpanel +CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...) + - proftpd 1.2.10-4 +CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) + NOT-FOR-US: coolphp +CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) + NOT-FOR-US: CoolPHP +CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...) + NOT-FOR-US: CoolPHP +CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...) + NOT-FOR-US: Acrobat +CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...) + NOT-FOR-US: RIM Blackberry +CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...) + NOT-FOR-US: 3COM router +CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...) + NOT-FOR-US: ShixxNote +CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) + NOT-FOR-US: FuseTalk +CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) + NOT-FOR-US: SCT email client +CVE-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...) + NOT-FOR-US: ocPortal +CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) + NOT-FOR-US: Micronet Wireless Router +CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) + NOT-FOR-US: clientexec +CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...) + NOT-FOR-US: GoSmart +CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...) + NOT-FOR-US: GoSmart +CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) + NOT-FOR-US: Monolith Games +CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...) + NOT-FOR-US: Flash Messaging +CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) + NOT-FOR-US: Flash Messaging +CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...) + - wordpress 1.2.1-1.1 +CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) + NOT-FOR-US: FTP server in TriDComm +CVE-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...) + NOT-FOR-US: BlackBoard +CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) + NOT-FOR-US: BlackBoard +CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) + NOT-FOR-US: CubeCart +CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) + NOT-FOR-US: CubeCart +CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...) + NOT-FOR-US: Invision Power Board +CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...) + NOT-FOR-US: phplinks +CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...) + NOT-FOR-US: Judge Dredd +CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) + - xerces25 2.5.0-4 + - xerces24 2.4.0-4 + NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432) + NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466) +CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...) + NOT-FOR-US: Vypress +CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...) + NOT-FOR-US: AJ-Fork +CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) + NOT-FOR-US: AJ-Fork +CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) + NOT-FOR-US: AJ-Fork +CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...) + NOT-FOR-US: bBlog +CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...) + NOT-FOR-US: dbPowerAmp +CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) + NOT-FOR-US: Parachat +CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) + NOT-FOR-US: Silent Storm Portal +CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) + NOT-FOR-US: Silent Storm Portal +CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) + NOT-FOR-US: w-Agora +CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) + NOT-FOR-US: w-Agora +CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...) + NOT-FOR-US: w-Agora +CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) + NOT-FOR-US: w-Agora +CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...) + - icecast2 2.0.2.debian-1 +CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Microsoft SQL Server +CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...) + - wordpress 1.2.2-1.1 +CVE-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...) + NOT-FOR-US: YahooPOPS +CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...) + NOT-FOR-US: MyWebServer +CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: MyWebServer +CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) + NOT-FOR-US: BroadBoard Instant ASP Message Board +CVE-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...) + NOT-FOR-US: @lex GuestBook +CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) + NOT-FOR-US: aspWebAlbum +CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) + NOT-FOR-US: aspWebCalendar +CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...) + NOT-FOR-US: PafileDB +CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...) + NOT-FOR-US: Motorola Router +CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...) + NOT-FOR-US: ActivePost +CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...) + NOT-FOR-US: ActivePost +CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) + NOT-FOR-US: ActivePost +CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...) + NOT-FOR-US: MDaemon +CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) + - moniwiki 1.0.9-4 +CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) + - jspwiki 2.0.52-8 +CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) + NOT-FOR-US: KorWeblog +CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) + NOT-FOR-US: Soldier of Fortune +CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) + NOT-FOR-US: SecureCRT +CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) + NOT-FOR-US: ZyXEL Routers +CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) + NOT-FOR-US: Halo: Combat Evolved +CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) + NOT-FOR-US: PHPKIT +CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) + NOT-FOR-US: PHPKIT +CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) + NOT-FOR-US: Invision Power Board +CVE-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...) + NOT-FOR-US: Cash Mod module of phpbb2 +CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) + NOT-FOR-US: ZoneAlarm +CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) + NOT-FOR-US: DMS POP3 +CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) + NOT-FOR-US: AppServ +CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) + NOT-FOR-US: Invision Power Board +CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) + NOT-FOR-US: PHP-Nuke +CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) + NOT-FOR-US: MSIE +CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) + NOT-FOR-US: Hired Team +CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) + NOT-FOR-US: Hired Team +CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) + NOT-FOR-US: Hired Team +CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) + NOT-FOR-US: Hired Team +CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) + NOT-FOR-US: Army Men RTS +CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) + NOT-FOR-US: Eudora +CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) + NOT-FOR-US: IPSwitch IMail +CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) + NOT-FOR-US: phpBugTracker +CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) + NOT-FOR-US: Phorum +CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) + NOT-FOR-US: Zone Labs IMsecure +CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) + NOT-FOR-US: phpWebSite +CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) + NOT-FOR-US: vBulletin +CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: 04Webserver +CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) + NOT-FOR-US: 04Webserver +CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) + NOT-FOR-US: 04Webserver +CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) + NOT-FOR-US: Hotfoon +CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) + - webcalendar 0.9.45-1 +CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) + - webcalendar 0.9.45-1 +CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) + - webcalendar 0.9.45-1 +CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) + - webcalendar 0.9.45-1 +CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) + - webcalendar 0.9.45-1 +CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) + NOT-FOR-US: JAF +CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) + NOT-FOR-US: JAF +CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) + NOT-FOR-US: Sun JRE +CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) + NOT-FOR-US: 602 Lan Suite +CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) + NOT-FOR-US: 602 Lan Suite +CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) + NOT-FOR-US: Lithtech +CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) + NOT-FOR-US: HELM +CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) + NOT-FOR-US: HELM +CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) + NOT-FOR-US: Web Forums Server +CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) + NOT-FOR-US: Web Forums Server +CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) + NOT-FOR-US: WinRAR +CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) + NOT-FOR-US: XDICT +CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) + NOT-FOR-US: Master of Orion +CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) + NOT-FOR-US: Master of Orion +CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...) + NOT-FOR-US: Opera +CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) + NOT-FOR-US: Opera +CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...) + NOT-FOR-US: Opera +CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...) + - wget 1.9.1-11 +CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...) + - wget 1.9.1-11 +CVE-2004-9999 + REJECTED +CVE-2004-9998 + REJECTED +CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...) + NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux +CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...) + NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped + NOTE: atftp checks h_length + NOTE: netkit-tftp not vulnerable + - tftpd-hpa <unfixed> (bug #295297; unimportant) + NOTE: The address length comes from libc, not the network. +CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...) + - socat 1.4.0.3-1 +CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) + NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series +CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...) + NOT-FOR-US: BNC irc proxy +CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...) + NOT-FOR-US: Real +CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...) + NOT-FOR-US: HP StorageWorks Command View XP +CVE-2004-1479 + REJECTED +CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...) + NOT-FOR-US: JRun +CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) + NOT-FOR-US: JRun +CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...) + - xine-lib 1-rc6 + - libcdio 0.69 +CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...) + - xine-lib 1-rc6 +CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) + NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances +CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) + NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances +CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) + NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances +CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...) + - cvs 1:1.12.9 +CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...) + NOT-FOR-US: snipsnap +CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...) + NOT-FOR-US: SUS +CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...) + - webmin 1.160 + - usermin 1.090 +CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...) + - egroupware 1.0.00.004 +CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...) + - gallery 1.4.4-pl2 +CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...) + NOT-FOR-US: WinZip +CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...) + NOT-FOR-US: Cisco +CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) + - moin 1.2.3-1 +CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...) + - moin 1.2.3-1 +CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...) + NOT-FOR-US: Cisco +CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...) + NOT-FOR-US: Cisco +CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...) + NOT-FOR-US: Cisco +CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...) + NOT-FOR-US: Cisco +CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...) + NOT-FOR-US: Novell +CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...) + - cvstrac 1.1.4-1 +CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...) + - xine-lib 1-rc5-1.1 +CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) + NOT-FOR-US: Cisco +CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...) + NOTE: according to GOTO Masanori this is not a security problem + NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210 +CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...) + NOT-FOR-US: Gentoo specific +CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...) + NOTE: mozilla 2:1.6-1 +CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) + - mozilla 2:1.7.1-1 +CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...) + - mozilla 2:1.7-1 +CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...) + NOT-FOR-US: Jetbox One +CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...) + NOT-FOR-US: Jetbox One +CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...) + NOT-FOR-US: ScreenOS +CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...) + - nessus-core 2.0.12-1 +CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) + - roundup 0.7.3-1 +CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) + - imp3 3.2.5-1 +CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) + NOT-FOR-US: db2www +CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...) + NOT-FOR-US: Board Power +CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...) + - putty 0.56-1 +CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...) + NOT-FOR-US: BlackJumboDog +CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...) + - subversion 1.0.6-1 +CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...) + - pavuk 0.9pl28-3.1 +CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...) + NOT-FOR-US: Cisco +CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOT-FOR-US: Cisco +CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOT-FOR-US: Cisco +CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOT-FOR-US: Cisco +CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOT-FOR-US: Cisco +CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) + NOT-FOR-US: FormMail.php != nms-formmail +CVE-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...) + NOT-FOR-US: Arcade.php +CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...) + NOT-FOR-US: ArGoSoft +CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) + NOT-FOR-US: ArGoSoft +CVE-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...) + NOT-FOR-US: KorWeblog +CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) + NOT-FOR-US: KorWeblog +CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) + - moodle 1.4.3-1 +CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) + - moodle 1.4.3-1 +CVE-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...) + NOT-FOR-US: PHP-Calendar +CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) + NOT-FOR-US: WHM AutoPilot +CVE-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...) + NOT-FOR-US: WHM AutoPilot +CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) + NOT-FOR-US: WHM AutoPilot +CVE-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...) + NOT-FOR-US: ZeroBoard +CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) + NOT-FOR-US: WPKontakt +CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...) + NOT-FOR-US: PsychoStats +CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...) + NOT-FOR-US: RealOne IE plugin +CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...) + NOT-FOR-US: 2Bgal +CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...) + NOT-FOR-US: Kayako +CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) + NOT-FOR-US: Kayako +CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...) + NOT-FOR-US: Image Gallery Web Application +CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...) + NOT-FOR-US: Image Gallery Web Application +CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...) + NOT-FOR-US: Image Gallery Web Application +CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) + NOT-FOR-US: Ikonboard +CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) + NOT-FOR-US: Attachment Mod for phpBB +CVE-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...) + NOT-FOR-US: GNUBoard +CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) + NOT-FOR-US: iWebNegar +CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...) + NOT-FOR-US: Asp-rider +CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...) + NOT-FOR-US: ASP Calendar +CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) + NOT-FOR-US: Attachment Mod for phpBB +CVE-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...) + NOT-FOR-US: MacOSX +CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...) + - usemod-wiki 1.0-6 +CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...) + NOT-FOR-US: Winamp +CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) + NOT-FOR-US: Lithtech engine +CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...) + NOT-FOR-US: Solaris +CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...) + NOT-FOR-US: Solaris +CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...) + - php4 4:4.3.10-3 +CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) + NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP +CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...) + NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP +CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...) + NOT-FOR-US: Veritas NetBackup Administrative Assistant +CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...) + - gpsd 2.7-4 +CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) + - apache 1.3.33-3 +CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...) + NOT-FOR-US: TikiWiki +CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...) + - phpgroupware 0.9.16.005-1 +CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...) + - phpgroupware 0.9.16.005-1 +CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) + - phpgroupware 0.9.16.005-1 +CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...) + - glibc 2.3.2.ds1-19 +CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...) + {DSA-657-1} + - xine-lib 1-rc6a-1 +CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...) + - jabber 1.4.3-3 + NOTE: We do not ship jadc2s. +CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...) + - a2ps 1:4.13b-4.3 (bug #286387; bug #286385) +CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) + NOT-FOR-US: MSIE +CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) + NOT-FOR-US: HP-UX +CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...) + NOT-FOR-US: NetBSD +CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...) + NOT-FOR-US: Shoutcast +CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...) + NOT-FOR-US: IBM DB2 +CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...) + NOT-FOR-US: Oracle +CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...) + NOT-FOR-US: Oracle +CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...) + NOT-FOR-US: Oracle +CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...) + NOT-FOR-US: Oracle +CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...) + NOT-FOR-US: Oracle +CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...) + NOT-FOR-US: Oracle +CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...) + NOT-FOR-US: Oracle +CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...) + NOT-FOR-US: Oracle +CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...) + NOT-FOR-US: Oracle +CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...) + NOT-FOR-US: Oracle +CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...) + NOT-FOR-US: Windows +CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...) + NOT-FOR-US: Solaris +CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...) + NOT-FOR-US: Solaris +CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...) + NOT-FOR-US: Solaris +CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...) + NOT-FOR-US: ssh on Solaris +CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...) + NOT-FOR-US: Solaris +CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...) + NOT-FOR-US: Solaris +CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...) + NOT-FOR-US: Solaris +CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...) + NOT-FOR-US: Solaris +CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...) + NOT-FOR-US: Solaris +CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...) + NOT-FOR-US: Solaris +CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...) + NOT-FOR-US: Sun Java System Web Proxy Server +CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...) + NOT-FOR-US: gzip on Solaris +CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...) + NOT-FOR-US: Solaris +CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) + NOT-FOR-US: xdm on Solaris +CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...) + NOT-FOR-US: Solaris +CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) + NOT-FOR-US: Sun StorEdge Enterprise Storage Manager +CVE-2004-1344 + RESERVED +CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) + {DSA-715-1} + - cvs 1:1.12.9-12 +CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...) + {DSA-715-1} + - cvs 1:1.12.9-12 +CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...) + {DSA-711-1} + - info2www 1.2.2.9-23 (bug #281655) +CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...) + {DSA-659-1} + - libpam-radius-auth 1.3.16-1.1 +CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...) + NOT-FOR-US: oracle +CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) + NOT-FOR-US: oracle +CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-1 +CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) + - tetex-bin 2.0.2-25 +CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 + - kernel-source-2.4.27 2.4.27-9 +CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) + NOTE: apparantly 2.6 only + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 +CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 + - kernel-source-2.4.27 2.4.27-9 + NOTE: will be fixed in 2.4.27-9 +CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) + NOT-FOR-US: hpux +CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) + NOT-FOR-US: microsoft +CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...) + NOT-FOR-US: AIX +CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...) + NOT-FOR-US: AIX +CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) + NOT-FOR-US: hpux +CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...) + NOT-FOR-US: Crystal FTP client +CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) + NOT-FOR-US: Ultrix +CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...) + NOT-FOR-US: Microsoft +CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) + NOT-FOR-US: Netbsd +CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) + NOT-FOR-US: Microsoft/Cisco +CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) + NOT-FOR-US: Asante FM2008 +CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) + NOT-FOR-US: Asante FM2008 +CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...) + NOT-FOR-US: MSIE +CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...) + {DSA-627-1} + - namazu2 2.0.14 +CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...) + NOTE: apparently only affects netcat in windows +CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...) + - mozilla 2:1.7.5-1 (bug #288047) +CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...) + - phpbb2 2.0.10-3 +CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) + NOT-FOR-US: MacOS +CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) + NOT-FOR-US: My Firewall Plus +CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) + NOT-FOR-US: Microsoft +CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) + NOT-FOR-US: mplayer +CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) + NOT-FOR-US: mplayer +CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) + NOT-FOR-US: mplayer +CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) + {DSA-617-1} + - libtiff4 3.6.1-4 + TODO: other packages containing libtiff code may be vulnerable +CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...) + - tiff 3.7.0 (low) +CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...) + NOT-FOR-US: Windows +CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) + NOT-FOR-US: Microsoft +CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) + - file 4.12 +CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) + NOT-FOR-US: Yanf +CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) + NOT-FOR-US: YAMT +CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) + NOT-FOR-US: xlreader +CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) + - xine-lib 1-rc8-1 +CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) + NOT-FOR-US: vilistextum +CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) + NOT-FOR-US: vb2c +CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) + - unrtf 0.19.3-1.1 (bug #287038) +CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...) + - groff 1.18.1.1-5 +CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) + NOTE: uml_net is only executable by users in group uml-net in Debian + NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit +CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) + - tnftp <unfixed> (bug #285902; medium) +CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) + NOT-FOR-US: rtf2latex2e +CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) + NOT-FOR-US: ringtonetools +CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) + NOT-FOR-US: qwik-smtpd +CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) + NOT-FOR-US: pgn2web +CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) + {DSA-625-1} + - pcal 4.8.0-1 +CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) + NOT-FOR-US: o3read +CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) + {DSA-623-1} + - nasm 0.98.38-1.1 (bug #285889) +CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) + NOT-FOR-US: NapShare +CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) + NOT-FOR-US: mplayer +CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) + NOTE: non-free + NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions + - mpg123 0.59r-20 (bug #287043) +CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) + NOT-FOR-US: mview +CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) + {DSA-632-1} + - linpopup 1.2.0-7 +CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) + NOT-FOR-US: junkie +CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) + NOT-FOR-US: junkie +CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) + NOT-FOR-US: jpegtoavi +CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) + NOT-FOR-US: jcabc2ps +CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) + NOT-FOR-US: IglooFTP +CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) + NOT-FOR-US: IglooFTP +CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) + NOT-FOR-US: html2hdml +CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) + NOT-FOR-US: greed + NOTE: not the game in debian, the file download tool +CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) + NOT-FOR-US: greed + NOTE: not the game in debian, the file download tool +CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) + - filter 2.4.2-1.1 +CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) + NOT-FOR-US: dxfscope +CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) + - cupsys 1.1.22-2 +CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) + - cupsys 1.1.22-2 +CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) + - cupsys 1.1.22-2 +CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) + - cupsys 1.1.22-2 +CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) + NOT-FOR-US: csv2xml +CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) + NOT-FOR-US: Convex +CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) + {DSA-644-1} + - chbg 1.5-4 +CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) + NOT-FOR-US: ChangePassword +CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) + NOT-FOR-US: bsb2ppm +CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) + NOT-FOR-US: asp2php +CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) + NOT-FOR-US: abctab2ps +CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) + NOT-FOR-US: abcpp +CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) + - abcm2ps 4.8.5-1 +CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) + NOT-FOR-US: abc2mtex +CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) + - abcmidi 20050101-1 +CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) + NOT-FOR-US: 2fax +CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) + NOT-FOR-US: WinRAR +CVE-2004-1253 + RESERVED +CVE-2004-1252 + RESERVED +CVE-2004-1251 + RESERVED +CVE-2004-1250 + RESERVED +CVE-2004-1249 + RESERVED +CVE-2004-1248 + RESERVED +CVE-2004-1247 + RESERVED +CVE-2004-1246 + RESERVED +CVE-2004-1245 + RESERVED +CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Microsoft +CVE-2004-1243 + REJECTED +CVE-2004-1242 + REJECTED +CVE-2004-1241 + REJECTED +CVE-2004-1240 + REJECTED +CVE-2004-1239 + REJECTED +CVE-2004-1238 + REJECTED +CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...) + NOTE: apparently redhat specific +CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) + NOT-FOR-US: Netscape Directory Server on HP-UX +CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...) + - linux-2.6 2.6.12-1 (bug #289202; high) + - kernel-source-2.4.27 2.4.27-8 (bug #289202; high) +CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) + NOTE: fixed after 2.4.25 +CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) + NOT-FOR-US: Gadu-Gadu +CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) + NOT-FOR-US: SugarCRM Sugar Sales +CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...) + NOT-FOR-US: SugarCRM Sugar Sales +CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...) + NOT-FOR-US: SugarCRM Sugar Sales +CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...) + NOT-FOR-US: SugarCRM Sugar Sales +CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...) + - mtr 0.67-1 +CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...) + NOT-FOR-US: F-Secure Policy Manager +CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: weblibs.pl +CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) + NOT-FOR-US: weblibs.pl +CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...) + NOT-FOR-US: Battlefield 1942, Battlefield Vietnam +CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...) + NOT-FOR-US: paFileDB +CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Remote Execute +CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) + NOT-FOR-US: Hosting Controller +CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) + NOT-FOR-US: Kreed +CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: Kreed +CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...) + NOT-FOR-US: Kreed +CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...) + NOT-FOR-US: Advanced Guestbook +CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) + NOT-FOR-US: Blog Torrent +CVE-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...) + NOT-FOR-US: Mercury Mail +CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) + NOT-FOR-US: IpCop +CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...) + NOT-FOR-US: Verisign Payflow Link +CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...) + NOT-FOR-US: Orbz +CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...) + NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter +CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...) + NOT-FOR-US: pnTresMailer +CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...) + NOT-FOR-US: pnTresMailer +CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) + NOTE: at best a local DOS by the user running fluxbox. + NOTE: Where's the security hole? + - fluxbox 0.9.11-1 +CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) + NOT-FOR-US: phpCMS +CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) + NOT-FOR-US: phpCMS +CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Opera +CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...) + NOTE: memory leak, doubt it's usefully exploitable + NOTE: did not followup +CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...) + NOT-FOR-US: Safari +CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) + NOT-FOR-US: MSIE +CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) + NOT-FOR-US: inShop +CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) + NOT-FOR-US: Insite Inmail +CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...) + NOT-FOR-US: Star Wars Battlefront +CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) + NOT-FOR-US: Star Wars Battlefront +CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...) + NOT-FOR-US: Prevex Home +CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) + NOT-FOR-US: Citadel/UX +CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) + NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-6 +CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) + NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c + NOTE: has a misleading entry titled "Fix exploitable hole" + NOTE: http://www.securityfocus.com/advisories/7579 + NOTE: http://xforce.iss.net/xforce/xfdb/18370 + NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8 + NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only + NOTE: 2.6.10 is actually fixed, but 2.6.8 is not + - kernel-source-2.6.8 2.6.8-14 +CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) + {DSA-629-1} + TODO: check +CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) + - xine-lib 1-rc8-1 +CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) + - xine-lib 1-rc8-1 +CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...) + {DSA-654-1} + TODO: check +CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...) + {DSA-654-1} + TODO: check +CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...) + {DSA-654-1} + TODO: check +CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...) + {DSA-626-1} + - libtiff-tools 3.6.1-5 +CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" ...) + {DSA-634-1} + TODO: check +CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...) + {DSA-622-1} + NOTE: htmlheadline not in unstable +CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...) + {DSA-678-1} + - netkit-rwho 0.17-8 +CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...) + {DSA-615-1} +CVE-2004-1178 + RESERVED +CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...) + {DSA-674-1} + - mailman 2.1.5-5 +CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...) + {DSA-639-1} + TODO: check +CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...) + {DSA-639-1} + TODO: check +CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...) + {DSA-639-1} + TODO: check +CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) + NOT-FOR-US: MSIE +CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) + NOT-FOR-US: Veritas Backup Exec +CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) + - kdelibs 4:3.3.1-2 + - kdebase 4:3.3.1-3 +CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...) + {DSA-612-1} + - a2ps 1:4.13b-4.2 (bug #283134) +CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) + - maxdb-webtools 7.5.00.19-1 +CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...) + - maxdb-webtools 7.5.00.19-1 +CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...) + NOT-FOR-US: gentoo mirrorselect +CVE-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...) + NOT-FOR-US: Microsoft +CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...) + {DSA-631-1} + TODO: check +CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...) + NOT-FOR-US: Cisco +CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...) + NOT-FOR-US: Cisco +CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...) + - scponly 4.0-1 +CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) + - rssh 2.2.3-1 +CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...) + NOT-FOR-US: Netscape +CVE-2004-1159 + REJECTED +CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...) + - kdelibs 4:3.3.1-3 + - kdebase 4:3.3.1-4 +CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...) + NOT-FOR-US: Opera +CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...) + - mozilla 2:1.7.6-1 + - mozilla-firefox 1.0.1 +CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) + NOT-FOR-US: Microsoft MSIE +CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) + {DSA-701-1} + - samba 3.0.10-1 +CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 +CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...) + NOT-FOR-US: Winamp +CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) + NOT-FOR-US: Computer Associates eTrust EZ Antivirus +CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) + - phpmyadmin 2:2.6.1-rc1-1 +CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) + - phpmyadmin 2:2.6.1-rc1-1 +CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) + - cvstrac 1.1.5 +CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) + - kdelibs 4:3.3.2-1 +CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) + NOTE: amd64 specific + - kernel-source-2.4.27 2.4.27-9 +CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...) + - mailman 2.1.5-5 +CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) + {DSA-613-1} + - ethereal 0.10.8 +CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...) + - ethereal 0.10.8 +CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) + - ethereal 0.10.8 +CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...) + - ethereal 0.10.8 +CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...) + - vim 1:6.3-046+0sarge1 +CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) + - kernel-image-2.4.27-i386 2.4.27-7 +CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...) + NOT-FOR-US: CuteFTP +CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...) + NOT-FOR-US: WS-Ftpd +CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) + NOT-FOR-US: Microsoft +CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) + NOT-FOR-US: Microsoft +CVE-2004-1132 + RESERVED +CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...) + NOT-FOR-US: SCO +CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...) + NOT-FOR-US: CMailServer +CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) + NOT-FOR-US: CMailServer +CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...) + NOT-FOR-US: CMailServer +CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...) + - opendchub 0.7.14-1.1 (bug #284350; bug #283061) +CVE-2004-1126 + RESERVED +CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) + {DSA-621-1 DSA-619-1} + - xpdf 3.00-11 + - cupsys 1.1.22-2 + - tetex-bin 2.0.2-25 + - gpdf 2.8.2-1 + - koffice 1:1.3.5-1 +CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...) + NOT-FOR-US: UnixWare +CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) + NOT-FOR-US: Darwin Streaming Server +CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) + NOT-FOR-US: Safari +CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) + NOT-FOR-US: Safari +CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) + {DSA-663-1} + - prozilla 1:1.3.7.3-1 +CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) + NOT-FOR-US: Winamp +CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...) + NOT-FOR-US: WodFtpDLX.ocx ActiveX component +CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...) + NOT-FOR-US: ChessBrain +CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) + NOT-FOR-US: GIMPS +CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...) + NOTE: gentoo-specific permissions problems in setaiathome +CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...) + NOT-FOR-US: Skype +CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...) + NOT-FOR-US: SQLgrey Postfix greylisting serivce +CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) + NOT-FOR-US: Cisco +CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...) + NOT-FOR-US: Cisco +CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) + - mtink 1.0.5 + NOTE: debian not vulnerable except in edge case +CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...) + NOT-FOR-US: Kerio Personal Firewall +CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...) + NOT-FOR-US: Gentoolkit +CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...) + NOT-FOR-US: Portage +CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...) + {DSA-642-1} + - gallery 1.4.4-pl4-1 +CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...) + NOT-FOR-US: Nortel Networks Contivity VPN Client +CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) + NOT-FOR-US: Microsoft +CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...) + NOT-FOR-US: MailPost +CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) + NOT-FOR-US: MailPost +CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...) + NOT-FOR-US: MailPost +CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...) + NOT-FOR-US: MailPost +CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) + NOT-FOR-US: Cisco +CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) + - mime-tools 5.415-1 +CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...) + NOT-FOR-US: Cherokee +CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) + - libarchive-zip-perl 1.14-1 +CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) + {DSA-608-1} + - zgv 5.7-1.3 (bug #284124) +CVE-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...) + NOT-FOR-US: RealPlayer +CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} + TODO: check +CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} + TODO: check +CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} + TODO: check +CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} + TODO: check +CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...) + NOT-FOR-US: Apple MacOS +CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) + NOT-FOR-US: Microsoft +CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) + - ncpfs 2.2.5-2 +CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...) + NOT-FOR-US: Citrix +CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...) + NOT-FOR-US: Citrix +CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...) + {DSA-609-1} + - atari800 1.3.2-1 +CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) + - zope-zwiki 0.37.0-1 +CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.4.27 2.4.27-7 +CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...) + NOTE: 2.6 only issue + - kernel-source-2.6.8 2.6.8-11 + NOTE: and the binaries built from it +CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) + - kernel-source-2.4.27 2.4.27-7 + - kernel-source-2.6.8 2.6.8-11 + NOTE: and the binary packages built from them +CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...) + NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems + NOTE: to only affect 2.2 series. + NOTE: 1.5.19 also seems ok +CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) + NOT-FOR-US: FreeBSD +CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...) + - php4 4:4.3.10-1 +CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...) + - php4 4:4.3.10-1 +CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...) + - php4 4:4.3.10-1 +CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...) + - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771) +CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...) + - bugzilla 2.16.7-2 +CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) + NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors +CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) + - mnogosearch 3.2.18-2.2 +CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) + NOTE: Fixed in 2.6.10 upstream + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-14 +CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...) + TODO: check back with dilinger about 2.6, previous fix in -9 has regressions + - kernel-source-2.4.27 2.4.27-10 +CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) + - kernel-source-2.4.27 2.4.27-8 + - kernel-image-2.4.27-i386 2.4.27-8 + - kernel-image-2.4.27-alpha 2.4.27-6 + - kernel-image-2.4.27-hppa 2.4.27-3 + - kernel-image-2.4.27-ia64 2.4.27-6 + - kernel-patch-2.4.27-mips 2.4.27-8.040815-1 + - kernel-patch-powerpc-2.4.27 2.4.27-3 + - kernel-image-2.4.27-sparc 2.4.27-2 + NOTE: above should cover 2.4 + - kernel-source-2.6.8 2.6.8-11 + NOTE: and the binaries built from it +CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) + - phpmyadmin 2:2.6.0-pl3-1 +CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) + NOT-FOR-US: AIX +CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) + NOT-FOR-US: fetch on FreeBSD +CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) + {DSA-595-1} + NOTE: bnc is not in sarge or unstable (is in woody) +CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...) + {DSA-596-2 DSA-596-1} + - sudo 1.6.8p3-1 +CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2004-1048 + RESERVED +CVE-2004-1047 + RESERVED +CVE-2004-1046 + RESERVED +CVE-2004-1045 + RESERVED +CVE-2004-1044 + RESERVED +CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) + NOT-FOR-US: MSIE +CVE-2004-1042 + RESERVED +CVE-2004-1041 + RESERVED +CVE-2004-1040 + RESERVED +CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...) + NOT-FOR-US: SCO UnixWare +CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...) + NOT-FOR-US: IEEE1394 specification bug, physical security +CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...) + - twiki 20030201-6 +CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...) + - squirrelmail 2:1.4.3a-3 +CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...) + - imapproxy 1.2.2+1.2.3rc2-1 +CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...) + - kaffeine 0.4.3.1-3 + - gxine 0.4-rc1 +CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...) + - fcron 2.9.5.1-1 +CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) + - fcron 2.9.5.1-1 +CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) + - fcron 2.9.5.1-1 +CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) + - fcron 2.9.5.1-1 +CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) + NOT-FOR-US: Sun JRE +CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) + NOT-FOR-US: AIX +CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...) + {DSA-652-1} + NOTE: sarge's unarj is from a different code base, probably not vulnerable +CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) + {DSA-628-1 DSA-618-1} + - imlib 1.9.14-17.1 (bug #284925) + - imlib+png2 1.9.14-16.1 + - imlib2 1.1.2-2.1 +CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...) + {DSA-618-1} + NOTE: fixed in patches for CVE-2004-1026 +CVE-2004-1024 + RESERVED +CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) + NOT-FOR-US: Kerio +CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) + NOT-FOR-US: Kerio +CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...) + NOT-FOR-US: MacOS +CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...) + - php4 4:4.3.10-1 +CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) + - php4 4:4.3.10-1 +CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...) + - php4 4:4.3.10-1 + - php3 3:3.0.18-29 +CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) + - kernel-source-2.4.27 2.4.27-9 +CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) + - kernel-image-2.4.27-i386 2.4.27-7 +CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) + NOTE: cyrus-imapd not vulnerable + NOTE: cyrus21-imapd not vulnerable +CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...) + {DSA-606-1} + - nfs-utils 1:1.0.6-3.1 +CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...) + {DSA-597-1} + - cyrus-imapd 1.5.19-20 + - cyrus21-imapd 2.1.17-1 +CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) + {DSA-597-1} + - cyrus-imapd 1.5.19-20 + - cyrus21-imapd 2.1.17-1 +CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) + NOTE: cyrus-imapd not vulnerable + NOTE: cyrus21-imapd not vulnetale +CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...) + {DSA-624-1} + - zip 2.30-8 +CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} + TODO: check +CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...) + - putty 0.56-1 +CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...) + - bogofilter 0.92.8-1 +CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) + {DSA-584-1} + - dhcp 2.0pl5-19.1 +CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...) + {DSA-639-1} + TODO: check +CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) + {DSA-639-1} + TODO: check +CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) + NOT-FOR-US: Trend ScanMail +CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...) + - ppp 2.4.2+20040428-3 +CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) + {DSA-585-1} + - shadow 1:4.0.3-30.3 + NOTE: apparently the fix was lost from sarge somehow, see #309587 + - shadow 1:4.0.3-31sarge5 +CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...) + {DSA-630-1} + - lintian 1.23.6 (bug #286379; low) +CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...) + {DSA-608-1} + - zgv 5.7-1.3 (bug #284124) +CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...) + {DSA-616-1} +CVE-2004-0997 + RESERVED +CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) + {DSA-610-1} + - cscope 15.5-1.1 (bug #282815) + NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. +CVE-2004-0995 + RESERVED +CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) + {DSA-614-1} + NOTE: only indication that it's this CAN is in the debian package changelog + - xzgv 0.8-3 +CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) + {DSA-604-1} +CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...) + NOT-FOR-US: Proxytunnel +CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) + - mpg123 0.59r-19 +CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) + {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} + - libgd2 2.0.30-1 + - libgd 1.8.4-36.1 +CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...) + {DSA-582-1} +CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...) + NOT-FOR-US: Apple +CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...) + {DSA-598-1} + - yardradius 1.0.20-15 +CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...) + {DSA-580-1} + - iptables 1.2.11-4 +CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...) + NOT-FOR-US: windows +CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...) + - mailutils 1:0.5-4 +CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) + {DSA-586-1} + - ruby1.8 1.8.1+1.8.2pre2-4 + - ruby1.6 1.6.8-12 +CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) + {DSA-578-1} + - mpg123 0.59r-18 +CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...) + {DSA-593-1} + - imagemagick 6:6.0.6.2-1.5 (bug #278401) +CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...) + {DSA-592-1} + - ez-ipupdate 3.0.11b8-8 +CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) + NOT-FOR-US: windows +CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...) + NOT-FOR-US: windows +CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...) + {DSA-577-1} + - postgresql 7.4.6-1 +CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...) + {DSA-620-1} + - perl 5.8.4-4 +CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) + {DSA-603-1} + - openssl 0.9.7e-3 + NOTE: also includes other security fixes than this CAN +CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...) + NOTE: local; low + - netatalk 1.6.4a-1 +CVE-2004-0973 + REJECTED +CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) + {DSA-583-1} + NOTE: lvmcreate_initrd not in debian +CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) + NOTE: not shipped in deb + - krb5 <unfixed> (bug #278271; low) + - arla 0.36.2-11 +CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...) + {DSA-588-1} + NOTE: sarge is not vulnerable as our version uses set -C +CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...) + - groff 1.18.1.1-2 +CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...) + {DSA-636-1} + - libc6 2.3.2.ds1-19 +CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...) + - gs-common 0.3.6-0.1 + - gs-gpl <unfixed> (bug #291373; low) + NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary +CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) + - gettext 0.14.1-6 +CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) + NOT-FOR-US: HP-UX +CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) + {DSA-587-1} + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + NOTE: DSA says zinf not vulnerable in sarge + - zinf 2.2.5 +CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...) + NOT-FOR-US: windows +CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) + NOT-FOR-US: Apple Remote Desktop Client +CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...) + - freeradius 1.0.1 +CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) + - freeradius 1.0.1 +CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...) + - php4 4:4.3.9 +CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...) + - php4 4:4.3.9 +CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) + {DSA-707-1} + - mysql-dfsg-4.1 4.1.10a-6 + - mysql-dfsg 4.0.24-5 +CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge +CVE-2004-0955 + REJECTED + {DSA-571-1 DSA-570-1} +CVE-2004-0954 + REJECTED +CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) + NOTE: jabber version 2 is vulnerable, we have an older version that seems not +CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...) + NOT-FOR-US: HP-UX +CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...) + NOT-FOR-US: HP-UX +CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) + NOT-FOR-US: NetOp Host +CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) + NOTE: fixed in 2.4.28, 2.6.9 + TODO: check with kernel people re 2.4.27 +CVE-2004-0948 + REJECTED +CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) + {DSA-652-1} + NOTE: see http://lwn.net/Alerts/110733/ + NOTE: sarge's unarj is from a different code base, probably not vulnerable +CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) + NOTE: does not apply per maintainer +CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) + NOT-FOR-US: Mitel 3300 Integrated Communications Platform +CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) + NOT-FOR-US: Mitel 3300 Integrated Communications Platform +CVE-2004-0943 + RESERVED +CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) + - apache2 2.0.52-2 +CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) + {DSA-602-1 DSA-601-1} + - libgd2 2.0.33-1.1 + - libgd 1.8.4-36.1 +CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...) + {DSA-594-1} + - apache 1.3.33-2 +CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) + NOT-FOR-US: Neoteris Instant Virtual Extranet +CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) + - freeradius 1.0.1 +CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) + NOT-FOR-US: Sophos Anti-Virus +CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...) + NOT-FOR-US: RAV antivirus +CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...) + NOT-FOR-US: Eset anti-virus +CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...) + NOT-FOR-US: Kaspersky antivirus + NOTE: Kaspersky engine is supported by amavas-ng +CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...) + NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus +CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) + NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers +CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...) + - maxdb-7.5.00 7.5.00.18 +CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...) + - samba 3.0.8-1 +CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...) + NOTE: tiff3g was removed from debian +CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...) + NOT-FOR-US: Macromedia +CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...) + NOT-FOR-US: MacOS +CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) + NOT-FOR-US: MacOS +CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...) + NOT-FOR-US: MacOS +CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...) + NOT-FOR-US: MacOS +CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) + {DSA-566-1} +CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) + NOT-FOR-US: MacOS +CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) + NOT-FOR-US: MacOS +CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...) + NOT-FOR-US: norton +CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...) + NOT-FOR-US: FreeBSD +CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...) + {DSA-576-1} + - squid 2.5.7 +CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...) + NOT-FOR-US: Vignette Application Portal +CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...) + {DSA-574-1} + - cabextract 1.1-1 +CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...) + {DSA-605-1} + - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 +CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) + {DSA-607-1} + NOTE: Previous -9 fix had some issues of its own + - xfree86 4.3.0.dfsg.1-14 (bug #309143) + NOTE: lesstif1 and 2 have to be fixed separately + - lesstif1 1:0.93.94-11.3 (bug #294099) + NOTE: but lesstif2 did get fixed for this hole.. + - lesstif2 1:0.93.94-11.2 + NOTE: openmotif is non-free + - openmotif 2.2.3-1.1 (bug #309819; medium) +CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) + {DSA-572-1} + - squid 2.5.6-9 +CVE-2004-0912 + RESERVED +CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) + {DSA-569-1 DSA-556-1} +CVE-2004-0910 + REJECTED +CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...) + NOT-FOR-US: non-debian package issue +CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 2:1.7.3 + - mozilla-thunderbird 0.8 +CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...) + NOT-FOR-US: Microsoft +CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) + NOT-FOR-US: Microsoft +CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) + NOT-FOR-US: Microsoft +CVE-2004-0898 + RESERVED +CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...) + NOT-FOR-US: Windows +CVE-2004-0896 + RESERVED +CVE-2004-0895 + RESERVED +CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...) + NOT-FOR-US: Microsoft +CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...) + NOT-FOR-US: Microsoft +CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...) + NOT-FOR-US: Microsoft +CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...) + - gaim 1:1.0.2 +CVE-2004-0890 + REJECTED +CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...) + {DSA-573-1} +CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) + {DSA-599-1 DSA-581-1 DSA-573-1} + - koffice 1:1.3.4-1 + NOTE: only affects source package, not used in binary + - cupsys <unfixed> (bug #324460; unimportant) +CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) + NOTE: waldi provided this info + - linux-kernel-image-2.6.8-s390 2.6.8-3 + - kernel-source-2.6.8 2.6.8-10 + - kernel-source-2.6.9 2.6.9-3 +CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) + {DSA-567-1} + - kdegraphics 3.3.2-1 +CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) + - apache2 2.0.52-2 +CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) + {DSA-568-1 DSA-563-1} +CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) + - kernel-source-2.4.27 2.4.27-6 + - kernel-source-2.6.8 2.6.8-13 + - kernel-source-2.6.9 2.6.9-3 + - kernel-source-2.6.10 2.6.10-4 +CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...) + NOTE: details http://security.e-matters.de/advisories/132004.html + - samba 3.0.7 +CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) + {DSA-553-1} +CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...) + {DSA-553-1} +CVE-2004-0879 + RESERVED +CVE-2004-0878 + RESERVED +CVE-2004-0877 + RESERVED +CVE-2004-0876 + RESERVED +CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) + - phpgroupware 0.9.16.002 +CVE-2004-0874 + REJECTED +CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...) + NOT-FOR-US: apple +CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...) + NOT-FOR-US: Opera +CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...) + NOTE: upstream knows about the problem, no fix expected + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 + NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html + NOTE: fix doesn't look likely any time soon + TODO: followup +CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...) + NOTE: upstream knows about the problem, no fix expected + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 + NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html + NOTE: fix doesn't look likely any time soon + TODO: followup +CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...) + NOT-FOR-US: MSIE +CVE-2004-0868 + REJECTED +CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...) + - mozilla-firefox 0.9.3 +CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...) + NOT-FOR-US: MSIE +CVE-2004-0865 + RESERVED +CVE-2004-0864 + RESERVED +CVE-2004-0863 + RESERVED +CVE-2004-0862 + RESERVED +CVE-2004-0861 + RESERVED +CVE-2004-0860 + RESERVED +CVE-2004-0859 + RESERVED +CVE-2004-0858 + RESERVED +CVE-2004-0857 + RESERVED +CVE-2004-0856 + RESERVED +CVE-2004-0855 + RESERVED +CVE-2004-0854 + RESERVED +CVE-2004-0853 + RESERVED +CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) + {DSA-611-1} +CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...) + {DSA-559-1} +CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...) + - star 1.5a46 +CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + TODO: which radius daemon in debian is "GNU Radius" (if any)? +CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...) + NOT-FOR-US: microsoft +CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) + NOT-FOR-US: microsoft +CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) + NOT-FOR-US: microsoft +CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...) + NOT-FOR-US: microsoft +CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) + NOT-FOR-US: microsoft +CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...) + NOT-FOR-US: microsoft +CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...) + NOT-FOR-US: microsoft +CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...) + NOT-FOR-US: microsoft +CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...) + NOT-FOR-US: microsoft +CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) + NOT-FOR-US: microsoft +CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...) + {DSA-562-2} +CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) + {DSA-562-2} +CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...) + {DSA-562-2} +CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...) + - speedtouch 1.3.1 +CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...) + {DSA-554-1} +CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...) + - squid 2.5.6-8 +CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) + NOT-FOR-US: McAfee +CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) + - samba 2.2.11 +CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) + NOTE: not-fos-us (AIX) +CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...) + {DSA-547-1} + - imagemagick 5:6.0.7.1-1 +CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) + NOT-FOR-US: netscape NSS +CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...) + NOT-FOR-US: Apple +CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...) + NOT-FOR-US: Apple +CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...) + NOT-FOR-US: Apple +CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...) + NOT-FOR-US: Apple +CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...) + NOT-FOR-US: Apple +CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: winamp +CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) + NOT-FOR-US: openbsd +CVE-2004-0818 + RESERVED + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge +CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) + {DSA-548-1} + - imlib+png2 1.9.14-16.2 + - imlib 1.9.14-17 (bug #285025) +CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) + NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes +CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) + {DSA-600-1} + - samba 3.0.6-1 (bug #274342) +CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...) + - kernel-source-2.6.8 2.6.8-8 + - kernel-source-2.4.27 2.4.27-7 + NOTE: and all kernels build from it: +CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...) + NOTE: ide-cd SG_IO vulnerability + NOTE: fixed in recent 2.6 and 2.4 kernels +CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...) + NOTE: only affects kernels before 2.4.23 on amd64 +CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...) + - apache2 2.0.52 +CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...) + NOT-FOR-US: Netopia Timbuktu +CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...) + {DSA-558-1} + - apache2 2.0.51-1 +CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...) + - samba 3.0.7 +CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...) + - samba 3.0.7 +CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...) + - cdrtools 4:2.0+a34-2 +CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) + {DSA-564-1} + - mpg123 0.59r-16 +CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) + {DSA-567-1} + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - kdegraphics 3.3.2-1 +CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) + {DSA-567-1} + - kdegraphics 3.3.2-1 +CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) + {DSA-552-1} +CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) + - foomatic-filters 3.0.2 +CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) + NOT-FOR-US: Solaris +CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) + NOT-FOR-US: Ipswitch WhatsUp Gold +CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...) + NOT-FOR-US: Ipswitch WhatsUp Gold +CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) + - zlib 1:1.2.1.1-6 +CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...) + - spamassassin 2.64 +CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) + NOT-FOR-US: IBM DB2 DB2RCMD.EXE +CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...) + {DSA-551-1} +CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...) + - bsdmainutils 6.0.15 +CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) + - rsync 2.6.3 +CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) + NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors occur + NOTE: Kernel will never abort due to an ICMP packet +CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) + - kernel-source-2.6.8 2.6.8-16 (bug #305664) + - kernel-source-2.4.27 2.4.27-10 (bug #305664) +CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...) + TODO: check +CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...) + {DSA-549-1 DSA-546-1} +CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) + NOT-FOR-US: seems OpenCA is +CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - apache2 2.0.51 +CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...) + - gaim 1:0.82 +CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...) + - gaim 1:0.82 +CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) + {DSA-549-1} +CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) + {DSA-549-1 DSA-546-1} +CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...) + {DSA-541} +CVE-2004-0780 + RESERVED +CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) + - mozilla 2:1.7 + - mozilla-firefox 0.9 +CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...) + - cvs 1:1.12.9 +CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - courier-imap 2.2.2 +CVE-2004-0776 + RESERVED +CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) + NOT-FOR-US: Windows +CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...) + NOT-FOR-US: Real Helix server +CVE-2004-0773 + RESERVED +CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...) + {DSA-543-1} +CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...) + - lha 1.14i-9 (bug #279870) +CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...) + - dgen 1.23-6 +CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...) + - lha 1.14i-9 (bug #279870) +CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...) + {DSA-536} +CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) + NOT-FOR-US: NGSEC StackDefender +CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) + NOT-FOR-US: NGSEC StackDefender +CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...) + - mozilla 2:1.7 + - mozilla-firefox 0.9 +CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) + - mozilla 2:1.7 + - mozilla-firefox 0.9 +CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...) + - mozilla-firefox 0.9.3 +CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) + - mozilla 2:1.7 + - mozilla-firefox 0.9 +CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) + - mozilla 2:1.7 + - mozilla-firefox 0.9 +CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...) + - mozilla 2:1.7.2 + - mozilla-firefox 0.9.3 +CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...) + - mozilla 2:1.7 +CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...) + - mozilla 2:1.7.2 + - mozilla-firefox 0.9.3 +CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) + - mozilla 2:1.7 + - mozilla-firefox 0.9 +CVE-2004-0756 + RESERVED +CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) + {DSA-537} + - gaim 1:0.82.1-1 +CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) + - gaim 1:0.82.1-1 +CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...) + {DSA-546-1} +CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...) + - openoffice.org 1.1.2-4 +CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...) + - apache2 2.0.50-11 +CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) + NOT-FOR-US: Red Hat specific +CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...) + - subversion 1.0.9-2 +CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) + - apache2 2.0.51 +CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - apache2 2.0.51 +CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) + - kdelibs 4:3.2.3-3.sarge.1 + NOTE: in t-p-u; 4.3.3 in unstable also fixes it +CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...) + - lha 1.14i-10 (bug #279870) +CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...) + NOT-FOR-US: MacOS +CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...) + NOT-FOR-US: MacOS +CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...) + NOT-FOR-US: Sun Java System Portal Server +CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...) + NOT-FOR-US: LionMax Software WWW File Share Pro +CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...) + NOT-FOR-US: Lexmark +CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) + NOT-FOR-US: Whisper FTP Surfer +CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...) + NOT-FOR-US: phpnuke +CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...) + NOT-FOR-US: phpnuke +CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...) + NOT-FOR-US: phpnuke +CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...) + NOT-FOR-US: various windows games +CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...) + NOT-FOR-US: Web_Store.cgi +CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) + NOT-FOR-US: OllyDbg +CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...) + NOT-FOR-US: phpnuke +CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...) + NOT-FOR-US: phpnuke +CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...) + - phpbb2 2.0.10 +CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) + - phpbb2 2.0.10 +CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...) + NOT-FOR-US: Microsoft +CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) + NOT-FOR-US: Microsoft +CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...) + NOT-FOR-US: Microsoft +CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...) + - moodle 1.4 +CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...) + NOT-FOR-US: Half Life +CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) + NOT-FOR-US: Microsoft +CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...) + - mozilla 2:1.6 +CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) + - konqueror 4:3.2.3-1.sarge.1 + - kdelibs 4:3.2.3-3.sarge.1 + NOTE: in t-p-u; also fixed in 4.3.3 in unstable +CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...) + NOT-FOR-US: Safari +CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) + NOTE: not-fos-us (Microsoft) +CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) + {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} + NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent + NOTE: upstream versions became vulnerable again, see + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850 + NOTE: and were fixed again, it got CVE-2005-1937 for the reversion + - mozilla 2:1.7.8-1sarge1 (medium) + - mozilla-firefox 1.0.4-2sarge3 (medium) +CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) + NOT-FOR-US: opera 7.50 +CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) + NOT-FOR-US: HP-UX +CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...) + NOT-FOR-US: BEA WebLogic Server and WebLogic Express +CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) + NOT-FOR-US: Cisco +CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...) + NOT-FOR-US: BEA WebLogic Server and WebLogic Express +CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) + NOT-FOR-US: Cisco +CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...) + NOT-FOR-US: HP OpenView Select Access +CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) + - moin 1.2.2 +CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) + - bugzilla 2.16.7-0.1 +CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...) + NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian +CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + - bugzilla 2.16.7-0.1 +CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...) + - bugzilla 2.16.7-0.1 +CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...) + NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian +CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...) + NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian +CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...) + NOT-FOR-US: Solaris +CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...) + {DSA-532} +CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...) + NOT-FOR-US: Check Point VPN +CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...) + NOT-FOR-US: WebSTAR +CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...) + NOT-FOR-US: WebSTAR +CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...) + NOT-FOR-US: WebSTAR +CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...) + NOT-FOR-US: WebSTAR +CVE-2004-0694 + RESERVED + - lha 1.14i-10 (bug #279870) +CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...) + {DSA-542-1} +CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...) + {DSA-542-1} +CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...) + {DSA-542-1} +CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...) + - kdelibs 4:3.2.3-3.sarge.1 + NOTE: in t-p-u, 4.3.3 in unstable is also fixed +CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) + {DSA-539} +CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...) + {DSA-561-1 DSA-560-1} + NOTE: Matej Vela has checked that these are backported to lesstif1 as well + - lesstif1-1 1:0.93.94-9 + NOTE: openmotif is non-free + - openmotif 2.2.3-1.1 (bug #308819; low) +CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) + {DSA-561-1 DSA-560-1} + NOTE: Matej Vela has checked that these are backported to lesstif1 as well + - lesstif1-1 1:0.93.94-9 + NOTE: openmotif is non-free + - openmotif 2.2.3-1.1 (bug #308819; low) +CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) + - samba 3.0.5 (bug #260839; bug #260838) +CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) + NOTE: Fixed in upstream 2.4.27 +CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) + NOT-FOR-US: WebSphere Edge Server +CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...) + NOT-FOR-US: Norton +CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...) + NOT-FOR-US: Comersus Cart +CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + NOT-FOR-US: Comersus Cart +CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...) + NOT-FOR-US: Zoom DSL modem +CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...) + NOT-FOR-US: UnrealIRCd +CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...) + NOT-FOR-US: 12Planet Chat Server +CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...) + NOT-FOR-US: Fastream NETFile FTP Server +CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...) + NOT-FOR-US: Fastream NETFile FTP Server +CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...) + NOT-FOR-US: c32web.exe +CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...) + NOT-FOR-US: Enterasys XSR-1800 series Security Routers +CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...) + NOT-FOR-US: SCI Photo Chat Server +CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) + NOT-FOR-US: Netegrity IdentityMinder Web Edition +CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...) + NOT-FOR-US: Brightmail Spamfilter +CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...) + NOT-FOR-US: Rompager +CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...) + NOT-FOR-US: Lotus +CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...) + NOT-FOR-US: Lotus +CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...) + NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable. + - kernel-patch-adamantix 1.6 +CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...) + NOT-FOR-US: popclient +CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...) + NOT-FOR-US: csFAQ +CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...) + NOT-FOR-US: PowerPortal +CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) + NOT-FOR-US: PowerPortal +CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) + NOT-FOR-US: PowerPortal +CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...) + NOT-FOR-US: D-Link AirPlus DI-614+ +CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) + NOT-FOR-US: CuteNews +CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...) + NOT-FOR-US: mplayer +CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...) + NOTE: invalid according to www.osvdb.org/7253 +CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...) + - ntp 4.0 +CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...) + - pure-ftpd 1.0.19-1 +CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...) + NOT-FOR-US: Gentoo specific +CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...) + NOT-FOR-US: Solaris +CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...) + NOT-FOR-US: Solaris +CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) + NOT-FOR-US: BEA WebLogic Server and WebLogic Express +CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) + NOTE: JRE is not in Debian, assuming the various wrappers handle + NOTE: the new version. Not worrying about upgrades. +CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) + NOT-FOR-US: Cisco +CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) + {DSA-530} +CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...) + - mozilla 2:1.7.1 + - mozilla-firefox 0.9.2 + - mozilla-thunderbird 0.7.2 +CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...) + - shorewall 2.0.3a +CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...) + NOT-FOR-US: JRun +CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) + {DSA-579-1 DSA-550-1} +CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...) + {DSA-543-1} +CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...) + {DSA-543-1} +CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...) + {DSA-543-1} +CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...) + NOT-FOR-US: Thomson hardware ADSL router +CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...) + {DSA-529} +CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...) + {DSA-535} +CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...) + NOT-FOR-US: Oracle +CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...) + NOT-FOR-US: Oracle +CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...) + {DSA-528} +CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...) + - ethereal 0.10.5 +CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...) + - ethereal 0.10.5 +CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...) + NOT-FOR-US: adobe reader +CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...) + NOT-FOR-US: adobe acrobat +CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...) + NOT-FOR-US: adobe acrobat +CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) + NOT-FOR-US: adobe acrobat +CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) + NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version +CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) + TODO: Unclear if older MySQL versions are affected. Code seems to be + TODO: present in a different function, but exploit does not work. + - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium) + - mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive) +CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) + NOTE: fixed after 2.6.6 kernel +CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) + NOT-FOR-US: Infinity WEB +CVE-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...) + NOT-FOR-US: Artmedic links +CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) + {DSA-590-1} + - gnats 4.0-6.1 +CVE-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...) + NOT-FOR-US: MacOS +CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...) + NOT-FOR-US: Newsletter ZWS +CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...) + NOT-FOR-US: vBulletin +CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...) + NOT-FOR-US: Linux Broadcom 5820 cryptonet driver + NOTE: does not seem to be part of linux kernel or other package +CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...) + NOT-FOR-US: freebsd +CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...) + NOT-FOR-US: ArbitroWeb +CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...) + NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router +CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) + NOT-FOR-US: D-Link DI-614+ SOHO router +CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...) + NOT-FOR-US: osTicket +CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) + NOT-FOR-US: osTicket +CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...) + NOT-FOR-US: ZoneAlarm Pro +CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...) + NOT-FOR-US: Netgear FVS318 VPN Router +CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...) + NOT-FOR-US: Microsoft MN-500 Wireless Router +CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) + - rssh 2.2.1 +CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) + NOT-FOR-US: Unreal Engine +CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...) + - racoon 0.3.3-1 +CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...) + NOT-FOR-US: Infoblox DNS One +CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) + NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug". + NOTE: Does not match posted patch. Mailed Debian maintainer. +CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) + NOT-FOR-US: giFT-FastTrack not in debian +CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...) + NOT-FOR-US: Gentoo-specific bug in gzip introduced by botched security fix +CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...) + NOT-FOR-US: FreeBSD +CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...) + - distcc 2.18.1-4 +CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...) + - samba 3.0.5 (bug #260838) +CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) + {DSA-536} +CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) + {DSA-536} +CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...) + {DSA-536} +CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...) + NOTE: Fixed in upstream ( <= 2.6.7) +CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...) + {DSA-669-1 DSA-531} + - php3 3:3.0.18-27 +CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...) + {DSA-669-1 DSA-531} + NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned + NOTE: in the changelog. +CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...) + NOT-FOR-US: Sygate Enforcer +CVE-2004-0592 + RESERVED +CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...) + {DSA-533} +CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...) + - freeswan 2.04-10 + - openswan 2.2.0 +CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...) + NOT-FOR-US: Cisco +CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...) + - usermin 1.090-1 +CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...) + - qla2x00-source 7.01.01-1 +CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Windows +CVE-2004-0585 + REJECTED +CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...) + - imp3 3.2.4 +CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) + {DSA-526} + - usermin 1.090-1 + - webmin 1.150-1 +CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...) + {DSA-526} + - usermin 1.090-1 +CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) + NOT-FOR-US: Mandrake script +CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...) + NOT-FOR-US: Linksys routers +CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) + {DSA-522} +CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) + NOT-FOR-US: Wingate +CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) + NOT-FOR-US: Wingate +CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) + NOT-FOR-US: GNU radius +CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) + NOT-FOR-US: Windows +CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...) + NOT-FOR-US: Windows +CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...) + NOT-FOR-US: Windows +CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...) + NOT-FOR-US: Windows +CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...) + NOT-FOR-US: Microsoft +CVE-2004-0570 + RESERVED +CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...) + NOT-FOR-US: Windows +CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...) + NOT-FOR-US: HyperTerminal +CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) + NOT-FOR-US: Windows +CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) + NOT-FOR-US: Windows +CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...) + NOTE: ia64 only + NOTE: appears fixed in 2.4.27/2.6.8 +CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) + {DSA-557-1} +CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...) + {DSA-555-1} +CVE-2004-0562 + RESERVED +CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...) + {DSA-638-1} + TODO: check +CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...) + {DSA-638-1} + TODO: check +CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...) + {DSA-544-1} +CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...) + {DSA-545-1} +CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) + {DSA-565-1} +CVE-2004-0556 + RESERVED +CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) + {DSA-643-1} + TODO: check +CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...) + NOTE: this was a big deal and is fixed in all current kernels +CVE-2004-0553 + RESERVED +CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...) + NOT-FOR-US: Sophos Small Business Suite +CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...) + NOT-FOR-US: Cisco +CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) + NOT-FOR-US: Real Player +CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...) + NOT-FOR-US: Windows +CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...) + - aspell 0.50.5-3 +CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) + {DSA-516} +CVE-2004-0546 + RESERVED +CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...) + NOT-FOR-US: AIX +CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) + NOT-FOR-US: AIX +CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) + NOT-FOR-US: Oracle +CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) + NOT-FOR-US: php4 bug only affects Windows +CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) + - squid 2.5.5-5 +CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) + NOT-FOR-US: Windows +CVE-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...) + NOT-FOR-US: MacOS +CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...) + NOT-FOR-US: MacOS +CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) + NOT-FOR-US: Opera +CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) + - tripwire 2.3.1.2.0-2.1 +CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) + NOTE: fixed in 2.4.27 +CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) + NOT-FOR-US: Business Objects WebIntelligence +CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...) + NOT-FOR-US: Business Objects WebIntelligence +CVE-2004-0532 + RESERVED +CVE-2004-0531 + RESERVED +CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) + NOT-FOR-US: Slackware specific rpath issue +CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) + NOT-FOR-US: cPanel is not our cpanel +CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...) + NOT-FOR-US: Netscape Navigator 7.1 +CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...) + NOTE: konquror 2.2.2 and earlier, later should not be vulnerale + NOTE: but did not check in detail +CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...) + NOT-FOR-US: Windows +CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...) + NOT-FOR-US: iLO +CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...) + NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian +CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) + {DSA-520} +CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...) + {DSA-512} +CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...) + {DSA-535} +CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) + {DSA-535} +CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) + {DSA-535} +CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) + NOT-FOR-US: MacOS +CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...) + NOT-FOR-US: MacOS +CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...) + NOT-FOR-US: MacOS +CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) + NOT-FOR-US: MacOS +CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) + NOT-FOR-US: MacOS +CVE-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to "logging when ...) + NOT-FOR-US: MacOS +CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) + NOT-FOR-US: SCO MMDF +CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) + NOT-FOR-US: SCO MMDF +CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...) + NOT-FOR-US: SCO MMDF +CVE-2004-0509 + RESERVED +CVE-2004-0508 + RESERVED +CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...) + - ethereal 0.10.4 +CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...) + - ethereal 0.10.4 +CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) + - ethereal 0.10.4 +CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...) + - ethereal 0.10.4 +CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...) + NOT-FOR-US: Microsoft +CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) + NOT-FOR-US: Microsoft +CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...) + NOT-FOR-US: Microsoft +CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) + - gaim 1:0.81-3 +CVE-2004-0499 + RESERVED +CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...) + NOT-FOR-US: StoneSoft firewall engine +CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...) + NOTE: linux kernel fchown hole, fixed in all current kernels +CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) + NOTE: fixed in 2.6.7 +CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...) + NOTE: fixed in 2.4.27-rc1 +CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...) + - gnome-vfs 1.0.1 + TODO: Fedora fixed this in a recent mc advisory, we should double-check whether + TODO: this applies to Debian's mc package +CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...) + - apache2 2.0.50-1 +CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...) + {DSA-525} + - apache 1.3.31-2 +CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...) + NOTE: appears redhat specific +CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...) + NOT-FOR-US: cPanel is not our cpanel +CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) + NOT-FOR-US: MacOS +CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...) + {DSA-532} + - apache2 2.0.50-1 +CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...) + NOT-FOR-US: Norton +CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) + NOT-FOR-US: MacOS +CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...) + NOT-FOR-US: MacOS +CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...) + NOT-FOR-US: Microsoft +CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) + NOT-FOR-US: IRIX +CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...) + NOT-FOR-US: OpenBSD +CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...) + NOT-FOR-US: the KCMS on Solaris +CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...) + NOT-FOR-US: Lotus Notes +CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Microsoft +CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...) + NOTE: only a Mozilla DOS + TODO: not even fixed upstream +CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...) + NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router +CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...) + NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router +CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) + NOT-FOR-US: Microsoft +CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...) + NOT-FOR-US: Help Center (HelpCtr.exe) +CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...) + NOT-FOR-US: opera +CVE-2004-0472 + REJECTED +CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) + NOT-FOR-US: BEA WebLogic +CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) + NOT-FOR-US: BEA WebLogic +CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) + NOT-FOR-US: Check Point VPN +CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) + NOT-FOR-US: Juniper JUNOS +CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...) + NOT-FOR-US: Juniper JUNOS +CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...) + NOT-FOR-US: WebConnect +CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...) + NOT-FOR-US: WebConnect +CVE-2004-0464 + RESERVED +CVE-2004-0463 + RESERVED +CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...) + NOT-FOR-US: Multiple embedded hardware vendors +CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) + NOTE: debian probably not vulnerable + - dhcp3 3.0.1 +CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) + - dhcp3 3.0.1 +CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...) + NOT-FOR-US: DOS in 802.11 protocol +CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...) + {DSA-503} + - mah-jong 1.6.2-1 +CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...) + {DSA-540} +CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...) + {DSA-527} +CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) + {DSA-523} +CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...) + {DSA-524} + - rlpr 2.05-1 (bug #255402) +CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...) + - vice 1.14-2 +CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) + {DSA-620-1} +CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) + {DSA-521} +CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...) + {DSA-513} +CVE-2004-0449 + RESERVED +CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) + {DSA-510} +CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) + NOTE: fixed in linux 2.4.26 +CVE-2004-0446 + RESERVED +CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...) + NOT-FOR-US: Norton +CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...) + NOT-FOR-US: Norton +CVE-2004-0443 + RESERVED +CVE-2004-0442 + RESERVED +CVE-2004-0441 + RESERVED +CVE-2004-0440 + RESERVED +CVE-2004-0439 + RESERVED +CVE-2004-0438 + RESERVED +CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...) + NOT-FOR-US: Titan FTP Server +CVE-2004-0436 + RESERVED +CVE-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...) + NOT-FOR-US: FreeBSD +CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...) + {DSA-504} +CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...) + NOTE: mplayer not in Debian + - xine-lib 1-rc4 +CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) + - proftpd 1.2.9-4 +CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...) + NOT-FOR-US: Apple QuickTime +CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) + NOT-FOR-US: MacOS +CVE-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) + NOT-FOR-US: RAdmin for Mac OS X +CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) + NOT-FOR-US: Mac OS X) +CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) + - linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive) + - kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive) + NOTE: Fixed in 2.6.6/2.4.26 kernel +CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) + {DSA-499} +CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...) + NOT-FOR-US: windows +CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) + NOTE: fixed after 2.6.4/2.4.26 kernel +CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) + NOTE: bug still exists in the ssmtp source, but is only activated if + NOTE: --enable-logfile is used in ./configure + NOTE: The package doesn't enable that flag so it is safe. +CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...) + {DSA-500} +CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...) + {DSA-498} +CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...) + NOT-FOR-US: windows +CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...) + NOTE: reserved (baruch) +CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) + {DSA-519} + - cvs 1:1.12.9-1 +CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...) + {DSA-519} + - cvs 1:1.12.9-1 +CVE-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...) + {DSA-519} + - cvs 1:1.12.9-1 +CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) + NOTE: fixed in 2.4.27-rc6, so fixed in kernel-source-2.4.27 +CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) + {DSA-517} + - cvs 1:1.12.9-1 +CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...) + - subversion 1.0.5-1 +CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) + - mailman 2.1.4-5 +CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...) + {DSA-518} +CVE-2004-0410 + RESERVED + NOTE: An empty CAN, never published. +CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) + {DSA-493} + - xchat 2.0.8-1 +CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...) + {DSA-494} +CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) + NOT-FOR-US: ColdFusion +CVE-2004-0406 + RESERVED +CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) + {DSA-486} + - cvs 1:1.12.5-4 +CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...) + {DSA-488} +CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...) + - racoon 0.3.1-3 +CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...) + {DSA-508} +CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...) + - libtasn1 0.1.2-2 +CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...) + {DSA-502 DSA-501} + - exim 3.36-11 +CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) + {DSA-502 DSA-501} + - exim 3.36-11 +CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...) + {DSA-507 DSA-506} + +CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...) + - subversion 1.0.3-1 + NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791 +CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) + {DSA-505} + - cvs 1:1.12.5-6 +CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...) + {DSA-509} +CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) + NOTE: apparently not very exploitable, does not affect 2.6 + NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch + NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug +CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...) + {DSA-524} +CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) + - apache 1.3.31-2 +CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) + NOT-FOR-US: Cisco Wireless LAN Solution Engine +CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) + NOT-FOR-US: SCO OpenServer +CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) + NOT-FOR-US: RealNetworks Helix Universal Server +CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) + {DSA-483} +CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...) + NOT-FOR-US: RealPlayer plugin +CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...) + NOT-FOR-US: mplayer; not in the archive +CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...) + NOT-FOR-US: Oracle 9i Application Server Web Cache +CVE-2004-0384 + RESERVED +CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...) + NOT-FOR-US: Mail for Mac OS X +CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...) + NOT-FOR-US: CUPS printing system in Mac OS X +CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) + {DSA-483} +CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...) + NOT-FOR-US: Microsoft Outlook Express +CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) + NOT-FOR-US: Microsoft SharePoint Portal Server 2001 +CVE-2004-0378 + RESERVED +CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) + NOT-FOR-US: perl; Win32 is affected, UNIX systems not +CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) + {DSA-473} +CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) + NOT-FOR-US: Symantec Norton Internet Security +CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...) + {DSA-471} +CVE-2004-0373 + RESERVED +CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...) + {DSA-477} +CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...) + {DSA-476} +CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) + NOT-FOR-US: KAME +CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) + NOT-FOR-US: Entrust LibKmp ISAKMP library +CVE-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) + NOT-FOR-US: CDE +CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) + - ethereal 0.10.3 (bug #239576) +CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...) + {DSA-469} + NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask + NOTE: for approval on d-release + - pam-pgsql 0.5.2-9 +CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...) + - ethereal 0.10.3 (bug #239576) +CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...) + NOT-FOR-US: WrapNISUM ActiveX +CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...) + NOT-FOR-US: SymSpamHelper ActiveX +CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...) + NOT-FOR-US: ISS Protocol Analysis Module +CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...) + NOT-FOR-US: safari +CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) + NOT-FOR-US: solaris +CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...) + NOT-FOR-US: Invision Power Board +CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) + NOT-FOR-US: VirtuaNews Admin Panel +CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...) + NOT-FOR-US: SL Mail Pro +CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...) + NOT-FOR-US: Invision Power Board +CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...) + NOT-FOR-US: GNU Anubis +CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...) + NOT-FOR-US: GNU Anubis +CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...) + NOT-FOR-US: Cisco +CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) + NOT-FOR-US: Spider Sales +CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...) + NOT-FOR-US: Spider Sales +CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...) + NOT-FOR-US: GWeb HTTP Server +CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...) + NOT-FOR-US: SpiderSales +CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...) + - proftpd 1.2.9 +CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...) + NOT-FOR-US: Red Faction +CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...) + NOT-FOR-US: YaBB SE +CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) + NOT-FOR-US: YaBB SE +CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...) + NOT-FOR-US: WFPTD +CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) + NOT-FOR-US: WFPTD +CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...) + NOT-FOR-US: WFPTD +CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...) + - phpbb2 2.0.6d +CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...) + NOT-FOR-US: Invision Board Forum +CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) + NOT-FOR-US: 602LAN SUITE +CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...) + NOT-FOR-US: 602LAN SUITE +CVE-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...) + NOT-FOR-US: AXIS 2100 +CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...) + - uudeview 0.5.20 (medium) +CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...) + NOT-FOR-US: extremail +CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) + NOT-FOR-US: Dell OpenManage Web Server +CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...) + NOT-FOR-US: Serv-U +CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...) + NOT-FOR-US: FreeChat +CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...) + NOT-FOR-US: Gigabyte Broadband Router +CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...) + NOT-FOR-US: PhpNewsManager +CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) + NOT-FOR-US: GateKeeper Pro +CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) + NOT-FOR-US: TypSoft +CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...) + NOT-FOR-US: confirm 0.70 +CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...) + NOT-FOR-US: xmb 1.8 final sp2 +CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...) + NOT-FOR-US: xmb 1.8 final sp2 +CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) + NOT-FOR-US: Team Factor +CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...) + NOT-FOR-US: ezBoard +CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...) + NOT-FOR-US: Load Sharing Facility +CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...) + NOT-FOR-US: Load Sharing Facility +CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...) + NOT-FOR-US: Avirt +CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) + NOT-FOR-US: Avirt +CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...) + NOT-FOR-US: WebzEdit +CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...) + NOT-FOR-US: PSOProxy +CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...) + NOT-FOR-US: LINKSYS +CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) + NOT-FOR-US: APC +CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...) + NOT-FOR-US: LiveJournal +CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...) + NOT-FOR-US: cisco +CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...) + NOT-FOR-US: WebCortex WebStores +CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) + NOT-FOR-US: WebCortex WebStores +CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...) + NOT-FOR-US: OWLS 1.0 +CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) + NOT-FOR-US: OWLS 1.0 +CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) + NOT-FOR-US: Online Store Kit +CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...) + NOT-FOR-US: Online Store Kit +CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) + NOT-FOR-US: smallftpd; +CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...) + NOT-FOR-US: CesarFTP; Win32 +CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) + NOT-FOR-US: Broker FTP 6.1.0.0; Win32 +CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) + NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32 +CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...) + NOT-FOR-US: yabb; +CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...) + NOT-FOR-US: ShopCartCGI 2.3; +CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...) + NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32 +CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...) + NOT-FOR-US: YaBB; +CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...) + NOT-FOR-US: Purge Jihad; +CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) + NOT-FOR-US: SignatureDB; +CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) + - mnogosearch 3.2.18 + NOTE: it's not quite clear which version exactly fixes the problem; + NOTE: I checked the source code of the most recent version and compared + NOTE: it with the problematic section described in the advisory + NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2) + NOTE: and I can confirm the buffer overflow is fixed there +CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...) + NOT-FOR-US: Xlight FTP server 1.52; +CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) + NOT-FOR-US: RobotFTP; +CVE-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...) + NOT-FOR-US: PHP scripts +CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) + NOT-FOR-US: MSIE bugs +CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...) + NOT-FOR-US: mailmgr; +CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Crob FTP; +CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...) + NOT-FOR-US: Caucho Technology Resin; +CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...) + NOT-FOR-US: Caucho Technology Resin; +CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) + NOT-FOR-US: AIMSniff; +CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...) + NOT-FOR-US: Ratbag game engine; +CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) + NOT-FOR-US: Dream FTP; +CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...) + NOT-FOR-US: BosDates; +CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) + NOT-FOR-US: MaxWebPortal; +CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...) + NOT-FOR-US: MaxWebPortal; +CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) + NOT-FOR-US: PHP-Nuke; +CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...) + NOT-FOR-US: EvolutionX; +CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...) + NOT-FOR-US: eTrust InoculateIT; +CVE-2004-0266 (SQL injection vulnerability in the "public message" capability ...) + NOT-FOR-US: PHP-Nuke; +CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...) + NOT-FOR-US: PHP-Nuke; +CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...) + NOT-FOR-US: PalmOS +CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...) + NOT-FOR-US: The Palace; +CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) + NOT-FOR-US: CactuShop; +CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...) + NOT-FOR-US: formmail.php; +CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...) + NOT-FOR-US: RealPlayer +CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...) + NOT-FOR-US: Xlight; +CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) + NOT-FOR-US: Discuz; +CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...) + NOT-FOR-US: IBM Cloudscape +CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...) + NOT-FOR-US: TYPSoft FTP Server +CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) + NOT-FOR-US: rxgoogle.cgi +CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...) + NOT-FOR-US: PhotoPost PHP Pro +CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...) + NOT-FOR-US: PHPX +CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...) + NOT-FOR-US: PHPX +CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...) + NOT-FOR-US: Chaser +CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) + NOT-FOR-US: Les Commentaires +CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) + NOT-FOR-US: Web Crossing +CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) + NOT-FOR-US: Cisco Systems +CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) + NOT-FOR-US: AIX +CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) + NOT-FOR-US: X-Cart 3.4.3 +CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) + NOT-FOR-US: X-Cart 3.4.3 +CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...) + NOT-FOR-US: X-Cart 3.4.3 +CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) + NOT-FOR-US: PhotoPost PHP Pro +CVE-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...) + - overkill 0.16-7 +CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) + NOT-FOR-US: Aprox PHP Portal +CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) + NOT-FOR-US: thePHOTOtool +CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) + {DSA-515} +CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...) + {DSA-515} +CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...) + NOT-FOR-US: utempter +CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) + {DSA-497} +CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) + {DSA-497} +CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...) + NOT-FOR-US: famous TCP RST bug +CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) + NOT-FOR-US: Kernel 2.6 framebuffer bug +CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) + NOTE: fixed in linux 2.4.27-pre3 +CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...) + NOT-FOR-US: ZoneMinder +CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) + {DSA-497} +CVE-2004-0225 + RESERVED +CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...) + - courier 0.45.1-1 +CVE-2004-0223 + RESERVED +CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...) + NOT-FOR-US: isakmpd in OpenBSD +CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: isakmpd in OpenBSD +CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: isakmpd in OpenBSD +CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: isakmpd in OpenBSD +CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: isakmpd in OpenBSD +CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...) + NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat +CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...) + NOT-FOR-US: MSIE bug +CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...) + NOT-FOR-US: MS-Outlook-Express +CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) + NOT-FOR-US: MSIE bug +CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...) + NOT-FOR-US: Windows bug +CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) + NOT-FOR-US: Windows bug +CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...) + NOT-FOR-US: Windows bug +CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...) + NOT-FOR-US: Windows bug +CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...) + NOT-FOR-US: Windows bug +CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...) + NOT-FOR-US: Windows bug +CVE-2004-0207 ("Shatter" style vulnerability in the Window Management application ...) + NOT-FOR-US: Windows bug +CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) + NOT-FOR-US: Windows bug +CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...) + NOT-FOR-US: Windows bug +CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...) + NOT-FOR-US: Visual Studio bug +CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...) + NOT-FOR-US: Exchange bug +CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...) + NOT-FOR-US: DirectX +CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...) + NOT-FOR-US: Windows HTML Help +CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...) + NOT-FOR-US: famous Windows GDI+ JPEG parsing bug +CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...) + NOT-FOR-US: Windows bug +CVE-2004-0198 + RESERVED +CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...) + NOT-FOR-US: MSJet bug +CVE-2004-0196 + RESERVED +CVE-2004-0195 + RESERVED +CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) + NOT-FOR-US: Symantec Gateway Security +CVE-2004-0187 + REJECTED +CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) + {DSA-478} + - tcpdump 3.7.2-4 +CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) + {DSA-478} + - tcpdump 3.7.2-4 +CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...) + NOT-FOR-US: mailman; RedHat specific bug +CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...) + NOTE: fixed in 2.4.26-pre5 +CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) + {DSA-486} +CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) + {DSA-487} +CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-pre3 +CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-pre4 +CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...) + {DSA-511} + - ethereal 0.10.3-1 (bug #239576) +CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) + NOTE: openssh bug #270770 + NOTE: this bug is old and known; see the bug discussion for further information. + NOTE: apparently the security team thinks this is a minor issue; nevertheless, + NOTE: the bug is still open, so they should close it if it really is neglectible. + NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH +CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...) + - apache 1.3.29.0.2-5 +CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) + NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root +CVE-2004-0170 + RESERVED +CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...) + NOT-FOR-US: CoreFoundation for Mac OS X +CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...) + NOT-FOR-US: Safari +CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...) + - ipsec-tools 0.3.3-1 + NOTE: not mentioned in the changelog, so I don't know which version exactly fixes + NOTE: the problem, but the patch that fixes the bug is applied: + NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 +CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) + NOT-FOR-US: Sygate Secure Enterprise +CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) + NOT-FOR-US: general MIME bug with security gateways +CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) + NOT-FOR-US: general MIME bug with security gateways +CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) + {DSA-445} +CVE-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...) + {DSA-484} +CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...) + {DSA-485} +CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) + - racoon 0.2.5-2 +CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) + - nfs-utils 1:1.0.5-3 +CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...) + {DSA-468} +CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) + {DSA-468} +CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) + {DSA-462} +CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...) + {DSA-451} +CVE-2004-0147 + RESERVED +CVE-2004-0146 + RESERVED +CVE-2004-0145 + RESERVED +CVE-2004-0144 + RESERVED +CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) + NOT-FOR-US: Nokia mobile phones +CVE-2004-0142 + RESERVED +CVE-2004-0141 + RESERVED +CVE-2004-0140 + RESERVED +CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) + NOT-FOR-US: SGI IRIX +CVE-2004-0138 + RESERVED +CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) + NOT-FOR-US: IRIX init +CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) + NOT-FOR-US: IRIX +CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...) + NOT-FOR-US: IRIX +CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...) + NOT-FOR-US: IRIX +CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) + NOTE: fixed in 2.4.26-pre2 +CVE-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...) + NOT-FOR-US: ezContents +CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) + NOT-FOR-US: phpGedView +CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...) + NOT-FOR-US: phpGedView +CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...) + NOT-FOR-US: FreeBSD jail +CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...) + NOT-FOR-US: Windows bug +CVE-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...) + NOT-FOR-US: Windows bug +CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...) + NOT-FOR-US: Windows bug +CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...) + NOT-FOR-US: Windows bug +CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...) + NOT-FOR-US: Windows bug +CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) + NOT-FOR-US: Windows bug +CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...) + NOT-FOR-US: Windows bug +CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...) + - openssl 0.9.7d-1 +CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) + {DSA-455} +CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-rc4 +CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...) + - sysstat 5.0.2-1 +CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) + {DSA-443} +CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...) + {DSA-449} +CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...) + {DSA-449} +CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) + {DSA-432} +CVE-2004-0102 + RESERVED +CVE-2004-0101 + RESERVED +CVE-2004-0100 + RESERVED +CVE-2004-0098 + RESERVED +CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) + {DSA-448} +CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...) + NOT-FOR-US: Safari +CVE-2004-0091 (** DISPUTED ** ...) + NOT-FOR-US: vBulletin +CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...) + NOT-FOR-US: MacOS +CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) + NOT-FOR-US: MacOS +CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) + NOT-FOR-US: MacOS +CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...) + NOT-FOR-US: MacOS +CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) + NOT-FOR-US: MacOS +CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...) + {DSA-443} +CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...) + {DSA-443} +CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...) + {DSA-465} +CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...) + {DSA-465} + - openssl096 0.9.6m-1 +CVE-2004-0076 + REJECTED +CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) + NOTE: turned out not to be vulnerable. See bug #278777 +CVE-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...) + NOT-FOR-US: EasyDynamicPages +CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) + NOT-FOR-US: Accipiter Direct Server 6.0 +CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...) + NOT-FOR-US: PHP Man Page Lookup 1.2.0 +CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...) + NOT-FOR-US: HD Soft Windows FTP Server 1.6 +CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...) + NOT-FOR-US: phpGedView +CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) + NOT-FOR-US: phpGedView +CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) + NOT-FOR-US: phpGedView +CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...) + NOT-FOR-US: SuSE YaST +CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...) + NOT-FOR-US: FishCart +CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) + NOT-FOR-US: WWW File Share Pro 2.42 +CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: WWW File Share Pro 2.42 +CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...) + NOT-FOR-US: WWW File Share Pro 2.42 +CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...) + NOT-FOR-US: Antivir +CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) + {DSA-425} +CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...) + NOT-FOR-US: Nortel Networks products +CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) + {DSA-425} +CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) + NOT-FOR-US: Cisco IOS +CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) + NOT-FOR-US: Multiple security gateways MIME parsing stuff +CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) + NOT-FOR-US: Multiple security gateways MIME parsing stuff +CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) + NOT-FOR-US: Multiple security gateways MIME parsing stuff +CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...) + NOT-FOR-US: Verity Ultraseek +CVE-2004-0048 + RESERVED +CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) + {DSA-430} +CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) + NOT-FOR-US: SnapStream PVS LITE +CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...) + NOT-FOR-US: Yahoo Instant Messenger +CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...) + - vsftpd 2.0.1-1 + NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't + NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html +CVE-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...) + {DSA-421} +CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...) + NOT-FOR-US: Check Point Firewall +CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) + NOT-FOR-US: McAfee +CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...) + NOT-FOR-US: FistClass Desktop Client +CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) + NOT-FOR-US: Phorum +CVE-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...) + NOT-FOR-US: PHPGEDVIEW +CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) + NOT-FOR-US: Lotus Notes Domino +CVE-2004-0027 + RESERVED +CVE-2004-0026 + RESERVED +CVE-2004-0025 + RESERVED +CVE-2004-0024 + RESERVED +CVE-2004-0023 + RESERVED +CVE-2004-0022 + RESERVED +CVE-2004-0021 + RESERVED +CVE-2004-0020 + RESERVED +CVE-2004-0019 + RESERVED +CVE-2004-0018 + RESERVED +CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...) + {DSA-419} +CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) + {DSA-412} +CVE-2004-0012 + RESERVED +CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.25-pre7 +CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...) + {DSA-434} + - gaim 1:0.75-2 +CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) + {DSA-434} + - gaim 1:0.75-2 +CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) + {DSA-434} + - gaim 1:0.75-2 +CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) + {DSA-434} +CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-rc4 +CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...) + NOT-FOR-US: FreeBSD netinet +CVE-2004-0356 + NOTE: not-for-us (windows mta) +CVE-2004-0347 + NOTE: not-for-us (juniper router) +CVE-2004-0336 + NOTE: not-for-us (windows mta) +CVE-2004-0320 + NOTE: not-for-us (ncipher hardware) +CVE-2004-0309 + NOTE: not-for-us (windows firewall) +CVE-2004-0307 + NOTE: not-for-us (cisco) +CVE-2004-0306 + NOTE: not-for-us (cisco) +CVE-2004-0297 + NOTE: not-for-us (windows mta) +CVE-2004-0276 + NOTE: not-for-us (monkeyd, not in debian) +CVE-2004-0274 + - eggdrop 1.6.17 +CVE-2004-0273 + NOTE: not-for-us (realone player) +CVE-2004-0270 + - libclamav1 0.80 +CVE-2004-0263 + - libapache-mod-php4 4.3.9 +CVE-2004-0261 + NOTE: not-for-us (openjournal, not in debian) +CVE-2004-0257 + NOTE: not-for-us (open/netbsd) +CVE-2004-0256 + - libtool 1.5.6 +CVE-2004-0194 + NOTE: not-for-us (acroread) +CVE-2004-0193 + NOTE: not-for-us (realsecure/blackice) +CVE-2004-0191 + - mozilla-browser 2:1.7.3 + TODO: test +CVE-2004-0190 + NOTE: not-for-us (symantec) +CVE-2004-0189 + {DSA-474} +CVE-2004-0188 [calife: buffer overflow with long passwords] + {DSA-461} + - calife 2.8.6-1 (bug #235157) +CVE-2004-0186 + {DSA-463} +CVE-2004-0185 + {DSA-457} + - wu-ftpd 2.6.2-17.2 +CVE-2004-0173 + NOTE: not-for-us (apache/cygwin) +CVE-2004-0171 + NOTE: not-for-us (freebsd/os x) +CVE-2004-0169 + NOTE: not-for-us (os x) +CVE-2004-0167 + NOTE: not-for-us (os x) +CVE-2004-0165 + NOTE: not-for-us (os x) +CVE-2004-0160 + {DSA-446} +CVE-2004-0159 + {DSA-447} +CVE-2004-0150 + {DSA-458-2 DSA-458} +CVE-2004-0148 + {DSA-457} + - wu-ftpd 2.6.2-17.2 +CVE-2004-0131 + NOTE: not-for-us (gnu radiusd, not in debian) +CVE-2004-0129 + - phpmyadmin 2:2.6.0-pl2 +CVE-2004-0128 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0126 + NOTE: not-for-us (freebsd) +CVE-2004-0122 + NOTE: not-for-us (microsoft) +CVE-2004-0121 + NOTE: not-for-us (microsoft) +CVE-2004-0115 + NOTE: not-for-us (microsoft) +CVE-2004-0114 + NOTE: not-for-us (bsd) +CVE-2004-0113 + - apache2 2.0.52 +CVE-2004-0111 + {DSA-464} +CVE-2004-0108 + {DSA-460} +CVE-2004-0099 + NOTE: not-for-us (freebsd) +CVE-2004-0096 + - libapache-mod-python 2:2.7.10 +CVE-2004-0095 + NOTE: not-for-us (mcafee) +CVE-2004-0094 + {DSA-443} +CVE-2004-0093 + {DSA-443} +CVE-2004-0089 + NOTE: not-for-us (os x) +CVE-2004-0082 + - samba 3.0.7 + TODO: test +CVE-2004-0080 + NOTE: not-for-us (debian uses different login) +CVE-2004-0078 + - mutt 1.5.6-20040722+1 + TODO: test +CVE-2004-0077 + {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438} +CVE-2004-0075 + - kernel-source-2.4.24 2.4.24-3 + NOTE: fixed in 2.4.26-pre3 + TODO: test +CVE-2004-0070 + NOTE: not-for-us (ezcontents, commercial) +CVE-2004-0068 + NOTE: not-for-us (phpdig, not in debian) +CVE-2004-0063 + NOTE: not-for-us (ncipher hsm) +CVE-2004-0049 + NOTE: not-for-us (real helix) +CVE-2004-0045 + - inn2 2.4.1+20040820 + TODO: test +CVE-2004-0044 + NOTE: not-for-us (cisco) +CVE-2004-0040 + NOTE: not-for-us (checkpoint) +CVE-2004-0036 + NOTE: not-for-us (vbulletin, commercial) +CVE-2004-0035 + NOTE: not-for-us (phorum, not in debian) +CVE-2004-0033 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0032 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0031 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0028 + {DSA-420} +CVE-2004-0016 + {DSA-419} +CVE-2004-0015 + {DSA-418} +CVE-2004-0013 + {DSA-414} +CVE-2004-0011 + {DSA-416} +CVE-2004-0009 + - apache-ssl 1.3.31 + TODO: test +CVE-2004-0004 + NOTE: not-for-us (openca, not in debian) +CVE-2004-0001 + - kernel-image-2.6.8-9-amd64-generic + TODO: what version? + TODO: test? diff --git a/data/CVE/2005.list b/data/CVE/2005.list new file mode 100644 index 0000000000..4ad13b2d1d --- /dev/null +++ b/data/CVE/2005.list @@ -0,0 +1,7600 @@ +CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) + TODO: check +CVE-2005-3253 + RESERVED +CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) + TODO: check +CVE-2005-XXXX [buffer overflow in snort's bo preprocessor] + - snort <not-affected> (Vulnerable code was introduced later) + NOTE: See bug #334606 +CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...) + - gallery 2.0.1-1 (medium) +CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...) + NOT-FOR-US: Solaris +CVE-2005-3249 + RESERVED +CVE-2005-3248 + RESERVED +CVE-2005-3247 + RESERVED +CVE-2005-3246 + RESERVED +CVE-2005-3245 + RESERVED +CVE-2005-3244 + RESERVED +CVE-2005-3243 + RESERVED +CVE-2005-3242 + RESERVED +CVE-2005-3241 + RESERVED +CVE-2005-3240 + RESERVED +CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...) + NOT-FOR-US: Solaris +CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...) + - linux-2.6 <unfixed> (bug #334113; medium) + - kernel-source-2.4.27 <unfixed> (medium) +CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...) + NOT-FOR-US: Cyphor +CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...) + NOT-FOR-US: Cyphor +CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...) + NOT-FOR-US: Proland Protector Plus +CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...) + NOT-FOR-US: Grisoft AVG Antivirus +CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...) + NOT-FOR-US: Trustix Antivirus +CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...) + NOT-FOR-US: TheHacker +CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...) + NOT-FOR-US: CAT Quick Heal +CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...) + NOT-FOR-US: Panda Antivirus +CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...) + - clamav <unfixed> + NOTE: This was already forwarded to sgran; zobel any news yet? +CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...) + NOT-FOR-US: Ikarus Antivirus +CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...) + NOT-FOR-US: UNA Antivirus +CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...) + NOT-FOR-US: ArcaVir +CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...) + NOT-FOR-US: eTrust Antivirus +CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...) + NOT-FOR-US: AntiVir +CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...) + NOT-FOR-US: Rising Antivirus +CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...) + NOT-FOR-US: VBA32 Antivirus +CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...) + NOT-FOR-US: Fortinet Antivirus +CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...) + NOT-FOR-US: Norman Antivirus +CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...) + NOT-FOR-US: Avira Antivirus +CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...) + NOT-FOR-US: Dr. Web Antivirus +CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...) + NOT-FOR-US: Symantec Antivirus +CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...) + NOT-FOR-US: Sophos Antivirus +CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...) + NOT-FOR-US: McAfee Antivirus +CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...) + NOT-FOR-US: Avast Antovirus +CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...) + NOT-FOR-US: F-Prot Antivirus +CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...) + NOT-FOR-US: NOD32 Antivirus +CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...) + NOT-FOR-US: BitDefender Antivirus +CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...) + NOT-FOR-US: Kaspersky Antivirus +CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...) + NOT-FOR-US: aeNovo apps +CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...) + NOT-FOR-US: aeNovo apps +CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...) + NOT-FOR-US: Oracle +CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...) + NOT-FOR-US: Oracle +CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...) + NOT-FOR-US: Oracle +CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...) + NOT-FOR-US: Oracle +CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...) + NOT-FOR-US: Oracle +CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...) + NOT-FOR-US: Oracle +CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro 1.1.3 when ...) + NOT-FOR-US: Utopia News Pro +CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...) + NOT-FOR-US: Utopia News Pro +CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...) + NOT-FOR-US: aspReady +CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...) + NOT-FOR-US: Webroot Desktop Firewall +CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...) + NOT-FOR-US: Webroot Desktop Firewall +CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...) + NOT-FOR-US: Planet Technology switch +CVE-2005-3195 + REJECTED +CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...) + NOT-FOR-US: ALZip +CVE-2005-3193 + RESERVED +CVE-2005-3192 + RESERVED +CVE-2005-3191 + RESERVED +CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...) + NOT-FOR-US: iGateway +CVE-2005-3189 + RESERVED +CVE-2005-3188 + RESERVED +CVE-2005-3187 + RESERVED +CVE-2005-3186 + RESERVED +CVE-2005-3184 + RESERVED +CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...) + - w3c-libwww <unfixed> (bug #334443; low) +CVE-2005-3182 + RESERVED +CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config] + - flexbackup <unfixed> (bug #334350; low) +CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade] + - xscreensaver <unfixed> (bug #334193; low) +CVE-2005-XXXX [centericq remote dos by special nmap scan] + - centericq <unfixed> (bug #334089; low) +CVE-2005-XXXX [Unspecified vulnerability in enigmail] + - enigmail 2:0.93-1 (unknown) +CVE-2005-XXXX [Unspecified vulnerability in zope's docutils] + - zope2.8 2.8.1-7 +CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) + - wget 1.10.2-1 (medium) + - curl 7.15.0-1 (bug #333734; medium) +CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...) + - clamav <unfixed> (bug #333566) +CVE-2005-XXXX [Local file inclusion in phpmyadmin] + - phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high) +CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...) + - linux-2.6 2.6.12-11 + NOTE: Might as well be 2.6.13-2, depending on the next upload + - kernel-source-2.4.27 2.4.27-12 + NOTE: CVE not yet requested +CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions] + - php5 5.0.5-2 + - php4 4:4.4.0-3 +CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...) + - linux-2.6 2.6.12-11 + NOTE: Might as well be 2.6.13-2, depending on the next upload + - kernel-source-2.4.27 2.4.27-12 + NOTE: CVE requested +CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...) + - linux-2.6 2.6.13-2 + - kernel-source-2.4.27 <not-affected> + NOTE: 2.6.12 itself not affected, fixed in SVN +CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...) + - linux-2.6 2.6.12-11 + NOTE: Might as well be 2.6.13-2, depending on the next upload + - kernel-source-2.4.27 <not-affected> + NOTE: CVE requested +CVE-2005-XXXX [DoS vulnerability in msg id parsing of spampd] + - spampd <unfixed> (bug #332259; low) +CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...) + {DSA-859-1 DSA-858-1} + - xloadimage 4.1-15 (bug #332524; medium) + - xli 1.17.0-20 (medium) + NOTE: xli couldn't load the provided test images when I checked? +CVE-2005-XXXX [Arbitrary command execution in import script for bvh files in Blender] + - blender <unfixed> (bug #330895; medium) +CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...) + NOT-FOR-US: Microsoft +CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...) + NOT-FOR-US: Microsoft +CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...) + NOT-FOR-US: Microsoft +CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...) + NOT-FOR-US: Microsoft +CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...) + NOT-FOR-US: Microsoft +CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...) + NOT-FOR-US: Microsoft +CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...) + NOT-FOR-US: Microsoft +CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...) + NOT-FOR-US: Microsoft +CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...) + NOT-FOR-US: Microsoft +CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...) + NOT-FOR-US: Microsoft +CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...) + - mediawiki 1.4.11-1 (bug #332408; medium) +CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...) + - mediawiki 1.4.11-1 (bug #332408; unknown) +CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...) + - mediawiki 1.4.9 +CVE-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...) + NOT-FOR-US: Hitachi Cosminexus Application Server +CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) + - polipo <unfixed> (bug #332411; medium) +CVE-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...) + NOT-FOR-US: EasyGuppy +CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...) + NOT-FOR-US: MailEnable Enterprise +CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...) + NOT-FOR-US: Bitdefender Antivirus +CVE-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...) + NOT-FOR-US: MyBloggie +CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...) + NOT-FOR-US: CubeCart +CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...) + - blender <unfixed> (bug #332413; low) +CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) + {DSA-855-1} + - weex 2.6.1-6sarge1 (bug #332424; medium) +CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...) + - uim <unfixed> (bug #331620; medium) +CVE-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...) + - storebackup 1.19-1 (bug #332434) + NOTE: Bug filed for stable, fixed in testing/sid +CVE-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...) + - storebackup 1.19-1 (bug #332434; medium) + NOTE: Bug filed for stable, fixed in testing/sid +CVE-2005-3146 (StoreBackup before 1.19 in SUSE Linux allows local users to perform ...) + - storebackup 1.19-1 (bug #332434; medium) + NOTE: Bug filed for stable, fixed in testing/sid +CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) + NOT-FOR-US: Standard Based Linux Instrumentation +CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) + NOT-FOR-US: Standard Based Linux Instrumentation +CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...) + NOT-FOR-US: Mailbox Server for 4D WebStar +CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...) + NOT-FOR-US: Kaspersky Antivirus +CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...) + NOT-FOR-US: Trillian +CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...) + NOT-FOR-US: Procom NetFORCE +CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...) + {DSA-836-1 DSA-835-1} + - cfengine <unfixed> (bug #332433) + - cfengine2 <unfixed> (bug #332432) +CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...) + NOT-FOR-US: Virtools Web Player +CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...) + NOT-FOR-US: Virtools Web Player +CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...) + NOT-FOR-US: Citrix +CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...) + NOT-FOR-US: MERAK Mail Server +CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...) + NOT-FOR-US: MERAK Mail Server +CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...) + NOT-FOR-US: MERAK Mail Server +CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...) + NOT-FOR-US: lucidCMS +CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...) + - serendipity <itp> (bug #312413) +CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...) + NOT-FOR-US: Address Add Plugin for Squirrelmail +CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...) + NOT-FOR-US: lucidCMS +CVE-2005-3126 + RESERVED +CVE-2005-3125 + RESERVED +CVE-2005-3124 + RESERVED +CVE-2005-3123 + RESERVED +CVE-2005-3122 + RESERVED +CVE-2005-3121 + RESERVED +CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...) + - lynx <unfixed> (bug #334423; high) + - lynx-cur 2.8.6-16 (bug #334423; high) +CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...) + {DSA-845-1} + - mason 1.0.0-3 +CVE-2005-3117 + REJECTED +CVE-2005-3116 + RESERVED +CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) + TODO: check, whether ucbmpeg-play from non-free is somehow related/affected +CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...) + NOT-FOR-US: NateOn Messenger +CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...) + NOT-FOR-US: NateOn Messenger +CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...) + NOT-FOR-US: Macromedia Breeze +CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...) + - linux-2.6 2.6.12-1 + - kernel-source-2.6.8 2.6.8-16sarge1 + NOTE: 2.4.27 not applicable +CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to ...) + - linux-2.6 2.6.12-1 + - kernel-source-2.6.8 2.6.8-16sarge1 + - kernel-source-2.4.27 <unfixed> +CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...) + - linux-2.6 2.6.12-1 + - kernel-source-2.6.8 2.6.8-16sarge1 +CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...) + - linux-2.6 <unfixed> + - kernel-source-2.6.8 2.6.8-16sarge1 +CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...) + - kernel-source-2.6.8 2.6.8-16sarge1 +CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...) + - kernel-source-2.6.8 2.6.8-16sarge1 + - kernel-source-2.4.27 <unfixed> (bug #332569; medium) +CVE-2005-XXXX [horde3 maintainer scripts don't set sufficiently strict permissions on config files] + - horde3 3.0.5-2 (bug #332289) +CVE-2005-XXXX [horde3 permits arbitrary command execution before being finally configured] + - horde3 3.0.5-2 (bug #332290) +CVE-2005-XXXX [Minor local DoS as libldap] + - openldap <unfixed> (bug #253838; low) + TODO: Check, whether openldap2.2 is affected as well +CVE-2005-XXXX [Insecure bounds checking in mpack's content parser] + - mpack 1.6-1 (bug #216566) +CVE-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod] + - coreutils <unfixed> (bug #306076; low) +CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure] + - gossip <unfixed> (bug #305419; low) + NOTE: This looks quite strange, should be followed up, whether it's really reproducible +CVE-2005-XXXX [tar's rmt command may have undesired side effects] + - tar <unfixed> (bug #290435; low) +CVE-2005-XXXX [Unspecified vulnerability in htdig's htsearch and qtest] + - htdig <unfixed> (bug #305996; unknown) +CVE-2005-XXXX [clamav's VERSION command does not return the currently loaded version] + NOTE: no exploit vector, just bad info + - clamav <unfixed> (bug #323803; unimportant) +CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4] + - kernel-source-2.4.27 <unfixed> (bug #310982) +CVE-2005-XXXX [apt-listchanges does not drop privs, spawned pagers may permit execution of further commands] + NOTE: #318736 is not a valid bug, closed +CVE-2005-XXXX [Unsafe string landling in ldapdiff] + - ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878) +CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties] + - apt <unfixed> (bug #329814; low) +CVE-2005-XXXX [Potential xlockmore bypass] + - xlockmore 1:5.13-2.1 (bug #309760) +CVE-2005-XXXX [hdup inproperly preserves permissions on directories] + - hdup <unfixed> (bug #302790) +CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option] + - findutils 4.2.22-1 (bug #313081) +CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) + - bugzilla 2.18.4-1 (bug #331206; medium) +CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...) + - bugzilla 2.18.4-1 (bug #331206; medium) +CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...) + {DSA-847-1} + - dia 0.94.0-15 (bug #330890; medium) +CVE-2005-XXXX [Serendipity account hijacking through CSRF] + - serendipity <itp> (bug #312413) + NOTE: Fixed in 0.8.5 +CVE-2005-XXXX [Insecure temp files in linux-wlan-ng] + - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low) +CVE-2005-XXXX [hdup does not preserve directory permissions] + - hdup <unfixed> (bug #302790) +CVE-2005-XXXX [Heap overflow in libosip URI parsing] + - libosip2 2.0.9-1 (bug #308737) +CVE-2005-XXXX [rkhunter: Insecure temporary file] + - rkhunter 1.2.7-14 (bug #330627; medium) +CVE-2005-XXXX [fprobe-ng: Insecure default hash] + - fprobe-ng <unfixed> (bug #322699; low) +CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...) + NOT-FOR-US: Movable Type +CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...) + NOT-FOR-US: Movable Type +CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...) + NOT-FOR-US: Movable Type +CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...) + NOT-FOR-US: Movable Type +CVE-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux ...) + NOT-FOR-US: Astato Security Linux +CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...) + NOT-FOR-US: Solaris +CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...) + - qpopper <unfixed> (bug #330123; unimportant) + NOTE: Vulnerable code does not seem to be shipped in the binary package +CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...) + NOT-FOR-US: Avi Alkalay +CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...) + NOT-FOR-US: Avi Alkalay +CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...) + NOT-FOR-US: Avi Alkalay +CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...) + NOT-FOR-US: Avi Alkalay +CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...) + NOT-FOR-US: Nokia cell phones +CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...) + NOT-FOR-US: Image-Line Software FL Studio +CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...) + - mantis <unfixed> (bug #330682; unknown) +CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...) + - mantis <unfixed> (bug #330682; unknown) +CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...) + TODO: file a bug, it's not really clear, whether this has security implications +CVE-2005-3088 + RESERVED +CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...) + - backupninja 0.8-2 (medium) +CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation] + - microcode.ctl <unfixed> (bug #282583; low) + NOTE: The validity of the microcode is ensure inside the CPU +CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list] + - icebreaker 1.21-9.1 (bug #297644; low) +CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...) + NOT-FOR-US: SecureW2 TLS +CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...) + NOT-FOR-US: contentSrv +CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...) + NOT-FOR-US: Riverdark Studios RSS Syndicator +CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...) + NOT-FOR-US: Sony PSP +CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) + NOT-FOR-US: CMS Made Simple +CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...) + NOT-FOR-US: SEO-Board +CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...) + - wzdftpd 0.5.5-1 (high) +CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...) + NOT-FOR-US: GeSHi +CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...) + NOT-FOR-US: PunBB +CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...) + NOT-FOR-US: PunBB +CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...) + NOT-FOR-US: Microsoft +CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...) + NOT-FOR-US: Simplog +CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...) + NOT-FOR-US: Zengaia +CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...) + NOT-FOR-US: RSyslog +CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...) + - interchange 5.2.1-1 (bug #329705; unknown) +CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...) + - interchange 5.2.1-1 (bug #329705; medium) +CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...) + NOT-FOR-US: Solaris +CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...) + - hylafax 1:4.2.2+rc1 (bug #329384; low) +CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...) + {DSA-865-1} + - hylafax 1:4.2.2+rc1 (bug #329384; low) +CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...) + - eric 3.7.2-1 (bug #330608; unknown) +CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...) + NOT-FOR-US: PerlDiver +CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) + NOT-FOR-US: PerlDiver +CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...) + NOT-FOR-US: MultiTheftAuto +CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) + NOT-FOR-US: MultiTheftAuto +CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...) + NOT-FOR-US: MailGust +CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) + NOT-FOR-US: AlstraSoft E-Friends +CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...) + NOT-FOR-US: PowerArchiver +CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth] + - distcc 2.18.3-3 (bug #298929; low) + NOTE: Only affects distcc in a very non-standard setup +CVE-2005-XXXX [Possibly incorrect virtualisation in php4] + - php4 <unfixed> (bug #317577; bug #330419; unknown) + NOTE: Maintainer can't reproduce +CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...) + NOT-FOR-US: AIX +CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...) + NOT-FOR-US: Opera +CVE-2005-3058 + RESERVED +CVE-2005-3057 + RESERVED +CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ] + RESERVED + - twiki 20040902-2 (bug #330733; high) +CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...) + - linux-2.6 <unfixed> (bug #330287; bug #332587; medium) + - kernel-source-2.6.8 <unfixed> (bug #332596) +CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...) + - php4 4:4.4.0-3 (bug #353585; medium) + - php5 5.0.5-2 (bug #353585; medium) +CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...) + - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium) + - kernel-source-2.6.8 2.6.8-16sarge2 (medium) +CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...) + NOT-FOR-US: jportal +CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...) + NOT-FOR-US: 7-Zip +CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: PhpMyFaq +CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...) + NOT-FOR-US: PhpMyFaq +CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...) + NOT-FOR-US: PhpMyFaq +CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...) + NOT-FOR-US: PhpMyFaq +CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...) + NOT-FOR-US: PhpMyFaq +CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...) + NOT-FOR-US: My Little Forum +CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] + - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) +CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] + - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) +CVE-2005-XXXX [Insecure pidfile handling in mailleds] + - mailleds 0.93-11.1 (bug #329365; low) +CVE-2005-XXXX [kdebase uses urandom as an entropy source] + - kdebase <unfixed> (bug #325369; unimportant) + NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels + NOTE: on Linux urandom should provide sufficient entropy +CVE-2005-XXXX [imview: Possible buffer overflow with FITS images] + - imview <unfixed> (bug #326971; unknown) + TODO: Needs further evaluation +CVE-2005-XXXX [ Chroot escape in vserver kernel patch] + - kernel-patch-vserver <unfixed> (bug #329087; medium) +CVE-2005-XXXX [Local kernel DoS through incorrect boundary checks in cipher processors] + - linux-2.6 2.6.12-7 (low) +CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) + NOT-FOR-US: Mall23 eCommerce +CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...) + - webmin 1.230-1 (high; bug #329741) + - usermin 1.160-1 (high; bug #329742) + NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821 +CVE-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) + NOT-FOR-US: Opera +CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) + NOT-FOR-US: TAC Vista +CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) + NOT-FOR-US: Mall23 eCommerce +CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) + NOT-FOR-US: Hosting Controller +CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) + NOT-FOR-US: Handy Address Book Server +CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...) + NOT-FOR-US: File Transfer Anywhere +CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) + NOT-FOR-US: Compuware DriverStudio +CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) + NOT-FOR-US: Compuware DriverStudio +CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) + NOT-FOR-US: vxWeb - WinCE software +CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) + NOT-FOR-US: vxTfpSrv - WinCE software +CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...) + NOT-FOR-US: vxTfpSrv - WinCE software +CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) + NOT-FOR-US: Ahnlab Anti virus +CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...) + NOT-FOR-US: Ahnlab Anti virus +CVE-2005-3028 + REJECTED +CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...) + NOT-FOR-US: Sybari Antigen anti spam solution +CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) + NOT-FOR-US: Epay Pro +CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...) + NOT-FOR-US: vBulletin +CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...) + NOT-FOR-US: vBulletin +CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...) + NOT-FOR-US: vBulletin +CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...) + NOT-FOR-US: vBulletin +CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...) + NOT-FOR-US: vBulletin +CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) + NOT-FOR-US: vBulletin +CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...) + NOT-FOR-US: vBulletin +CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Safari +CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...) + NOT-FOR-US: Content2Web +CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...) + NOT-FOR-US: Lotus Domino +CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...) + NOT-FOR-US: Ensim webppliance +CVE-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...) + NOT-FOR-US: YaST +CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) + NOT-FOR-US: SimpleCDR-X +CVE-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to overwrite ...) + - texinfo 4.8-1 (bug #328365; low) +CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...) + NOT-FOR-US: CuteNews +CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...) + NOT-FOR-US: CuteNews +CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) + NOT-FOR-US: Tofu + TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix +CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) + NOT-FOR-US: Opera +CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) + NOT-FOR-US: Opera +CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...) + NOT-FOR-US: Helpdesk Software Hesk +CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...) + NOT-FOR-US: Interakt MX Shop +CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...) + NOT-FOR-US: NooTopList +CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...) + NOT-FOR-US: Multi-Computer Control System +CVE-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...) + NOT-FOR-US: Solaris +CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) + NOT-FOR-US: PHP Advanced Transfer Manager +CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...) + NOT-FOR-US: PHP Advanced Transfer Manager +CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...) + NOT-FOR-US: PHP Advanced Transfer Manager +CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) + NOT-FOR-US: PHP Advanced Transfer Manager +CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...) + NOT-FOR-US: VERITAS storage solutions +CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...) + - bacula (bug #329271; low) +CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...) + NOT-FOR-US: IBM Rational ClearQuest +CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...) + NOT-FOR-US: HP Tru64 +CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) + - ncompress <unfixed> (bug #329052; unimportant) +CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) + {DSA-843-1} + - arc 5.21m-1 (low) +CVE-2005-XXXX [freeradius buffer overflows and SQL injection] + - freeradius 1.0.5-1 (medium) +CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...) + NOT-FOR-US: LineControl Java Client +CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...) + NOT-FOR-US: DeluxeBB +CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...) + NOT-FOR-US: HP printers +CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...) + NOT-FOR-US: Digital Scribe +CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...) + NOT-FOR-US: AhnLab antivirus and related products +CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...) + NOT-FOR-US: aeDating script +CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...) + NOT-FOR-US: Avocent hardware issue +CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...) + NOT-FOR-US: Oracle +CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...) + NOT-FOR-US: CompaqHTTPServer +CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...) + NOT-FOR-US: Orion +CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...) + NOT-FOR-US: phpoutsourcing Noah's classifieds +CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...) + NOT-FOR-US: phpoutsourcing Noah's classifieds +CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...) + - netpbm-free 2:10.0-10 +CVE-2005-2977 + RESERVED +CVE-2005-2976 + RESERVED +CVE-2005-2975 + RESERVED +CVE-2005-2974 + RESERVED +CVE-2005-2973 + RESERVED +CVE-2005-2972 [Further RTF buffer overflows in abiword] + RESERVED + - abiword 2.4.1-1 (bug #333740; medium) +CVE-2005-2971 [Heap overflow in kword's RTF import] + RESERVED + - koffice 1:1.3.5-5 (bug #333497; medium) +CVE-2005-2970 + RESERVED +CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) + - openssl 0.9.8-3 (bug #333500; low) + - openssl097 0.9.7g-5 (bug #333500; low) + - openssl094 <removed> + - openssl095 <removed> + - openssl096 <removed> +CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) + - mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script) + - mozilla <not-affected> (Debian ships a non-vulnerable wrapper script) + - mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high) +CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...) + {DSA-863-1} + - xine-lib <unfixed> (bug #332919; bug #333682; medium) +CVE-2005-2965 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...) + {DSA-857-1} + - graphviz 2.2.1-1sarge1 (low) +CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...) + - abiword 2.2.10-1 (bug #329839; medium) +CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...) + {DSA-844-1} + - mod-auth-shadow 1.4-2 (bug #323789; medium) +CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...) + {DSA-830-1} +CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...) + {DSA-834-1} + NOTE: prozilla is not in sarge or etch +CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...) + {DSA-836-1 DSA-835-1} + - cfengine <unfixed> +CVE-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps] + RESERVED + - sudo 1.6.8p9-3 (medium) +CVE-2005-2958 [Format string vulnerability in libgda2] + RESERVED + - libgda2 1.2.2-1 (medium) +CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...) + NOT-FOR-US: AVIRA Desktop +CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...) + NOT-FOR-US: ATutor +CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...) + NOT-FOR-US: ATutor +CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...) + NOT-FOR-US: ATutor +CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...) + NOT-FOR-US: MIVA Merchant +CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...) + NOT-FOR-US: Subscribe Me Pro +CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...) + NOT-FOR-US: AzDGDating lite +CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...) + NOT-FOR-US: Sawmill +CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...) + TODO: check +CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...) + NOT-FOR-US: KillProcess +CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...) + NOT-FOR-US: KillProcess +CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...) + - openssl (bug #314465; unimportant) + NOTE: MD5 is still good enough for most applications, second preimage attacks + NOTE: haven't been presented yet +CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...) + NOT-FOR-US: GNOME Workstation Command Center +CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...) + - xmail 1.22-1 (bug #333863; medium) +CVE-2005-2942 + REJECTED +CVE-2005-2941 + RESERVED +CVE-2005-2940 + RESERVED +CVE-2005-2939 + RESERVED +CVE-2005-2938 + RESERVED +CVE-2005-2937 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) + NOT-FOR-US: Kaspersky +CVE-2005-2936 + RESERVED +CVE-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...) + NOT-FOR-US: Microsoft AntiSpyware +CVE-2005-2934 + RESERVED +CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...) + {DSA-861-1} + - uw-imap 7:2002edebian1-12 (medium; bug #332215) +CVE-2005-2932 + RESERVED +CVE-2005-2931 + RESERVED +CVE-2005-2930 + RESERVED +CVE-2005-2929 + RESERVED +CVE-2005-2928 + RESERVED +CVE-2005-2927 + RESERVED +CVE-2005-2926 + RESERVED +CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...) + NOT-FOR-US: IRIX +CVE-2005-2924 + RESERVED +CVE-2005-2923 + RESERVED +CVE-2005-2922 + RESERVED +CVE-2005-2921 + RESERVED +CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...) + NOT-FOR-US: Linksys routers +CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) + NOT-FOR-US: Linksys routers +CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) + NOT-FOR-US: Linksys routers +CVE-2005-2913 + REJECTED +CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...) + NOT-FOR-US: Linksys routers +CVE-2005-2911 + RESERVED +CVE-2005-2910 + RESERVED +CVE-2005-2909 + RESERVED +CVE-2005-2908 + RESERVED +CVE-2005-2907 + RESERVED +CVE-2005-2906 + RESERVED +CVE-2005-2905 + RESERVED +CVE-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...) + NOT-FOR-US: Zebedee +CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...) + NOT-FOR-US: NOD32 Anti virus +CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...) + NOT-FOR-US: class-1 Forum +CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...) + NOT-FOR-US: CjWeb2Mail +CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...) + NOT-FOR-US: CjLinkOut +CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...) + NOT-FOR-US: CjTagBoard +CVE-2005-2898 (** DISPUTED ** ...) + NOT-FOR-US: Filezilla +CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: WEB//NEWS +CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...) + NOT-FOR-US: WEB//NEWS +CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...) + NOT-FOR-US: PBLang +CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...) + NOT-FOR-US: PBLang +CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...) + NOT-FOR-US: PBLang +CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...) + NOT-FOR-US: PBLang +CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...) + NOT-FOR-US: WebArchiveX +CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...) + NOT-FOR-US: SecureOL +CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...) + NOT-FOR-US: Check Point +CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) + NOT-FOR-US: MyBB +CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...) + NOT-FOR-US: MAXDev MD-Pro +CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) + NOT-FOR-US: MAXDev MD-Pro +CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...) + NOT-FOR-US: MAXDev MD-Pro +CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...) + NOT-FOR-US: Land Down Under +CVE-2005-2883 + REJECTED + NOT-FOR-US: Unclassified News Board +CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + NOT-FOR-US: phpCommunityCalendar +CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...) + NOT-FOR-US: phpCommunityCalendar +CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...) + NOT-FOR-US: phpCommunityCalendar +CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...) + NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect +CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...) + {DSA-843-1} + - arc 5.21m-1 (bug #329053; low) +CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...) + {DSA-828-1} + - squid 2.5.10-6 (unknown) +CVE-2005-XXXX [user password file created by gajim is world-redable] + - gajim 0.8.2-1 (bug #325080; low) +CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file] + - zope2.7 <unfixed> (bug #313644; low) + NOTE: first patch was incorrect +CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap] + - wine 0.0.20050830-1 (bug #327261; bug #327262; high) +CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...) + {DSA-824-1 DTSA-19-1} + - clamav 0.87-1 (bug #328660; medium) +CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...) + {DSA-824-1 DTSA-19-1} + - clamav 0.87-1 (bug #328660; medium) +CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...) + {DSA-822-1} + - gtkdiskfree 1.9.3-4sarge1 (bug #328566; low) +CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...) + - linux-2.6 2.6.12-7 (medium) + - kernel-source-2.6.8 2.6.8-16sarge2 (medium) + NOTE: code is vulnerable but there is no amd64 for 2.4 in Sarge +CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...) + NOTE: proactively fixed by the robustness patch + - twiki 20040902-2 +CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...) + {DSA-825-1 DSA-823-1} + - util-linux 2.12p-8 (bug #328141; bug #329063; medium) + - loop-aes-utils 2.12p-9 (bug #328626; medium) +CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...) + {DSA-856-1} + - py2play 0.1.8-1 (bug #326976; medium) + - slune 1.0.10-1 (bug #326976; medium) + NOTE: slune had to be adapted to internal py2play changes in order to avoid breakage +CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...) + - cupsys 1.1.23-1 (unknown) +CVE-2005-XXXX [snort vulnerable to DoS attack] + - snort 2.3.3-2 (bug #328134; low) +CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...) + {DSA-837-1} + - mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; medium) + - mozilla 2:1.7.12-1 (bug #327455; medium) + NOTE: epiphany-browser is apparently fixed fix the mozilla-browser + NOTE: upload; see bug #327366 +CVE-2005-XXXX [several buffer overflows in MS CHM library before version 0.36] + - chmlib 0.36-1 (bug #327431) +CVE-2005-2802 + REJECTED + NOTE: rejected, initially ipt_recent related +CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...) + {DSA-841-1 DTSA-20-1} + - mailutils 1:0.6.90-2.1etch1 (bug #327424; high) +CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...) + NOT-FOR-US: Solaris +CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) + - phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium) +CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...) + NOT-FOR-US: ZipTorrent +CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...) + NOT-FOR-US: BlueWhaleCRM +CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...) + NOT-FOR-US: Mercora IMRadio +CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...) + NOT-FOR-US: aMember Pro +CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...) + NOT-FOR-US: URBAN +CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...) + NOT-FOR-US: OpenWebmail +CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...) + NOT-FOR-US: ADSL hardware +CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...) + NOT-FOR-US: N-Stealth +CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...) + - nikto 1.35-1 (bug #327339; medium) +CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...) + NOT-FOR-US: Savant Web Server +CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...) + NOT-FOR-US: Rediff BOL) +CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...) + NOT-FOR-US: Free SMTP Server +CVE-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51 through 6.11 ...) + NOT-FOR-US: ALZip +CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...) + NOT-FOR-US: Unclassified Newsboard +CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...) + NOT-FOR-US: thesitewizard.com chfeedback.pl +CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...) + NOT-FOR-US: GuppY +CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...) + NOT-FOR-US: Novell Netware +CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...) + - smb4k 0.6.3-1 (medium) +CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: SlimFTPD +CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...) + NOT-FOR-US: Barracuda antispam solution +CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...) + NOT-FOR-US: Barracuda antispam solution +CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...) + NOT-FOR-US: Barracuda antispam solution +CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...) + NOT-FOR-US: CMS Made Simple +CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...) + NOT-FOR-US: Ariba Spend Management System +CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...) + NOT-FOR-US: Indiatimes Messenger +CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...) + NOT-FOR-US: Hesk +CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...) + NOT-FOR-US: DameWare Mini +CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...) + NOT-FOR-US: IOS +CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...) + NOT-FOR-US: MAXdev +CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) + NOT-FOR-US: MAXdev +CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...) + NOT-FOR-US: myBloggie +CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...) + NOT-FOR-US: WebGUI +CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...) + NOT-FOR-US: Phorum +CVE-2005-2835 + RESERVED +CVE-2005-2834 + RESERVED +CVE-2005-2833 + RESERVED +CVE-2005-2832 + RESERVED +CVE-2005-2831 + RESERVED +CVE-2005-2830 + RESERVED +CVE-2005-2829 + RESERVED +CVE-2005-2828 + RESERVED +CVE-2005-2827 + RESERVED +CVE-2005-2826 + RESERVED +CVE-2005-2825 + RESERVED +CVE-2005-2824 + RESERVED +CVE-2005-2823 + RESERVED +CVE-2005-2822 + RESERVED +CVE-2005-2821 + RESERVED +CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) + {DSA-820-1} + - courier 0.47-9 (bug #327181; medium) +CVE-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...) + NOT-FOR-US: DownFile +CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...) + NOT-FOR-US: DownFile +CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...) + NOT-FOR-US: Simple Machines Forum +CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...) + NOT-FOR-US: Greymatter +CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...) + NOT-FOR-US: FlatNuke +CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...) + NOT-FOR-US: FlatNuke +CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...) + NOT-FOR-US: FlatNuke +CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...) + NOT-FOR-US: man2web +CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...) + - net-snmp <not-affected> (Gentoo Portage specific configuration flaw) +CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...) + NOT-FOR-US: urban game +CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...) + NOT-FOR-US: silc daemon +CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...) + - frox 0.7.18-1 (medium) +CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...) + - frox <not-affected> (does not run setuid root in the Debian package) +CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...) + NOT-FOR-US: BNBT EasyTracker +CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...) + NOT-FOR-US: e107 +CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...) + NOT-FOR-US: GroupWise +CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...) + - hiki 0.8.3-1 +CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...) + - linux-2.6 2.6.12-6 (low) +CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...) + NOT-FOR-US: Linksys routers +CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) + - openssh 1:4.2p1-1 (bug #326065; medium) + - openssh-krb5 <unfixed> (bug #327233; medium) +CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) + - openssh 1:4.2p1-1 (bug #326065; medium) +CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...) + {DSA-809-1} + - squid 2.5.10-5 (medium) +CVE-2005-2795 + RESERVED +CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...) + {DSA-809-2 DSA-809-1} + - squid 2.5.10-5 (medium) +CVE-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...) + - phpldapadmin 0.9.6c-7 (bug #325785; medium) +CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...) + - phpldapadmin 0.9.6c-7 (bug #325785; medium) +CVE-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) + NOT-FOR-US: BFCC +CVE-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) + NOT-FOR-US: BFCC +CVE-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) + NOT-FOR-US: BFCC +CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...) + NOT-FOR-US: Land Down Under +CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...) + NOT-FOR-US: Simple PHP Blog +CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...) + NOT-FOR-US: cosmoshop +CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...) + NOT-FOR-US: cosmoshop +CVE-2005-2784 (SQL injection vulnerability in the login function for the ...) + NOT-FOR-US: cosmoshop +CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...) + NOT-FOR-US: AutoLinks Pro +CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) + TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected +CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) + NOT-FOR-US: Land Down Under +CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...) + NOT-FOR-US: iTAN +CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) + NOT-FOR-US: MyBB +CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Looking Glass +CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...) + NOT-FOR-US: Looking Glass +CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...) + NOT-FOR-US: Looking Glass +CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...) + NOT-FOR-US: Litium Quake mod +CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...) + NOT-FOR-US: HP OpenView +CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...) + {DSA-832-1} + - gopher 3.0.11 (bug #327722; high) +CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) + NOT-FOR-US: Reflection for Secure IT +CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) + NOT-FOR-US: Reflection for Secure IT +CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...) + - sqwebmail 0.47-9 (bug #327727; medium) +CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...) + NOT-FOR-US: Sophos AntiVirus +CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...) + NOT-FOR-US: LeapFTP +CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6] + - linux-2.6 2.6.12-6 (low) +CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...) + NOT-FOR-US: Symantec AntiVirus +CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...) + NOT-FOR-US: Microsoft Windows +CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...) + NOT-FOR-US: OpenTTD +CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...) + NOT-FOR-US: OpenTTD +CVE-2005-2762 + RESERVED +CVE-2005-2760 + RESERVED +CVE-2005-2759 + RESERVED +CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...) + NOT-FOR-US: Symantec Antivirus +CVE-2005-2757 + RESERVED +CVE-2005-2756 + RESERVED +CVE-2005-2755 + RESERVED +CVE-2005-2754 + RESERVED +CVE-2005-2753 + RESERVED +CVE-2005-2752 + RESERVED +CVE-2005-2751 + RESERVED +CVE-2005-2750 + RESERVED +CVE-2005-2749 + RESERVED +CVE-2005-2748 + RESERVED +CVE-2005-2747 + RESERVED +CVE-2005-2746 + RESERVED +CVE-2005-2745 + RESERVED +CVE-2005-2744 + RESERVED +CVE-2005-2743 + RESERVED +CVE-2005-2742 + RESERVED +CVE-2005-2741 + RESERVED +CVE-2005-2740 + RESERVED +CVE-2005-2739 + RESERVED +CVE-2005-2738 + RESERVED +CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...) + NOT-FOR-US: PhotoPost +CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...) + NOT-FOR-US: YaPig +CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...) + NOT-FOR-US: phpGraphy +CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...) + - gallery 1.5-2 (bug #325285; medium) + TODO: check gallery2 +CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...) + NOT-FOR-US: Simple PHP Blog +CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...) + NOTE: path disclosure, so not very important on debian systems + NOTE: unreproducible according to bug #327729 +CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...) + NOT-FOR-US: Astato specific +CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...) + NOT-FOR-US: Astato specific +CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...) + NOT-FOR-US: Astato specific +CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...) + {DSA-805-1} + NOTE: The CVE description is wrong, this has been merged for 2.0.55 + - apache2 2.0.54-5 (bug #326435; medium) +CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...) + NOT-FOR-US: Home Ftp Server +CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...) + NOT-FOR-US: Home Ftp Server +CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...) + NOT-FOR-US: QNX +CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...) + NOT-FOR-US: PaFileDB +CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Foojan PHP Weblog +CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) + NOT-FOR-US: Foojan PHP Weblog +CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...) + NOT-FOR-US: HAURI Antivirus +CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...) + NOT-FOR-US: Ventrilo +CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...) + NOT-FOR-US: MPlayer +CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...) + {DSA-799-1} + - webcalendar 0.9.45-7 (bug #326223; medium) +CVE-2005-2715 (Format string vulnerability in the Java user interface service ...) + NOT-FOR-US: VERITAS NetBackup Data and Business Center +CVE-2005-2714 + RESERVED +CVE-2005-2713 + RESERVED +CVE-2005-2712 + RESERVED +CVE-2005-2711 + RESERVED +CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...) + {DSA-826-1} + NOTE: see http://www.open-security.org/advisories/13 + - helix-player 1.0.6-1 (bug #330364; high) +CVE-2005-2709 + RESERVED +CVE-2005-2708 + RESERVED +CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; medium) + - mozilla 2:1.7.12-1 (medium) +CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; high) + - mozilla 2:1.7.12-1 (high) +CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; high) + - mozilla 2:1.7.12-1 (high) +CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; medium) + - mozilla 2:1.7.12-1 (medium) +CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; medium) + - mozilla (medium) +CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; high) + - mozilla 2:1.7.12-1 (high) +CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...) + {DSA-838-1} + - mozilla-firefox 1.0.7-1 (bug #329778; medium) + - mozilla 2:1.7.12-1 (bug #329778; medium) +CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...) + {DSA-807-1 DSA-805-1} + - libapache-mod-ssl 2.8.24-1 (medium) + - apache2 2.0.54-5 (bug #327210; medium) +CVE-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...) + NOT-FOR-US: PHPKit +CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...) + NOT-FOR-US: Nephp Publisher Enterprise +CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...) + NOT-FOR-US: MyBB +CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...) + NOT-FOR-US: Notes +CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...) + NOT-FOR-US: Cisco +CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...) + NOT-FOR-US: WinAce +CVE-2005-XXXX [osh buffer overflow in handlers.c] + NOTE: This is not the same as -13 + - osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium) +CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) + {DSA-793-1} + - courier 0.47-8 (medium; bug #325631) +CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...) + - kernel-source-2.4.27 2.4.27-11 (medium) + TODO: check what version of linux-2.6 fixed this. (See bug #328395) + NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html +CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) + - kernel-source-2.4.27 <unfixed> (bug #332228; low) + - kernel-source-2.6.8 <unfixed> (bug #332231; low) + - linux-2.6 <unfixed> (bug #332381; low) + NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite + NOTE: of ipt_recent the best solution, which seems to occur soon +CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...) + - kernel-source-2.4.27 2.4.27-11 (bug #322237; medium) + - kernel-source-2.4.27 2.4.27-10sarge1 (medium) + - kernel-source-2.6.8 2.6.8-16sarge2 (medium) +CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...) + {DSA-798-1} + - phpgroupware 0.9.16.008-1 (unknown) +CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...) + {DSA-796-1} + - affix 2.1.2-3 (bug #325444; medium) +CVE-2005-XXXX [Insecure tempfile usage in tleds] + - tleds 1.05beta10-9 (bug #276789; low) +CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...) + {DSA-806-1 DSA-802-1} + NOTE: cvs: not shipped in binary package + - cvs 1:1.12.9-15 (bug #325106; unimportant) + - gcvs 1.0final-8 (bug #324969; low) +CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...) + NOT-FOR-US: RunCMS +CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...) + NOT-FOR-US: RunCMS +CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...) + NOT-FOR-US: PostNuke +CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...) + NOT-FOR-US: PostNuke +CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...) + NOT-FOR-US: SaveWebPortal +CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...) + NOT-FOR-US: SaveWebPortal +CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...) + NOT-FOR-US: SaveWebPortal +CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...) + NOT-FOR-US: SaveWebPortal +CVE-2005-XXXX [Insecure temp files in firehol] + - firehol 1.231-4 (low) +CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...) + NOT-FOR-US: Virtual Edge Netquery +CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...) + NOT-FOR-US: PHPKit +CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...) + NOT-FOR-US: DTLink AreaEdit +CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...) + NOT-FOR-US: Cisco +CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...) + NOT-FOR-US: BEA WebLogic Portal +CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...) + NOT-FOR-US: Sysinternals Process Explorer +CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...) + NOT-FOR-US: MSIE +CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...) + NOT-FOR-US: ACNews +CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...) + NOT-FOR-US: Coppermine +CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...) + NOT-FOR-US: Land Down Under +CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...) + NOT-FOR-US: Land Down Under +CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...) + NOT-FOR-US: Burning Board +CVE-2005-2671 + REJECTED +CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...) + NOT-FOR-US: HAURI +CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...) + NOT-FOR-US: Computer Associates +CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...) + NOT-FOR-US: Computer Associates +CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...) + NOT-FOR-US: Computer Associates +CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...) + - openssh 1:4.0p1-1 (low) +CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...) + NOT-FOR-US: elm-me+ is no longer in unstable or testing +CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...) + NOT-FOR-US: Whisper +CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...) + {DSA-848-1} + - masqmail 0.2.20-1sarge1 (low; bug #329307) +CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...) + {DSA-848-1} + - masqmail 0.2.20-1sarge1 (high; bug #329307) +CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...) + {DSA-852-1} + - up-imapproxy 1.2.4-2 (high) +CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...) + {DSA-839-1} + - apachetop 0.12.5-3 (unknown) +CVE-2005-2659 + RESERVED +CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...) + {DSA-812-1} + - turqstat 2.2.4-1 (medium) +CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...) + {DSA-811-1} +CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...) + {DSA-794-1} + NOTE: Fix in -8 had problems + - polygen 1.0.6-9 (bug #325468; low) +CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...) + {DSA-791-1 DTSA-11-1} + - maildrop 1.5.3-2 (bug #325135; medium) +CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...) + {DSA-790-1} + - phpldapadmin 0.9.6c-5 (medium) +CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks] + - cplay 1.49-8 (bug #324913; low) +CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory] + - phpldapadmin 0.9.6c-5 (bug #322423; low) +CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...) + {DSA-814-1 DTSA-17-1} + - lm-sensors 1:2.9.1-7 (bug #324193; medium) +CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...) + NOT-FOR-US: BBCaffe +CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...) + NOT-FOR-US: Zorum +CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...) + NOT-FOR-US: Zorum +CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...) + NOT-FOR-US: Emefa Guestbook +CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...) + NOT-FOR-US: ATutor +CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...) + NOT-FOR-US: W-Agora +CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...) + NOT-FOR-US: Xerox MicroServer Web Server in Document Centre +CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) + NOT-FOR-US: Xerox MicroServer Web Server in Document Centre +CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) + NOT-FOR-US: Xerox MicroServer Web Server in Document Centre +CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...) + NOT-FOR-US: JaguarControl +CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...) + - tor 0.1.0.14-1 (bug #323786; medium) +CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...) + - mutt <unfixed> (bug #323956; high) + NOTE: Status is not clear; upstream is unresponsive. +CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...) + {DSA-785-1} + - libpam-ldap 178-1sarge1 (bug #324899; unknown) +CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...) + NOT-FOR-US: Juniper +CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...) + NOT-FOR-US: World Poker Championship +CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...) + NOT-FOR-US: PHPFreeNews +CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...) + NOT-FOR-US: PHPFreeNews +CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...) + - phpadsnew <itp> (bug #226636) +CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...) + - phpadsnew <itp> (bug #226636) +CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...) + NOT-FOR-US: WinFTP Server +CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...) + NOT-FOR-US: PHPTB Topic Board +CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...) + - mediabox404 <itp> (bug #294397) +CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...) + NOT-FOR-US: Cisco +CVE-2005-2630 + RESERVED +CVE-2005-2629 + RESERVED +CVE-2005-2628 + RESERVED +CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...) + {DSA-788-1 DTSA-1-1} + - kismet 2005.08.R1-1 (bug #323386; high) +CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...) + {DSA-788-1 DTSA-1-1} + - kismet 2005.08.R1-1 (bug #323386; high) +CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...) + NOT-FOR-US: CPAINT ajax toolkit +CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...) + NOT-FOR-US: CPAINT ajax toolkit +CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...) + NOT-FOR-US: ECW Shop +CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...) + NOT-FOR-US: ECW Shop +CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...) + NOT-FOR-US: ECW Shop +CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...) + NOT-FOR-US: Novell GroupWise +CVE-2005-2619 + RESERVED +CVE-2005-2618 + RESERVED +CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...) + {DTSA-16-1} + NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html, amd64 specific DOS + - linux-2.6 2.6.12-6 +CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...) + NOT-FOR-US: ezUpload +CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...) + NOT-FOR-US: EQdkp +CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...) + NOT-FOR-US: Discuz +CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...) + NOT-FOR-US: CPAINT Ajax +CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...) + - wordpress 1.5.2-1 (bug #323040; high) +CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...) + NOT-FOR-US: VERITAS Backup Exec for Windows Servers +CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...) + NOT-FOR-US: VegaDNS +CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...) + NOT-FOR-US: VegaDNS +CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...) + NOT-FOR-US: SafeHTML +CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...) + NOT-FOR-US: PHPSimplicity +CVE-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...) + NOT-FOR-US: PHlyMail +CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...) + NOT-FOR-US: Lasso Professional Server +CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...) + NOT-FOR-US: My Image Gallery (Mig) +CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...) + NOT-FOR-US: My Image Gallery (Mig) +CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...) + - mozilla-firefox <unfixed> (bug #324907; low) + TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird +CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) + NOT-FOR-US: MidiCart +CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...) + {DSA-798-1} + - egroupware-fudforum <unfixed> (bug #323928; medium) + - phpgroupware 0.9.16.008-1 (bug #323929; medium) +CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...) + NOT-FOR-US: Hummingbird FTP for Connectivity +CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...) + NOT-FOR-US: Dokeos +CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) + NOT-FOR-US: AOL Client +CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) + - gallery 1.5-2 (medium) +CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...) + NOT-FOR-US: Dada Mail +CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...) + NOT-FOR-US: Apple Safari +CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...) + NOT-FOR-US: MindAlign +CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...) + NOT-FOR-US: MindAlign +CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...) + NOT-FOR-US: MindAlign +CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...) + NOT-FOR-US: MindAlign +CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...) + NOT-FOR-US: WRT54GS wireless router +CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...) + NOT-FOR-US: DVBBS +CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...) + NOT-FOR-US: PHPTB Topic Boards +CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...) + NOT-FOR-US: Mentor ADSL-FR4II router +CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...) + NOT-FOR-US: Mentor ADSL-FR4II router +CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...) + NOT-FOR-US: Mentor ADSL-FR4II router +CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...) + NOT-FOR-US: Mentor ADSL-FR4II router +CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...) + NOT-FOR-US: Kaspersky +CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...) + NOT-FOR-US: Grandstream BudgeTone +CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) + NOT-FOR-US: MyBB +CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...) + NOT-FOR-US: Contivity +CVE-2005-2578 + REJECTED +CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...) + NOT-FOR-US: Wyse Winterm +CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...) + NOT-FOR-US: CaLogic +CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...) + NOT-FOR-US: XMB Forum +CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...) + NOT-FOR-US: XMB Forum +CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...) + - mysql <not-affected> (Windows specific mysql holes) + - mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes) + - mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes) +CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...) + - mysql <not-affected> (Windows specific mysql holes) + - mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes) + - mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes) +CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...) + NOT-FOR-US: FunkBoard +CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...) + NOT-FOR-US: FunkBoard +CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...) + NOT-FOR-US: FunkBoard +CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...) + NOT-FOR-US: SysCP +CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...) + NOT-FOR-US: SysCP +CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) + NOT-FOR-US: OpenBB +CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Gravity Board X (GBX) +CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...) + NOT-FOR-US: Gravity Board X (GBX) +CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...) + NOT-FOR-US: Gravity Board X (GBX) +CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...) + NOT-FOR-US: Gravity Board X (GBX) +CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...) + NOT-FOR-US: MYFAQ +CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...) + NOT-FOR-US: CFBB +CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...) + NOT-FOR-US: e107 portal +CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...) + {DSA-831-1 DSA-829-1} + - mysql-dfsg-4.1 4.1.13 (medium) + - mysql-dfsg-5.0 5.0.7beta-1 (medium) + - mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium) +CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...) + {DSA-778-1} + - mantis 0.19.2-4 (low) +CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...) + {DSA-778-1} + - mantis 0.19.2-4 (medium) +CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...) + {DTSA-16-1} + - linux-2.6 2.6.12-6 (medium) + - kernel-source-2.4.27 2.4.27-12 (medium) +CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs] + - clamav 0.86.2-1 (low) +CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) + NOT-FOR-US: Network Associated ePolicy Orchestrator Agent +CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...) + - kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium) + - kernel-source-2.4.27 2.4.27-12 (medium) +CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) + NOT-FOR-US: Integrated Light Out in HP servers +CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...) + NOT-FOR-US: Novell eDirectory +CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...) + {DSA-782-1 DTSA-9-1} + - bluez-utils 2.19-1 (bug #323365; medium) +CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Arab Portal +CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...) + NOT-FOR-US: PHPOpenChat +CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...) + NOT-FOR-US: Comdev eCommerce +CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...) + NOT-FOR-US: Comdev eCommerce +CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...) + NOT-FOR-US: Invision Power Board +CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...) + NOTE: This is intended behaviour, after all tar is an archiving tool and you + NOTE: need to give -p as a command line flag + - tar <unfixed> (bug #328228; unimportant) +CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...) + NOT-FOR-US: FlatNuke +CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...) + NOT-FOR-US: FlatNuke +CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) + NOT-FOR-US: FlatNuke +CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) + NOT-FOR-US: FlatNuke +CVE-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...) + {DSA-792-1} + - pstotext 1.9-2 (bug #319758; medium) +CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...) + NOT-FOR-US: ARCserve Backup +CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...) + {DSA-851-1} + - openvpn 2.0.2-1 (bug #324167; high) +CVE-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging ...) + {DSA-851-1} + - openvpn 2.0.2-1 (bug #324167; high) +CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...) + {DSA-851-1} + - openvpn 2.0.2-1 (bug #324167; high) +CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS ...) + {DSA-851-1} + - openvpn 2.0.2-1 (bug #324167; high) +CVE-2005-2530 + RESERVED +CVE-2005-2529 + RESERVED +CVE-2005-2528 + RESERVED +CVE-2005-2527 + RESERVED +CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...) + NOT-FOR-US: MacOS X +CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...) + NOT-FOR-US: MacOS X +CVE-2005-2524 + RESERVED +CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...) + NOT-FOR-US: Weblog Server in Mac OS X +CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...) + NOT-FOR-US: Mac OS X +CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...) + NOT-FOR-US: Mac OS X +CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...) + NOT-FOR-US: Mac OS X +CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...) + NOT-FOR-US: Mac OS X +CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...) + NOT-FOR-US: Mac OS X +CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...) + NOT-FOR-US: Mac OS X +CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...) + NOT-FOR-US: Mac OS X +CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...) + NOT-FOR-US: Mac OS X +CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...) + NOT-FOR-US: Mac OS X +CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...) + NOT-FOR-US: Mac OS X +CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...) + NOT-FOR-US: Mac OS X +CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...) + NOT-FOR-US: Mac OS X +CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...) + NOT-FOR-US: Mac OS X +CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...) + NOT-FOR-US: Mac OS X +CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...) + NOT-FOR-US: Mac OS X +CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...) + NOT-FOR-US: Mac OS X +CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...) + NOT-FOR-US: Mac OS X +CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...) + NOT-FOR-US: Mac OS X +CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...) + NOT-FOR-US: Mac OS X +CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...) + NOT-FOR-US: Mac OS X +CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...) + NOT-FOR-US: Mac OS X +CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...) + NOT-FOR-US: Mac OS X +CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...) + - linux-2.6 2.6.12-1 (medium) +CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...) + - slocate <unfixed> (bug #324951; low) +CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...) + {DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1} + - drupal 4.5.5-1 (bug #323347; high) + - phpgroupware 0.9.16.008-1 (bug #323349; high) + - egroupware 1.0.0.009.dfsg-1 (bug #323350; high) + - phpwiki <unfixed> (unimportant) + NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway + - php4 4:4.3.10-16 (bug #323366; high) + TODO: check php5 +CVE-2005-2497 + REJECTED +CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...) + {DSA-801-1} + NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu?? + - ntp 1:4.2.0a+stable-2sarge1 (medium) +CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...) + {DSA-816-1} + - xorg-x11 6.8.2.dfsg.1-7 (medium) +CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...) + {DSA-815-1} + - kdebase 4:3.4.2-3 (bug #327039; medium) +CVE-2005-2493 + RESERVED +CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...) + - linux-2.6 2.6.12-7 (bug #327416; medium) +CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...) + {DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1} + - pcre3 6.3-1 (bug #324531; medium) + - gnumeric <unfixed> (bug #326628; bug #326898; unimportant) + - goffice <unfixed> (bug #326898; unimportant) + NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used + - python2.1 2.1.3dfsg-3 (medium) + - python2.2 2.2.3dfsg-4 (medium) + - python2.3 2.3.5-8 (medium) +CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...) + - linux-2.6 2.6.12-7 (bug #327416; medium) + - kernel-source-2.6.8 2.6.8-16sarge2 +CVE-2005-XXXX [Buffer overflow in Description parsing] + - bidwatcher <removed> (bug #319489; high) +CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] + - dbmail <unfixed> (bug #303991; medium) +CVE-2005-XXXX [downloads.ini writable by group users, world-readable] + - mldonkey 2.5.28.1-1 (bug #300560; low) +CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] + - gcjwebplugin <unfixed> (bug #267040; high) +CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] + - dbmail-pgsql <unfixed> (bug #290833; medium) +CVE-2005-XXXX [time delay of password check proves account existence to attackers] + NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs + - ssh <unfixed> (bug #314645; low) +CVE-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...) + {DTSA-16-1} + NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2 + - kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low) + NOTE: 2.6.12-1 contained a partially broken fix + - linux-2.6 2.6.12-6 (bug #309308; low) +CVE-2005-XXXX [DoS by removal of default ACLs in ext2/ext3] + NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8 + TODO: Check, whether this is fixed in linux-2.6 SVN as well +CVE-2005-XXXX [Unspecified buffer overflow in metar] + - metar 20050807.1-1 (unknown) +CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...) + NOT-FOR-US: Web Content Management News System +CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...) + NOT-FOR-US: Web Content Management News System +CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...) + NOT-FOR-US: Sun switches +CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...) + NOT-FOR-US: PortailPHP +CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...) + NOT-FOR-US: Logicampus +CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...) + NOT-FOR-US: Denora IRC stats +CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...) + NOT-FOR-US: Karrigell +CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...) + NOT-FOR-US: Metasploit Framework +CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Fusebox +CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...) + NOT-FOR-US: Fusebox +CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...) + NOT-FOR-US: Quick 'n Easy FTP Server +CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...) + NOT-FOR-US: Silvernews +CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...) + NOT-FOR-US: Naxtor Shopping Cart +CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...) + NOT-FOR-US: Naxtor Shopping Cart +CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...) + - unzip <unfixed> (bug #321927; low) +CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...) + NOT-FOR-US: ChurchInfo +CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...) + NOT-FOR-US: ChurchInfo +CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...) + NOT-FOR-US: BusinessMail +CVE-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...) + - netpbm 2:10.0-9 (bug #319757; low) +CVE-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 ...) + NOT-FOR-US: Adobe +CVE-2005-2469 + RESERVED +CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...) + {DTSA-16-1} + - linux-2.6 2.6.12-3 (bug #323173) + - kernel-source-2.4.27 2.4.27-11 (medium) +CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...) + {DTSA-16-1} + - linux-2.6 2.6.12-3 (bug #323173; medium) + - kernel-source-2.6.8 2.6.8-16sarge1 (medium) + - kernel-source-2.4.27 2.4.27-11 (medium) + - kernel-source-2.4.27 2.4.27-10sarge1 +CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher] + - wine <unfixed> (bug #321470; low) +CVE-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension] + - inkscape 0.42 (bug #321501; low) +CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] + - metamail 2.7-48 (bug #321473; low) +CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] + - xfree86 <unfixed> (bug #321447; low) + - xorg-x11 <unfixed> (bug #321447; low) +CVE-2005-XXXX [kdebase: startkde does not check lnusertemp's result?] + NOTE: This hardly has security implications, lots of applications do not cope + NOTE: with a filled up /tmp dir. + - kdebase <unfixed> (bug #292078; low) +CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code] + - gs-esp <unfixed> (bug #291452; low) +CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources] + NOTE: binary not shipped + - sysklogd <unfixed> (bug #281448; unimportant) +CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] + - fftw3 3.0.1-12 (low; bug #321566) +CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files] + - clamav-getfiles 0.5-1 (bug #321446; medium) +CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...) + - cgiwrap 3.9-3.1 (bug #316881; low) +CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...) + - cgiwrap 3.9-3.1 (bug #316901; low) +CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...) + {DTSA-13-1} + - evolution 2.2.3-3 (high; bug #322535) +CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...) + {DTSA-13-1} + - evolution 2.2.3-3 (high; bug #322535) +CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] + - libnet-ssleay-perl 1.25-1.1 (bug #296112; low) +CVE-2005-XXXX [nvi: init.d recover file security bugs] + - nvi 1.79-22 (bug #298114; medium) +CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way] + - bugzilla 2.18.3-2 (bug #321567; low) +CVE-2005-XXXX [Crypto weakness in Tor's handshaking process] + - tor 0.1.0.14-1 (medium) +CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...) + {DTSA-16-1} + - linux-2.6 2.6.12-3 (medium) + - kernel-source-2.6.8 2.6.8-16sarge2 (medium) + - kernel-source-2.4.27 2.4.27-12 (medium) + - kernel-source-2.4.27 2.4.27-10sarge2 (medium) +CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...) + {DTSA-16-1} + - linux-2.6 2.6.12-2 (bug #321401; medium) + - kernel-source-2.4.27 2.4.27-11 (medium) +CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) + NOT-FOR-US: Greasemonkey +CVE-2005-2454 + RESERVED +CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...) + NOT-FOR-US: NetworkActiv Web Server +CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...) + NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7 + - tiff 3.7.0-1 +CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...) + NOT-FOR-US: IOS +CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...) + {DSA-776-1 DTSA-3-1} + - clamav 0.86.2-1 (medium) +CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...) + NOT-FOR-US: sandbox +CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...) + {DSA-813-1 DTSA-2-1 DTSA-4-1} + - ekg 1:1.5+20050718+1.6rc3-1 (low) + - centericq 4.20.0-9 (bug #323185; medium) +CVE-2005-2447 + REJECTED +CVE-2005-2446 + REJECTED +CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...) + NOT-FOR-US: Product Cart +CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...) + NOT-FOR-US: Trillian +CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...) + NOT-FOR-US: KShout +CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...) + NOT-FOR-US: SPI Dynamics Web Inspect +CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...) + NOT-FOR-US: VBzoom +CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...) + NOT-FOR-US: Thomson Web Skill Vantage Manager +CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...) + NOT-FOR-US: UseBB +CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...) + NOT-FOR-US: UseBB +CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...) + NOT-FOR-US: Website Baker +CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...) + NOT-FOR-US: Website Baker +CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...) + NOT-FOR-US: Linksys hardware +CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...) + NOT-FOR-US: PhpList +CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) + NOT-FOR-US: PhpList +CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) + - gforge (bug #328224; unimportant) + NOTE: Direct flooding is possible as well in most circumstances. + NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian +CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) + - gforge (bug #328224; medium) + NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian +CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) + - mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms) +CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...) + NOT-FOR-US: Lotus Domino +CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) + NOT-FOR-US: CartWIZ +CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...) + NOT-FOR-US: FTPshell Server +CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...) + NOT-FOR-US: Ares FileShare +CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...) + NOT-FOR-US: Siemens hardware +CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: Beehive +CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...) + NOT-FOR-US: Beehive +CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...) + NOT-FOR-US: Beehive +CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...) + NOT-FOR-US: FtpLocate +CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...) + NOT-FOR-US: hardware issue +CVE-2005-2418 + REJECTED + NOT-FOR-US: Realchat +CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Contrexx +CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...) + NOT-FOR-US: Contrexx +CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) + NOT-FOR-US: Contrexx +CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) + - mozilla-firefox (bug #327549; medium) + - mozilla (bug #327550; medium) + TODO: check more Mozilla-based browsers +CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) + NOT-FOR-US: Atomic Photo Album +CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...) + NOT-FOR-US: First Post +CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...) + {DSA-808-1} + - tdiary 2.0.2-1 (bug #319315; medium) +CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...) + NOT-FOR-US: Network Manager +CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...) + NOT-FOR-US: nbsmtp +CVE-2005-2408 + RESERVED +CVE-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...) + NOT-FOR-US: Opera +CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) + NOT-FOR-US: Opera +CVE-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...) + NOT-FOR-US: Opera +CVE-2005-XXXX [DoS against rsync in embedded zlib copy] + NOTE: This is distinct from CVE-2005-2096, please see rsync's 2.6.6 announcement + NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3 + NOTE: I haven't verified this with source so far, but it looks like a DoS + NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding + NOTE: zlib 1.2 are affected as well + - rsync 2.6.6-1 (low) +CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...) + NOT-FOR-US: Sendcard +CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...) + NOT-FOR-US: RealChat +CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...) + NOT-FOR-US: PHPSiteSearch +CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...) + NOT-FOR-US: PHPFinance +CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...) + NOT-FOR-US: PHP Surveyor +CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...) + NOT-FOR-US: PHP Surveyor +CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...) + NOT-FOR-US: phpBook +CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...) + - mozilla-firefox <unfixed> (bug #320539; medium) + - mozilla <unfixed> (bug #320538; medium) +CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...) + NOT-FOR-US: CuteNews +CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) + NOT-FOR-US: CuteNews +CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...) + NOT-FOR-US: CMSimple +CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...) + NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP +CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...) + {DSA-795-2} + - proftpd 1.2.10-20 (low) + NOTE: ftpshut fixed in -19, SQLShowInfo in -20 +CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...) + NOT-FOR-US: Veritas NetBackup +CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...) + NOT-FOR-US: some windows USB driver +CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...) + NOT-FOR-US: GoodTech SMTP server +CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) + NOT-FOR-US: CartWIZ +CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...) + NOT-FOR-US: UNACEV2.DLL +CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...) + NOT-FOR-US: UNACEV2.DLL +CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...) + NOT-FOR-US: PHPNews +CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...) + NOT-FOR-US: Oray PeanutHull +CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: PHP Surveyor +CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...) + NOT-FOR-US: PHP Surveyor +CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...) + NOT-FOR-US: Oracle Reports +CVE-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...) + NOT-FOR-US: Oracle Reports +CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...) + - libnss-ldap <not-affected> (Mandrake specfic vulnerability) +CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...) + NOT-FOR-US: Race Driver +CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...) + NOT-FOR-US: Race Driver +CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...) + NOT-FOR-US: Belkin 54g wireless routers +CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...) + NOT-FOR-US: SlimFTPd +CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...) + NOT-FOR-US: Oracle Forms +CVE-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...) + NOT-FOR-US: Oracle Reports +CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...) + {DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1} + - gaim 1:1.4.0-5 (low) + - centericq 4.20.0-9 (bug #323185; low) +CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...) + {DSA-813-1 DTSA-2-1} + TODO: check gaim and others that embed libgadu in source tree + - centericq 4.20.0-9 (bug #323185; medium) +CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...) + {DTSA-12-1} + - vim 1:6.3-085+1 (bug #320017; medium) +CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; medium) +CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...) + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...) + {DSA-853-1} + - ethereal 0.10.12-1 (bug #320183; low) +CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...) + - kfreebsd-5 5.3-1 (medium) +CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...) + NOT-FOR-US: EMC Navisphere Manager +CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...) + NOT-FOR-US: EMC Navisphere Manager +CVE-2005-2355 + REJECTED + NOTE: see CVE-2005-2356 +CVE-2005-2347 + RESERVED + - xsupplicant 1.0.1-5 (bug #317703; low) +CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) + NOT-FOR-US: Novell +CVE-2005-2345 + RESERVED +CVE-2005-2344 + RESERVED +CVE-2005-2343 + RESERVED +CVE-2005-2342 + RESERVED +CVE-2005-2341 + RESERVED +CVE-2005-2340 + RESERVED +CVE-2005-2339 + RESERVED +CVE-2005-2338 + RESERVED +CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...) + {DSA-864-1 DSA-862-1 DSA-860-1} + - ruby1.6 1.6.8-13 (medium) + - ruby1.8 1.8.3-1 (medium) + - ruby1.9 1.9.0+20050921-1 (medium) +CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...) + - hiki 0.8.2-1 +CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...) + NOT-FOR-US: Y.SAK +CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...) + NOT-FOR-US: smilies_popup.php +CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...) + NOT-FOR-US: PHPPageProtect +CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...) + NOT-FOR-US: MooseGallery +CVE-2005-2330 (Directory traversal vulnerability in update.php in osCommerce 2.2 ...) + NOT-FOR-US: osCommerce +CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...) + NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S +CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...) + NOT-FOR-US: Laffer +CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...) + NOT-FOR-US: e107 +CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) + NOT-FOR-US: Clever Copy +CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...) + NOT-FOR-US: Clever Copy +CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) + NOT-FOR-US: Clever Copy +CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...) + NOT-FOR-US: Class-1 Forum +CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...) + NOT-FOR-US: Class-1 Forum +CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...) + NOT-FOR-US: CaLogic +CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...) + NOT-FOR-US: Yawp +CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...) + NOT-FOR-US: DVBBS +CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...) + {DSA-849-1} + - shorewall 2.4.1-2 (bug #318946; medium) +CVE-2005-2316 + RESERVED +CVE-2005-2315 + RESERVED +CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...) + NOT-FOR-US: PHPsFTPd +CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...) + NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence +CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...) + NOT-FOR-US: Realnode Emilda +CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) + - sms-pl <unfixed> (bug #320540; unimportant) + NOTE: vulnerable contrib file only in source package +CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...) + NOT-FOR-US: Winamp +CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...) + NOT-FOR-US: Opera +CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...) + NOT-FOR-US: MSIE +CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...) + NOT-FOR-US: Microsoft +CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...) + NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0 +CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...) + NOT-FOR-US: DG Remote Control Server +CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...) + NOT-FOR-US: Microsoft +CVE-2005-2303 + REJECTED + NOT-FOR-US: Microsoft +CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...) + {DSA-771-1} + - pdns 2.9.18-1 (medium; bug #318798) +CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...) + {DSA-771-1} + - pdns 2.9.18-1 (medium; bug #318798) +CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...) + NOT-FOR-US: Skype +CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...) + NOT-FOR-US: Simple Message Board +CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...) + NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian +CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...) + NOT-FOR-US: Sybase EAServer +CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: YabbSE +CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...) + - netpanzer <unfixed> (bug #318329; medium) +CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...) + NOT-FOR-US: Oracle +CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...) + NOT-FOR-US: Oracle +CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...) + NOT-FOR-US: Oracle +CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...) + NOT-FOR-US: Oracle +CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...) + NOT-FOR-US: WPS +CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: PHPCounter +CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...) + NOT-FOR-US: PHPCounter +CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...) + NOT-FOR-US: SoftiaCom wMailServer +CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...) + NOT-FOR-US: WebEOC +CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...) + NOT-FOR-US: WebEOC +CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...) + NOT-FOR-US: WebEOC +CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...) + NOT-FOR-US: WebEOC +CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...) + NOT-FOR-US: WebEOC +CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...) + NOT-FOR-US: WebEOC +CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...) + NOT-FOR-US: Cisco +CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...) + NOT-FOR-US: Cisco +CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...) + NOT-FOR-US: MailEnable +CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...) + {DSA-762-1} + - affix 2.1.2-2 (bug #318328; medium) +CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...) + NOT-FOR-US: Novell Groupwise WebAccess +CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6] + NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html + NOTE: maintainer says does not apply to debian, see #320608 +CVE-2005-XXXX [strobe reads file from unsafe directory] + - netdiag 0.7-7.1 (bug #206905; low) +CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding] + - ffmpeg 0.cvs20050811-1 (bug #320150; medium) +CVE-2005-XXXX [xgalaga score file segfault] + - xgalaga 2.0.34-31 (bug #319686; low) +CVE-2005-XXXX [xemeraldia games file overwrite] + - xemeraldia 0.4-1 (bug #319661; low) +CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...) + {DSA-774-1} + NOTE: previous fix in -15 was broken + - fetchmail 6.2.5-16 (bug #320357; bug #212762; medium) +CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...) + {DSA-766-1} + - webcalendar 0.9.45-7 (bug #315671; medium) +CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...) + NOT-FOR-US: Website Baker +CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions] + NOTE: This doesn't look like a real security issue as cron.daily should only be + NOTE: writable by root, but lets include it as the maintainer considers it an issue + - fiaif 1.19.2-14 (low) +CVE-2005-2275 + RESERVED +CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...) + NOT-FOR-US: MSIE +CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...) + NOT-FOR-US: Opera +CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...) + NOT-FOR-US: Sfari +CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...) + NOT-FOR-US: iCab +CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...) + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (high) + - mozilla 2:1.7.8-1sarge2 (bug #318062; high) + - mozilla-thunderbird 1.0.6-1 (bug #318728; high) +CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...) + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (high) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) + - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) +CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...) + {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (medium) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) +CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...) + {DSA-779-2 DSA-779-1 DTSA-8-2} + - mozilla-firefox 1.0.4-2sarge3 (medium) +CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...) + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (medium) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) + - mozilla-thunderbird 1.0.6-1 (bug #318728; low) +CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...) + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (high) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) + - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) +CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...) + {DSA-779-2 DSA-779-1 DTSA-8-2} + - mozilla-firefox 1.0.4-2sarge3 (medium) +CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...) + {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (medium) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) +CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...) + {DSA-779-2 DSA-779-1 DTSA-8-2} + - mozilla-firefox 1.0.4-2sarge3 (medium) +CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...) + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (medium) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) + - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) +CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...) + {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (medium) + - mozilla 2:1.7.8-1sarge2 (bug #318062; medium) +CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...) + NOT-FOR-US: USANet +CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...) + NOT-FOR-US: Squito Gallery +CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...) + NOT-FOR-US: PhpSlash +CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...) + {DSA-759-1} + - phppgadmin 3.5.4-1 (bug #318284; medium) +CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...) + NOT-FOR-US: PhpAuction +CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...) + NOT-FOR-US: PhpAuction +CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...) + NOT-FOR-US: PhpAuction +CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...) + NOT-FOR-US: PhpAuction +CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...) + NOT-FOR-US: PHPSecurePages (phpSP) +CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...) + {DSA-762-1} + - affix 2.1.2-2 (bug #318327; medium) +CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...) + - jinzora <itp> (bug #289487) +CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...) + NOT-FOR-US: DownloadProtect +CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...) + NOTE: no details available + - moodle 1.5.1-1 +CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...) + NOT-FOR-US: iPhotoAlbum +CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...) + NOT-FOR-US: BIG-IP +CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...) + NOT-FOR-US: Cisco CallManager +CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...) + NOT-FOR-US: Cisco CallManager +CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) + NOT-FOR-US: Cisco CallManager +CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) + NOT-FOR-US: Cisco CallManager +CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) + - xpvm 1.2.5-8 (bug #318285; medium) +CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...) + - oftpd <removed> (bug #318286; medium) +CVE-2005-XXXX [oftpd port DOS] + - oftpd <removed> (bug #307957; low) + NOTE: CVE id requested from mitre +CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...) + NOT-FOR-US: AIX +CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...) + NOT-FOR-US: AIX +CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...) + NOT-FOR-US: AIX +CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...) + NOT-FOR-US: AIX +CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...) + NOT-FOR-US: AIX +CVE-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 ...) + NOT-FOR-US: AIX +CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...) + NOT-FOR-US: AIX +CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...) + {DSA-761-2} + - heartbeat 1.2.3-12 (bug #318287; medium) +CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...) + - elmo <unfixed> (bug #318291; medium) + NOTE: upload to unstable still hasn't occurred (2005-09-18) +CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...) + NOT-FOR-US: Blog Torrent +CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...) + NOT-FOR-US: Web Wiz Forums +CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...) + NOT-FOR-US: Softiacom wMailserver +CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...) + NOT-FOR-US: Outlook +CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...) + NOT-FOR-US: Microsoft +CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...) + NOT-FOR-US: Microsoft +CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...) + NOT-FOR-US: MailEnable +CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...) + NOT-FOR-US: MailEnable +CVE-2005-2221 (** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly ...) + NOT-FOR-US: Dragonfly +CVE-2005-2220 (** DISPUTED ** Dragonfly Commerce allows remote attackers to change a ...) + NOT-FOR-US: Dragonfly +CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...) + NOT-FOR-US: Hosting Controller +CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...) + - kfreebsd5-source 5.3-17 (medium) +CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...) + NOT-FOR-US: Dansie Shopping Cart +CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...) + NOT-FOR-US: PhotoGal +CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...) + - mediawiki 1.4.9 +CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...) + - base-config <unfixed> (bug #305142; low) +CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...) + NOT-FOR-US: MMS Ripper +CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...) + - backup-manager 0.5.8-2 (bug #308897; low) +CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) + - backup-manager 0.5.8-2 (low) +CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...) + NOT-FOR-US: Internet Down +CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) + NOT-FOR-US: ScanShare +CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...) + NOT-FOR-US: PrivaShare +CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...) + NOT-FOR-US: CartWIZ +CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...) + NOT-FOR-US: CartWIZ +CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...) + NOT-FOR-US: kaiseki.cgi +CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...) + NOT-FOR-US: SiteMinder +CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...) + NOT-FOR-US: phpWishlist +CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...) + NOT-FOR-US: Xerox Hardware issue +CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...) + NOT-FOR-US: Xerox hardware +CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...) + NOT-FOR-US: Xerox hardware +CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) + NOT-FOR-US: PPA web photo gallery +CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...) + NOT-FOR-US: SPiD +CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...) + NOT-FOR-US: Id Board +CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...) + NOT-FOR-US: Apple Airport +CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...) + NOT-FOR-US: Apple Darwin Streaming Server +CVE-2005-2194 + RESERVED +CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...) + NOT-FOR-US: PunBB +CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...) + NOT-FOR-US: SimplePHPBlog +CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...) + NOT-FOR-US: Comersus +CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...) + NOT-FOR-US: Comersus +CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...) + NOT-FOR-US: Lantronix SecureLinx +CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...) + NOT-FOR-US: McAfee IntruShield +CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...) + NOT-FOR-US: McAfee IntruShield +CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...) + NOT-FOR-US: McAfee IntruShield +CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...) + NOT-FOR-US: eRoom +CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...) + NOT-FOR-US: eRoom +CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...) + NOT-FOR-US: PhpXmail +CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...) + NOT-FOR-US: PhpXmail +CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...) + NOT-FOR-US: SIP phone hardware issue +CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...) + - gnats 4.0 (bug #318481; high) +CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...) + NOT-FOR-US: Jaws +CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...) + NOTE: How bizarre, they assign a CVE Id without knowing which product contains + NOTE: the affected probe.cgi +CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...) + - net-snmp 5.2.1.2-1 (bug #318420; medium) +CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...) + NOT-FOR-US: Novell NetMail +CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...) + NOT-FOR-US: Notes +CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...) + - bugzilla 2.18.3-1 (low) +CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...) + - bugzilla 2.18.3-1 (low) +CVE-2005-2172 + RESERVED +CVE-2005-2171 + RESERVED +CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...) + NOT-FOR-US: Tivoli +CVE-2005-2348 [base-config log should not be world readable] + RESERVED + - base-config 2.68 (bug #254068; low) +CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...) + NOT-FOR-US: PHPSource Printer +CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...) + NOT-FOR-US: Plague +CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...) + NOT-FOR-US: Plague +CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...) + NOT-FOR-US: Plague +CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...) + NOT-FOR-US: GlobalNoteScript +CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...) + NOT-FOR-US: Covide +CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...) + NOT-FOR-US: AutoIndex PHP Script +CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...) + NOT-FOR-US: MyGuestbook +CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...) + {DSA-768-1} + - phpbb2 2.0.13-6sarge1 (bug #317739; high) +CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...) + NOT-FOR-US: IMail +CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...) + NOT-FOR-US: PlanetDNS +CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...) + NOT-FOR-US: JBoss +CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...) + NOT-FOR-US: nabopoll +CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...) + NOT-FOR-US: PHPNews +CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...) + NOT-FOR-US: EasyPHPCalender +CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...) + NOT-FOR-US: osTicket +CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...) + NOT-FOR-US: osTicket +CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...) + NOT-FOR-US: Geeklog +CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...) + {DSA-784-1} + - courier 0.47-6 (bug #320290; low) +CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...) + NOT-FOR-US: Microsoft +CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...) + {DSA-764-1} + - cacti 0.8.6f-1 (bug #316590; high) +CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...) + {DSA-764-1} + - cacti 0.8.6f-1 (bug #316590; high) +CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...) + TODO: Check, whether this was covered by DSA-739 as well + - trac 0.8.4-1 +CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...) + NOT-FOR-US: SSH Tectia Server +CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...) + NOT-FOR-US: Prevx Pro +CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...) + NOT-FOR-US: Prevx Pro +CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...) + NOT-FOR-US: Microsoft +CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...) + NOT-FOR-US: Golden FTP Server +CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: TCP Chat +CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...) + NOT-FOR-US: FSboard +CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...) + NOT-FOR-US: Pavsta +CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...) + NOT-FOR-US: Comdev eCommerce +CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...) + NOT-FOR-US: NateOn Messenger +CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...) + NOT-FOR-US: Raritan Dominion SX +CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...) + NOT-FOR-US: EtoShop +CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...) + NOT-FOR-US: NetBSD +CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: ...) + NOT-FOR-US: log4sh +CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...) + NOT-FOR-US: SCO UnixWare +CVE-2005-2131 + RESERVED +CVE-2005-2130 + RESERVED +CVE-2005-2129 + RESERVED +CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...) + NOT-FOR-US: Windows +CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) + NOT-FOR-US: Windows +CVE-2005-2126 + RESERVED +CVE-2005-2125 + RESERVED +CVE-2005-2124 + RESERVED +CVE-2005-2123 + RESERVED +CVE-2005-2122 + RESERVED +CVE-2005-2121 + RESERVED +CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...) + NOT-FOR-US: Windows +CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...) + NOT-FOR-US: Microsoft +CVE-2005-2118 + RESERVED +CVE-2005-2117 + RESERVED +CVE-2005-2116 + REJECTED + {DSA-745-1} +CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...) + NOT-FOR-US: Soldier of Fortune +CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...) + NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits + - mozilla 2:1.7.10-1 (bug #318723; medium) +CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...) + NOT-FOR-US: XOOPS +CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...) + NOT-FOR-US: XOOPS +CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...) + NOT-FOR-US: Community Link Pro Web Editor +CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...) + - wordpress 1.5.1.3-1 (bug #316402) +CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...) + - wordpress 1.5.1.3-1 (bug #316402) +CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...) + - wordpress 1.5.1.3-1 (bug #316402) +CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) + - wordpress 1.5.1.3-1 (bug #316402) +CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...) + {DSA-745-1} + - drupal 4.5.4-1 (bug #316362) +CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...) + NOT-FOR-US: IOS +CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...) + NOT-FOR-US: sysreport +CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...) + {DTSA-5-1} + - gaim 1:1.4.0-5 (high; bug #323706) +CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...) + {DTSA-5-1} + - gaim 1:1.4.0-5 (medium; bug #323706) +CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...) + {DSA-818-1} + - kdeedu 4:3.4.2-1 (low) +CVE-2005-2100 + RESERVED +CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...) + {DTSA-16-1} + NOTE: 2.6.8 and 2.4.27 not affected + - linux-2.6 2.6.12-3 (bug #323039; medium) +CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...) + {DTSA-16-1} + NOTE: 2.6.8 and 2.4.27 not affected + - linux-2.6 2.6.12-3 (bug #323039; medium) +CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...) + {DSA-780-1} + - kdegraphics 4:3.4.2-1 (bug #322458; low) + - xpdf 3.00-15 (bug #322462; low) + - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code) + - gpdf <unfixed> (bug #334454; low) + NOTE: only affects cupsys source package, not used in binary + - cupsys <unfixed> (bug #324464; unimportant) + - poppler 0.4.0-1 (low) +CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...) + {DSA-797-2 DSA-797-1 DSA-740-1} + NOTE: Several packages ship embedded copies of zlib, there are a lot probably more + NOTE: Florian Weimer is doing a comprehensive audit using clamav + NOTE: to search for static zlib signatures in binaries in Debian + NOTE: Not all of the listed packages have been checked for actual + NOTE: exploitability using this hole. + - dpkg 1.13.11 (bug #317967; medium) + - zsync 0.4.0-2 (bug #317968; medium) + - dump 0.4b40-1 (bug #317966; medium) + - aide 0.10-6.1.1 (bug #317523; medium) + - amd64-libs 1.3 (bug #317970; medium) + - ia32-libs <unfixed> (bug #317971; medium) + - dar <not-affected> (zlib not used on unstrusted input, see #317989) + - bacula 1.36.3-2 (bug #318014; medium) + - sash 3.7-6 (bug #318246; bug #318069; medium) + - libphysfs 1.0.0-5 (bug #318091; medium) + - oops <unfixed> (bug #318097; medium) + - rpm 4.0.4-31.1 (bug #318099; medium) + - rageircd 2.0.0-3sid1 (bug #309196; medium) + - systemimager-ssh <unfixed> (bug #318101; unimportant) + - texmacs 1:1.0.5-3 (bug #318100; medium) + - zlib 1:1.2.2-7 (bug #317133; medium) + - pvpgn 1.7.8-2 (bug #332236; unknown) + - mysql-dfsg-4.1 (bug #319858; unimportant) + NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid +CVE-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the $_POST ...) + {DSA-756-1} + - squirrelmail 2:1.4.4-6 (bug #317094) +CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...) + NOT-FOR-US: Sun +CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...) + NOT-FOR-US: Oracle +CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...) + NOT-FOR-US: BEA WebLogic +CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...) + NOT-FOR-US: Websphere +CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...) + - tomcat4 4.1.28-1 + NOTE: tomcat5 in experimental has this fix as well +CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...) + NOT-FOR-US: Microsoft +CVE-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...) + {DSA-805-1 DSA-803-1} + - apache 1.3.33-8 (bug #322607; medium) + - apache2 2.0.54-5 (bug #316173; medium) +CVE-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...) + NOT-FOR-US: Microsoft +CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...) + - phpbb2 <not-affected> (phpbb versions in Debian not affected) +CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...) + NOT-FOR-US: Inframail +CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...) + NOT-FOR-US: Community Forum +CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...) + NOT-FOR-US: IA eMailServer +CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...) + NOT-FOR-US: imTRSET +CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...) + - asterisk 1:1.0.9.dfsg-1 (bug #315532; medium) +CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...) + NOT-FOR-US: Veritas Backup +CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...) + NOT-FOR-US: Veritas Backup +CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...) + NOT-FOR-US: Lpanel +CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...) + NOT-FOR-US: GoodTech SMTP Server +CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) + NOT-FOR-US: BisonFTP Server +CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) + NOT-FOR-US: Hosting Controller +CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) + NOT-FOR-US: HP Version Control Repository Manager +CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) + NOT-FOR-US: DB2 +CVE-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...) + NOT-FOR-US: Solaris +CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) + NOT-FOR-US: Solaris +CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) + {DSA-737-1 DTSA-3-1} + - clamav 0.86.1 (bug #318755; medium) +CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...) + {DSA-785-1} + - openldap2.2 2.2.26-3 (bug #316674; medium) + - openldap2 2.1.30-11 (medium) + - libpam-ldap 178-1sarge1 (bug #316972; medium) + - libnss-ldap 238-1.1 (bug #316973; medium) +CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...) + - kfreebsd-source <unfixed> +CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) + NOT-FOR-US: ASP Nuke +CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) + NOT-FOR-US: ASP Nuke +CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) + NOT-FOR-US: ASP Nuke +CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) + NOT-FOR-US: ASP Nuke +CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + NOT-FOR-US: ActiveBuyAndSell +CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) + NOT-FOR-US: ActiveBuyAndSell +CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) + NOT-FOR-US: Infopop UBB.Threads +CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) + NOT-FOR-US: Infopop UBB.Threads +CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) + NOT-FOR-US: Infopop UBB.Threads +CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) + NOT-FOR-US: Infopop UBB.Threads +CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) + NOT-FOR-US: Infopop UBB.Threads +CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) + {DSA-737-1 DTSA-3-1} + - clamav 0.86.1-1 (bug #318756; medium) +CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) + - helix-player 1.0.5-1 (bug #316276; high) +CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) + - helix-player 1.0.5-1 (bug #316276; unknown) +CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) + NOT-FOR-US: JAF CMS +CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) + - helix-player 1.0.5-1 (bug #316276; high) +CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...) + NOT-FOR-US: BEWAC +CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...) + - tor 0.0.9.10-1 (medium) +CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) + NOT-FOR-US: Duware +CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...) + NOT-FOR-US: Duware +CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) + NOT-FOR-US: Duware +CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) + NOT-FOR-US: Duware +CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) + NOT-FOR-US: Duware +CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) + NOT-FOR-US: ATutor +CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) + NOT-FOR-US: XAMPP +CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) + NOT-FOR-US: ajax-spell +CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...) + NOT-FOR-US: ViRobot +CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) + {DSA-758-1} + TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base + - heimdal 0.6.3-11 (bug #315065; bug #315086; high) +CVE-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) + - nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492) +CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) + NOT-FOR-US: Fortibus CMS +CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) + NOT-FOR-US: Fortibus CMS +CVE-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...) + NOT-FOR-US: Cool Cafe Chat +CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...) + NOT-FOR-US: Cool Cafe Chat +CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) + NOT-FOR-US: iGallery +CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...) + NOT-FOR-US: iGallery +CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) + NOT-FOR-US: Solaris +CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) + NOT-FOR-US: socialMPN +CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) + NOT-FOR-US: external script that allow interaction between amarok and a browser +CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) + NOT-FOR-US: MercuryBoard +CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) + NOT-FOR-US: Enterasys hardware issue +CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) + NOT-FOR-US: Enterasys hardware issue +CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) + NOT-FOR-US: Cisco +CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) + {DSA-738-1} + NOTE: varying and apparently innacurate info about what versions fix it + - razor 2.720-1 (low) +CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...) + NOTE: insufficient info, possibly SuSE specific + NOT-FOR-US: only affects 1.9.14 of gpg2 +CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) + NOT-FOR-US: iPlanet +CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) + NOT-FOR-US: cPanel +CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...) + NOT-FOR-US: 3com Network Supervisor +CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...) + NOT-FOR-US: FreeBSD ipfw +CVE-2005-2018 + RESERVED +CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...) + NOT-FOR-US: Symantec AntiVirus +CVE-2005-2016 + RESERVED +CVE-2005-2015 + RESERVED +CVE-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) + NOT-FOR-US: paFAQ +CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: paFAQ +CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...) + NOT-FOR-US: paFAQ +CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) + NOT-FOR-US: paFAQ +CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...) + NOT-FOR-US: Ublog Reload +CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) + NOT-FOR-US: Ublog Reload +CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) + - yaws 1.56-1 (low) +CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) + {DSA-739-1} + - trac 0.8.4-1 (bug #315145) +CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) + NOT-FOR-US: JBOSS +CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...) + NOT-FOR-US: Mambo +CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) + NOT-FOR-US: paFileDB +CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...) + NOT-FOR-US: paFileDB +CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) + NOT-FOR-US: paFileDB +CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) + NOT-FOR-US: McGallery +CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) + NOT-FOR-US: McGallery +CVE-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...) + NOT-FOR-US: Bitrix Site Manager +CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Bitrix Site Manager +CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) + NOT-FOR-US: Finjan SurfinGate +CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) + {DSA-735-2 DSA-735-1} + - sudo 1.6.8p9-1 (bug #315718; bug #315115; medium) +CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) + {DSA-748-1} + - ruby1.8 1.8.2-8 (bug #315064; medium) + - ruby1.9 1.9.0+20050623-1 (bug #315064; medium) +CVE-2005-1991 + RESERVED +CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...) + NOT-FOR-US: MSIE +CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) + NOT-FOR-US: MSIE +CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) + NOT-FOR-US: MSIE +CVE-2005-1987 (Collaboration Data Objects (CDO), as used in Microsoft Windows and ...) + NOT-FOR-US: Microsoft +CVE-2005-1986 + RESERVED +CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...) + NOT-FOR-US: Microsoft +CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...) + NOT-FOR-US: Spoolsv.exe +CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...) + NOT-FOR-US: Microsoft +CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...) + NOT-FOR-US: Microsoft +CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...) + NOT-FOR-US: Microsoft +CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...) + NOT-FOR-US: Microsoft +CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...) + NOT-FOR-US: Microsoft +CVE-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory ...) + NOT-FOR-US: Microsoft +CVE-2005-1977 + RESERVED +CVE-2005-1976 + RESERVED +CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) + NOT-FOR-US: Annuaire +CVE-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) + NOT-FOR-US: Sun Java +CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) + NOT-FOR-US: Sun Java +CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) + NOT-FOR-US: InteractivePHP FusionBB +CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) + NOT-FOR-US: InteractivePHP FusionBB +CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...) + NOT-FOR-US: pcAnywhere +CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...) + NOT-FOR-US: Pragma Telnetserver +CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...) + NOT-FOR-US: ProductCart Ecommerce +CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) + NOT-FOR-US: ProductCart Ecommerce +CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) + NOT-FOR-US: e107 +CVE-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...) + NOT-FOR-US: Broadpool Siteframe +CVE-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...) + NOT-FOR-US: Ovidentia Portal +CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: Cerberus Helpdesk +CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...) + NOT-FOR-US: Cerberus Helpdesk +CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...) + NOT-FOR-US: C-JDBC +CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...) + NOT-FOR-US: C.J. Steele Tattle +CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) + NOT-FOR-US: JamMail +CVE-2005-1958 + REJECTED + NOTE: see CVE-2005-1855 +CVE-2005-1957 (File Upload Manager does not properly check user authentication for ...) + NOT-FOR-US: File Upload Manager +CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) + NOT-FOR-US: File Upload Manager +CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) + NOT-FOR-US: singapore +CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: singapore +CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...) + NOT-FOR-US: Pico Server +CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...) + NOT-FOR-US: Pico Server +CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...) + NOT-FOR-US: osCommerce +CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Webhints +CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...) + NOT-FOR-US: e107 +CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...) + NOT-FOR-US: Invision Gallery +CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...) + NOT-FOR-US: Invision Gallery +CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...) + NOT-FOR-US: Invision Blog +CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) + NOT-FOR-US: Invision Blog +CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...) + NOT-FOR-US: xmysqladmin +CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) + NOT-FOR-US: Loki download manager +CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) + NOT-FOR-US: Cisco hardware issue +CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) + NOT-FOR-US: SilverCity +CVE-2005-1940 + RESERVED +CVE-2005-1939 + RESERVED +CVE-2005-1938 + REJECTED +CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) + {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} + - mozilla-firefox 1.0.4-2sarge3 (medium) + - mozilla 2:1.7.8-1sarge1 (medium) +CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) + NOT-FOR-US: Xerox hardware issue +CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) + NOT-FOR-US: Microsoft +CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) + NOT-FOR-US: Apple +CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) + {DSA-734-1} + - gaim 1:1.3.1-1 (bug #315356; low) +CVE-2005-1930 + RESERVED +CVE-2005-1929 + RESERVED +CVE-2005-1928 + RESERVED +CVE-2005-1927 + RESERVED +CVE-2005-1926 + RESERVED +CVE-2005-1925 + RESERVED +CVE-2005-1924 + RESERVED +CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) + {DSA-737-1 DTSA-3-1} + - clamav 0.86.1 (bug #316401; bug #316462; medium) +CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...) + {DSA-737-1 DTSA-3-1} + - clamav 0.86.1-1 (low) +CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...) + {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1} + - serendipity <itp> (bug #312413) + - drupal 4.5.4-1 (high; bug #316362) + - phpgroupware 0.9.16.006-1 (high) + - egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high) + - phpwiki 1.3.7-4 (bug #316714; high) + - php4 4:4.3.10-16 (high; bug #316447) + NOTE: horde3 is not affected by this issue, they ship different XMLRPC code +CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...) + {DSA-804-1} + - kdelibs 4:3.4.2-1 (bug #319016; medium) +CVE-2005-1919 + RESERVED +CVE-2005-1918 + RESERVED +CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...) + NOT-FOR-US: kpopper + NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one +CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...) + {DSA-760-1 DTSA-4-1} + - ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low) +CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...) + NOT-FOR-US: log4sh +CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...) + {DSA-754-1 DTSA-2-1} + - centericq 4.20.0-7 (medium) +CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...) + {DTSA-16-1} + - linux-2.6 2.6.12-1 (medium) + - kernel-source-2.6.11 2.6.11-6 (medium) +CVE-2005-1912 + REJECTED +CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) + - leafnode 1.11.3.rel-1 (low) +CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) + NOT-FOR-US: WWWeb Concepts Events System +CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) + NOT-FOR-US: 602LAN SUITE +CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) + NOT-FOR-US: Perception LiteWeb +CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) + NOT-FOR-US: Microsoft +CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) + NOT-FOR-US: livingmailing +CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) + NOT-FOR-US: Kaspersky +CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) + NOT-FOR-US: JiRo's Upload Systems +CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) + NOT-FOR-US: SPA-PRO Mail +CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) + NOT-FOR-US: SPA-PRO Mail +CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) + NOT-FOR-US: Sawmill +CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...) + NOT-FOR-US: Sawmill +CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) + NOT-FOR-US: RakNet +CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) + NOT-FOR-US: phpThumb +CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) + NOT-FOR-US: FlexCast +CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) + NOT-FOR-US: FlatNuke +CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) + NOT-FOR-US: FlatNuke +CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) + NOT-FOR-US: FlatNuke +CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: FlatNuke +CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) + NOT-FOR-US: FlatNuke +CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) + NOT-FOR-US: Mortiforo +CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) + NOT-FOR-US: Sun ONE +CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) + NOT-FOR-US: Solaris +CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) + NOT-FOR-US: YaPiG +CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) + NOT-FOR-US: YaPiG +CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) + NOT-FOR-US: YaPiG +CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) + NOT-FOR-US: YaPiG +CVE-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) + NOT-FOR-US: YaPiG +CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) + NOT-FOR-US: YaPiG +CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) + NOT-FOR-US: everybuddy +CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) + NOT-FOR-US: LutelWall +CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) + NOT-FOR-US: GIPTables +CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) + NOT-FOR-US: Lpanel +CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) + NOT-FOR-US: CuteNews +CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) + NOT-FOR-US: Exhibit Engine +CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) + NOT-FOR-US: Dzip +CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) + NOT-FOR-US: Crob +CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) + NOT-FOR-US: WebSphere +CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) + - drupal 4.5.3-1 +CVE-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) + NOT-FOR-US: Popper +CVE-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) + NOT-FOR-US: MWChat +CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) + NOT-FOR-US: I-Man +CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) + NOT-FOR-US: Symantec +CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) + NOT-FOR-US: Calendarix +CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) + NOT-FOR-US: Calendarix +CVE-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) + NOT-FOR-US: Calendarix +CVE-2005-1863 + RESERVED +CVE-2005-1862 + RESERVED +CVE-2005-1861 + RESERVED +CVE-2005-1860 + RESERVED +CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...) + NOT-FOR-US: arshell +CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...) + {DSA-786-1} + TODO: check +CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...) + {DSA-787-1} + - backup-manager 0.5.8-2 (bug #315582; low) +CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...) + {DSA-787-1} + - backup-manager 0.5.8-2 (medium) +CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...) + {DSA-772-1} + TODO: check +CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...) + {DSA-770-1} + - gopher 3.0.8 (low) +CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...) + {DSA-767-1 DTSA-4-1} + NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when + NOTE: no shared lib version is found. As the Debian package has a dependency on + NOTE: it the maintainer does not intent to fix it, see # 319443 + - ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium) +CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...) + {DSA-760-1 DTSA-4-1} + - ekg 1:1.5+20050712+1.6rc2-1 (low) +CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...) + {DSA-760-1 DTSA-4-1} + - ekg 1:1.5+20050712+1.6rc2-1 (low) +CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...) + {DSA-797-2 DSA-797-1 DSA-763-1} + NOTE: This is only contrib code not built in the binary packages AFAIK + - zlib 1:1.2.3-1 (low) +CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...) + {DSA-750-1} + - dhcpcd 1:1.3.22pl4-22 (medium) +CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) + NOT-FOR-US: YaMT +CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) + NOT-FOR-US: YaMT +CVE-2005-1845 + RESERVED +CVE-2005-1844 + RESERVED +CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) + NOT-FOR-US: Windows +CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) + NOT-FOR-US: Windows +CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...) + NOT-FOR-US: acroread +CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...) + {DSA-744-1} + - fuse 2.3.0-1 +CVE-2005-2349 [Directory traversal in zoo] + RESERVED + - zoo 2.10-4 (low; bug #309594) +CVE-2005-2350 [Cross Site Scripting in websieve] + RESERVED + - websieve <unfixed> (bug #311838; low) + NOTE: second half of bug suggets lack of escaping of user data + NOTE: could be used to compromise program somehow + NOTE: that is not covered by the CAN though due to vagueness +CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) + NOT-FOR-US: phpCMS +CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) + NOT-FOR-US: Liberum +CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) + NOT-FOR-US: Liberum +CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...) + NOT-FOR-US: Fortinet firewall +CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) + NOT-FOR-US: NEXTWEB +CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) + NOT-FOR-US: NEXTWEB +CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) + NOT-FOR-US: NEXTWEB +CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) + NOT-FOR-US: MyBB +CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) + NOT-FOR-US: MyBB +CVE-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) + NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such + NOTE: behaviour, seems like a broken PAM setup on the submitter's side +CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) + NOT-FOR-US: SoftICE +CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) + NOT-FOR-US: Microsoft +CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) + NOT-FOR-US: D-Link hardware issue +CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) + NOT-FOR-US: D-Link hardware issue +CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) + NOT-FOR-US: HP Radia +CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) + NOT-FOR-US: HP Radia +CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) + - mailutils 1:0.6.1-2 +CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) + NOT-FOR-US: Qualiteam X-Cart +CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) + NOT-FOR-US: Qualiteam X-Cart +CVE-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) + NOT-FOR-US: PowerDownload +CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) + NOT-FOR-US: Zeroboard +CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) + NOT-FOR-US: NikoSoft WebMail +CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) + NOT-FOR-US: NewLife Blogger +CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) + NOT-FOR-US: Invision Power Board +CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) + NOT-FOR-US: Invision Power Board +CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) + NOT-FOR-US: Hummingbird Connectivity +CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) + NOT-FOR-US: PicoWebServer +CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) + NOT-FOR-US: FutureSoft TFTP Server +CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) + NOT-FOR-US: FutureSoft TFTP Server +CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) + NOT-FOR-US: MyBB +CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) + NOTE: Not in Sarge + - wordpress 1.5.1.2-1 +CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) + NOT-FOR-US: Sony hardware issue +CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) + NOT-FOR-US: Stronghold game +CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) + NOT-FOR-US: PHPMailer +CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) + NOT-FOR-US: PeerCast +CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) + NOT-FOR-US: Online Solutions for Educators +CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) + NOT-FOR-US: Net Portal Dynamic System +CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) + NOT-FOR-US: Net Portal Dynamic System +CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) + NOT-FOR-US: Nortel hardware +CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) + NOT-FOR-US: Nokia hardware +CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) + NOT-FOR-US: Jaws glossary gadget +CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) + NOT-FOR-US: FreeStyle Wiki +CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) + NOT-FOR-US: ServersCheck +CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) + NOTE: Cryptographic attack on AES, cannot be fixed +CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) + {DSA-749-1} + - ettercap 1:0.7.1-1.1 (bug #311615) +CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) + NOT-FOR-US: ClamAV on Mac OS X +CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) + NOT-FOR-US: Microsoft +CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) + NOT-FOR-US: Microsoft +CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) + NOT-FOR-US: Microsoft +CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) + NOT-FOR-US: Microsoft +CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) + NOT-FOR-US: Microsoft +CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) + NOT-FOR-US: India Software Solution shopping cart +CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) + NOT-FOR-US: Hosting Controller +CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) + NOT-FOR-US: phpStat +CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) + NOT-FOR-US: FunkyASP +CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) + NOT-FOR-US: ZonGG +CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) + NOT-FOR-US: Hosting Controller +CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) + NOT-FOR-US: BookReview +CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) + NOT-FOR-US: BookReview +CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) + NOT-FOR-US: MailEnable +CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) + NOT-FOR-US: Active News Manager +CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) + NOT-FOR-US: MaxWebPortal +CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) + NOT-FOR-US: PostNuke +CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) + NOT-FOR-US: PostNuke +CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) + NOT-FOR-US: C'Nedra +CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) + NOT-FOR-US: Terminator game +CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) + - davfs2 0.2.4-1 (bug #310757; medium) +CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) + NOT-FOR-US: Listserv +CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) + NOT-FOR-US: Terminator game +CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) + NOT-FOR-US: HPUX +CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) + NOT-FOR-US: Avast +CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) + {DSA-756-1} + - squirrelmail 2:1.4.4-6 (bug #314374; medium) +CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...) + - kernel-source-2.4.27 2.4.27-11 (medium; bug #319629) +CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...) + NOTE: linux-2.6 not affected (already fixed) + TODO: Add which revision was that fixed? + - kernel-source-2.4.27 2.4.27-11 (unknown) +CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) + {DSA-826-1} + - helix-player 1.0.5-1 (bug #316276; high) + NOTE: Helix Player is affected according to: + NOTE: <http://service.real.com/help/faq/security/050623_player/EN/> +CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) + {DTSA-16-1} + - kernel-source-2.6.8 2.6.8-17 + - kernel-source-2.6.8 2.6.8-16sarge1 + - linux-2.6 2.6.12-1 (medium) + NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12 + NOTE: 2.6 only, not in 2.4 +CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...) + NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell +CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) + - kernel-source-2.6.8 2.6.8-17 + - linux-2.6 2.6.12-1 + NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5) +CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...) + {DTSA-16-1} + - linux-2.6 2.6.12-1 (medium) + NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5) + - kernel-source-2.6.8 2.6.8-17 + - kernel-source-2.4.27 2.4.27-11 +CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...) + {DTSA-16-1} + - linux-2.6 2.6.12-1 (medium) + - kernel-source-2.6.11 2.6.11-6 (medium) + - kernel-source-2.6.8 2.6.8-17 + - kernel-source-2.4.27 <unfixed> (low) +CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) + NOT-FOR-US: sysreport +CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) + - shtool 2.0.1-2 (low) + - mysql-ocaml 1.0.3-6 (low) + - php4 4:4.4.0-1 (low) + NOTE: the patch applied to NMU #311206 fixes both CVE-2005-1759 and CVE-2005-1751 +CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) + NOT-FOR-US: Novell +CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) + NOT-FOR-US: Novell +CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) + NOT-FOR-US: Novell +CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) + {DSA-789-1 DTSA-15-1} + - shtool 2.0.1-2 (bug #311206; low) + - mysql-ocaml 1.0.3-6 (bug #314464; low) + - php4 4:4.3.10-16 (low) + NOTE: the patch applied to NMU #311206 fixes both CVE-2005-1759 and CVE-2005-1751 +CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php] + - moodle 1.4.4.dfsg.1-3 +CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles] + RESERVED + - mutt <unfixed> (bug #311296; low) +CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php] + NOTE: viewFile.php has been removed along with other files in -26, so Debian is + NOTE: no longer affected. + - gforge 3.1-26 +CVE-2005-XXXX [osh buffer overflow] + - osh 1.7-13 (bug #311369) +CVE-2005-XXXX [xile buffer overrun in terminal code] + - zile 2.0.4-2 +CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...) + NOT-FOR-US: ezwdc NewsletterEz +CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...) + NOT-FOR-US: Halo +CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) + NOTE: fixproc not installed in Debian package +CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) + - imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812) +CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...) + NOT-FOR-US: Iron Bars Shell +CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) + NOT-FOR-US: PROMS +CVE-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) + NOT-FOR-US: PROMS +CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...) + NOT-FOR-US: PROMS +CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...) + NOT-FOR-US: PROMS +CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...) + NOT-FOR-US: Cookie Cart +CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) + NOT-FOR-US: Cookie Cart +CVE-2005-1731 + RESERVED +CVE-2005-1730 + RESERVED +CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Novell +CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) + NOT-FOR-US: Apple +CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) + NOT-FOR-US: Apple +CVE-2005-1726 + RESERVED +CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...) + NOT-FOR-US: Apple +CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...) + NOT-FOR-US: Apple +CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) + NOT-FOR-US: Apple +CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...) + NOT-FOR-US: Apple +CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) + NOT-FOR-US: Apple +CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) + NOT-FOR-US: Apple +CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) + NOT-FOR-US: avast! antivirus +CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) + NOT-FOR-US: War Times +CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...) + NOT-FOR-US: Zyxel hardware +CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...) + NOT-FOR-US: TOPo +CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...) + NOT-FOR-US: TOPo +CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...) + NOT-FOR-US: SurgeMail +CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) + NOT-FOR-US: Serendipity +CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...) + NOT-FOR-US: Serendipity +CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...) + NOT-FOR-US: Gibraltar Firewall + TODO: check, whether gibraltar-bootcd is in any way related/affected +CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...) + NOT-FOR-US: Blue Coat +CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) + NOT-FOR-US: Blue Coat +CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...) + NOT-FOR-US: Blue Coat +CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) + NOT-FOR-US: Gentoo +CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) + - mailscanner <unfixed> (bug #310774; low) +CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) + - gdb 6.3-6 +CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) + - gdb 6.3-6 +CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) + NOT-FOR-US: Warrior Kings: Battles +CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) + NOT-FOR-US: Warrior Kings: Battles +CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) + NOT-FOR-US: PortailPHP +CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...) + NOT-FOR-US: PostNuke +CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...) + NOT-FOR-US: PostNuke +CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...) + NOT-FOR-US: PostNuke +CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...) + NOT-FOR-US: PostNuke +CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) + NOT-FOR-US: PostNuke +CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) + NOT-FOR-US: PostNuke +CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...) + NOT-FOR-US: PostNuke +CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) + NOT-FOR-US: CA Antivirus +CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...) + - gxine 0.4.7-0.1 (bug #310712; medium) +CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...) + NOT-FOR-US: SAP +CVE-2005-1690 + REJECTED +CVE-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...) + {DSA-757-1} + - krb5 1.3.6-4 (medium) +CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) + NOTE: Removed from Sarge due to intransparent handling of security issues by upstream + - wordpress 1.5.1-1 +CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) + NOTE: Removed from Sarge due to intransparent handling of security issues by upstream + - wordpress 1.5.1-1 +CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) + {DSA-753-1} + NOTE: Only exploitable under rare circumstances + - gedit 2.10.3-1 (low) +CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) + NOT-FOR-US: episodex +CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) + NOT-FOR-US: episodex +CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...) + NOT-FOR-US: Solstice Internet Mail Server +CVE-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...) + NOT-FOR-US: phpATM +CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...) + NOT-FOR-US: D-Link hardware +CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) + - picasm 1.12c-1 +CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) + NOT-FOR-US: Groove +CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) + NOT-FOR-US: Groove +CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...) + NOT-FOR-US: Groove +CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) + NOT-FOR-US: Groove +CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...) + NOT-FOR-US: Help Center Live +CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...) + NOT-FOR-US: Help Center Live +CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...) + NOT-FOR-US: Help Center Live +CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...) + NOT-FOR-US: Yahoo Messenger +CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) + NOT-FOR-US: Extreme BlackDiamond hardware +CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) + NOT-FOR-US: Opera +CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) + NOT-FOR-US: YusASP Web Asset Manager +CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) + NOT-FOR-US: DataTrac Activity Console +CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...) + NOT-FOR-US: Orenosv +CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...) + NOT-FOR-US: Microsoft +CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...) + NOT-FOR-US: Microsoft +CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...) + NOT-FOR-US: Jeuce Personal Web Server +CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...) + NOT-FOR-US: Jeuce Personal Web Server +CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...) + NOT-FOR-US: Jeuce Personal Web Server +CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...) + NOT-FOR-US: EZGuestbook +CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...) + NOT-FOR-US: MyServer +CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...) + NOT-FOR-US: MyServer +CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) + NOT-FOR-US: Mercur Messaging +CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...) + NOT-FOR-US: Mercur Messaging +CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...) + NOT-FOR-US: AOL Instant Messenger +CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) + NOT-FOR-US: Hosting Controller +CVE-2005-XXXX [Two DoS condition in ekg] + - ekg 1:1.5+20050411-3 +CVE-2005-XXXX [lcrash affected by libbfd integer overflows] + - lcrash 7.0.0.pre.cvs.20050322-3 +CVE-2005-XXXX [Multiple security problems in lbreakout2] + - lbreakout2 2.5.2-2 +CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) + NOT-FOR-US: Woppoware +CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) + NOT-FOR-US: Woppoware +CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) + NOT-FOR-US: Woppoware +CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) + NOT-FOR-US: Woppoware +CVE-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) + NOT-FOR-US: Windows +CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) + NOT-FOR-US: GASoft +CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) + NOT-FOR-US: GASoft +CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) + NOT-FOR-US: Fastream NETFile +CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) + NOT-FOR-US: Keyvan1 Gallery +CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) + NOT-FOR-US: Livre d'Or +CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) + NOT-FOR-US: Zoidcom +CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) + NOT-FOR-US: Woltlab Burning Board +CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) + NOT-FOR-US: Ignition Project +CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) + NOT-FOR-US: Ignition Project +CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) + NOT-FOR-US: Sigma +CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) + NOT-FOR-US: SafeHTML +CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) + NOT-FOR-US: NPDS +CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...) + {DSA-783-1} + - mysql-dfsg 4.0.12-2 (bug #319526; low) +CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) + NOT-FOR-US: JGS-Portal +CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) + NOT-FOR-US: JGS-Portal +CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) + NOT-FOR-US: JGS-Portal +CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) + - cheetah 0.9.16-1 + NOTE: testing approval is waiting on verification that the fix works. + NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html +CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) + NOT-FOR-US: Booby +CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) + NOT-FOR-US: phpbb attachment mod +CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) + NOT-FOR-US: Photopost +CVE-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...) + NOT-FOR-US: WebAPP +CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) + NOTE: The 1.x version in Sarge and sid is not vulnerable +CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) + NOT-FOR-US: Pico Server +CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...) + NOT-FOR-US: Acrobat Reader +CVE-2005-1624 + RESERVED +CVE-2005-1623 + RESERVED +CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) + NOT-FOR-US: MetaCart +CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) + NOT-FOR-US: Postnuke mod +CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) + NOT-FOR-US: Skull-Splitter Guestbook +CVE-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...) + NOT-FOR-US: PHPMyChat +CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) + NOT-FOR-US: Yahoo Messenger +CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) + NOT-FOR-US: Willings WebCAM +CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) + NOT-FOR-US: Ultimate PHP Board +CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...) + NOT-FOR-US: OpenBB +CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...) + NOT-FOR-US: OpenBB +CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...) + NOT-FOR-US: Web Crossing +CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) + NOT-FOR-US: Tru-Zone NukeET +CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) + NOT-FOR-US: Sun StorEdge 6130 Arrays +CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...) + NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke +CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...) + NOT-FOR-US: Remote Cart +CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) + NOT-FOR-US: H-Sphere Winbox +CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...) + NOT-FOR-US: guestbook for SiteStudio +CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) + NOT-FOR-US: phpATM +CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...) + NOT-FOR-US: NiteEnterprises Remote File Manager +CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) + NOT-FOR-US: Net56 Browser Based File Manager +CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...) + NOT-FOR-US: MRO Maximo Self Service +CVE-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) + NOT-FOR-US: LibTomCrypt +CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...) + NOT-FOR-US: Kryloff Technologies Subject Search Server +CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...) + NOT-FOR-US: Invision Power Board +CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...) + NOT-FOR-US: Invision Power Board +CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...) + NOT-FOR-US: Fusion SBX +CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...) + NOT-FOR-US: CodeThat ShoppingCart +CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...) + NOT-FOR-US: CodeThat ShoppingCart +CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...) + NOT-FOR-US: CodeThat ShoppingCart +CVE-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...) + NOT-FOR-US: BirdBlog +CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...) + NOT-FOR-US: Solaris +CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...) + NOT-FOR-US: Altiris Client Service for Windows +CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] + - clamav 0.85.1-1 +CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] + - xfree86 4.3.0.dfsg.1-14 (bug #308783) + NOTE: Actually affected package is libxpm4. + NOTE: x11-xorg is not affected (inspected the Subversion tree). +CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...) + NOTE: According to Horms from kernel team 2.6.8 not affected + - kernel-source-2.6.11 2.6.11-5 +CVE-2005-1588 (** DISPUTED ** ...) + NOT-FOR-US: Quick.cart +CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...) + NOT-FOR-US: Quick.cart +CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...) + NOT-FOR-US: Quick.Forum +CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...) + NOT-FOR-US: Quick.Forum +CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) + NOT-FOR-US: Quick.Forum +CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...) + NOT-FOR-US: 1Two News +CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...) + NOT-FOR-US: 1Two News +CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...) + NOT-FOR-US: bug_list.php +CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) + NOT-FOR-US: BoastMachine +CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) + NOT-FOR-US: Apple +CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...) + NOT-FOR-US: EnCase +CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...) + NOT-FOR-US: APG Classmaster +CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) + NOTE: appears windows specific +CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) + NOTE: appears windows specific +CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...) + NOT-FOR-US: Windows +CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...) + NOT-FOR-US: ASP Virtual News Manager +CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: ShowOff +CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...) + NOT-FOR-US: ShowOff +CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...) + NOTE: for-for-us (bttlxeForum) +CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...) + NOT-FOR-US: DirectTopics +CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...) + NOT-FOR-US: DirectTopics +CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...) + NOT-FOR-US: DirectTopics +CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) + NOT-FOR-US: Acrowave AAP-3100AR wireless router +CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) + - bugzilla 2.18-7 (bug #308789; medium) + NOTE: only affects sid +CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) + - bugzilla 2.16.7-7sarge1 +CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...) + - bugzilla 2.16.7-7sarge1 +CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...) + NOT-FOR-US: MaxWebPortal +CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) + NOT-FOR-US: MaxWebPortal +CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) + NOT-FOR-US: Nexusway +CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) + NOT-FOR-US: Nexusway +CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...) + NOT-FOR-US: Nexusway +CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...) + NOT-FOR-US: WebApp Guestbook PRO +CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...) + NOT-FOR-US: Gamespy cd-key validation system +CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) + NOT-FOR-US: JRun +CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) + NOT-FOR-US: WowBB +CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) + NOT-FOR-US: GeoVision Digital Video Surveillance System +CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...) + NOT-FOR-US: GeoVision Digital Video Surveillance System +CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...) + NOT-FOR-US: Sophos Anti-Virus +CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...) + NOT-FOR-US: easy message board +CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) + NOT-FOR-US: easy message board +CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...) + NOT-FOR-US: Advanced Guestbook +CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) + NOT-FOR-US: Bakbone Netvault +CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) + {DSA-743-1} + - ht 0.8.0-2 (bug #308587) +CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) + {DSA-743-1} + - ht 0.8.0-3 (bug #308587) +CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...) + {DSA-755-1} + NOTE: CVE info about vulnerable version number is bogus + - tiff 3.7.2-3 (bug #309739) + NOTE: tiff3g not in testing +CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) + NOT-FOR-US: Novell Zenworks +CVE-2005-1542 + RESERVED +CVE-2005-1541 + RESERVED +CVE-2005-1540 + RESERVED +CVE-2005-1539 + RESERVED +CVE-2005-1538 + RESERVED +CVE-2005-1537 + RESERVED +CVE-2005-1536 + RESERVED +CVE-2005-1535 + RESERVED +CVE-2005-1534 + RESERVED +CVE-2005-1533 + RESERVED +CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) + {DSA-781-1} + - mozilla-firefox 1.0.4 + - mozilla 2:1.7.8 + - mozilla-thunderbird 1.0.6-1 (bug #318728; high) +CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) + - mozilla-firefox 1.0.4 + - mozilla 2:1.7.8 +CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, ...) + NOT-FOR-US: Sophos +CVE-2005-1529 + RESERVED +CVE-2005-1528 + RESERVED +CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...) + - awstats 6.4-1.1 (bug #322591; medium) +CVE-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...) + {DSA-764-1} + - cacti 0.8.6e-1 (bug #315703; high) +CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) + {DSA-764-1} + - cacti 0.8.6e-1 (bug #315703; high) +CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...) + {DSA-764-1} + - cacti 0.8.6e-1 (bug #315703; high) +CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) + {DSA-732-1} + - mailutils 1:0.6.1-3 +CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...) + {DSA-732-1} + - mailutils 1:0.6.1-3 +CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...) + {DSA-732-1} + - mailutils 1:0.6.1-3 +CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...) + {DSA-732-1} + - mailutils 1:0.6.1-3 +CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) + {DSA-751-1} + - squid 2.5.9-9 (bug #309504) +CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...) + NOT-FOR-US: Solaris +CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...) + NOT-FOR-US: Cisco +CVE-2005-XXXX [Buffer overflow in libotr] + - libotr 2.0.2-1 +CVE-2005-XXXX [vpnc: config file path security hole] + NOTE: no bug ever filed for this + - vpnc 0.3.2+SVN20050326-2 +CVE-2005-XXXX [Several buffer overflows in termpkg] + NOTE: Not in Sarge + - termpkg 3.3-2 +CVE-2005-XXXX [Integer overflow in binutils' ELF parsing] + NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's + NOTE: already fixed since 2.15-6 + - binutils 2.15-6 +CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] + - kmd 0.9.19-1.1 +CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] + NOTE: Source package has been renamed from unrar to unrar-free + - unrar-free 1:0.0.1-2 +CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) + NOT-FOR-US: PwsPHP +CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...) + NOT-FOR-US: PwsPHP +CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: PwsPHP +CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...) + NOT-FOR-US: PwsPHP +CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...) + NOT-FOR-US: PwsPHP +CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) + NOT-FOR-US: WebSTAR +CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...) + NOT-FOR-US: CJ Ultra Plus +CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...) + NOT-FOR-US: MacOS +CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...) + NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit +CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...) + NOT-FOR-US: MidiCart +CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...) + NOT-FOR-US: MidiCart +CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...) + NOT-FOR-US: MidiCart +CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...) + NOT-FOR-US: myBloggie +CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...) + NOT-FOR-US: myBloggie +CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...) + NOT-FOR-US: myBloggie +CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...) + NOT-FOR-US: myBloggie +CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...) + NOT-FOR-US: Oracle +CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...) + NOT-FOR-US: Oracle +CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...) + NOT-FOR-US: MegaBook +CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...) + NOT-FOR-US: SimpleCam +CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...) + NOT-FOR-US: Gossamer Threads Links +CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...) + NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 +CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...) + NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 +CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...) + NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 +CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...) + NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 +CVE-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...) + NOT-FOR-US: FishCart +CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...) + NOT-FOR-US: FishCart +CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...) + NOT-FOR-US: Golden FTP Server Pro +CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) + NOT-FOR-US: Golden FTP Server Pro +CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...) + NOT-FOR-US: ArticleLive +CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...) + NOT-FOR-US: ArticleLive +CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...) + NOT-FOR-US: ASP Inline Corporate Calendar +CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...) + NOT-FOR-US: RaidenFTPD +CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...) + NOT-FOR-US: JGS-Portal +CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...) + NOT-FOR-US: DMail +CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...) + NOT-FOR-US: DMail +CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...) + NOTE: not in testing + NOTE: non-free + NOTE: minor issues + - qmail-src 1.03-38 +CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...) + - qmail-src 1.03-38 +CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...) + - qmail-src 1.03-38 +CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) + - mozilla-firefox 1.0.4-1 +CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) + - mozilla-firefox 1.0.4-1 + TODO: check mozilla too +CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) + NOT-FOR-US: Opera +CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) + NOT-FOR-US: Apple +CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) + NOT-FOR-US: Apple +CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) + NOT-FOR-US: Apple +CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) + NOT-FOR-US: RSA SecurID Web Agent +CVE-2005-XXXX [race condition with a buffered temp file] + NOTE: no bug ever filed for this one + - pysvn 1.1.2-3 +CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] + - mailutils 1:0.6.1-2 +CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] + - maradns 1.0.27-1 +CVE-2005-2352 [Temp file races in gs-gpl addons scripts] + RESERVED + - gs-gpl <unfixed> (bug #291373; low) +CVE-2005-XXXX [Possible SQL injection in freeradius] + - freeradius 1.0.2-4 +CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...) + - mozilla-thunderbird 1.0.6-1 (bug #306893; low) +CVE-2005-XXXX [Directory traversal in unzoo] + - unzoo 4.4-4 +CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] + - syslog-ng 1.6.5-2.1 +CVE-2005-XXXX [trackballs: Follows symlinks as gid games] + - trackballs <unfixed> (bug #302454; medium) + NOTE: CVE request sent to mitre + TODO: check possibility of exploitation via scripting language, + TODO: as mentioned in the bug report as a separate issue +CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it] + - pwgen 2.04-1 +CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber] + - gabber <unfixed> (bug #177776; low) +CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...) + - ethereal 0.10.10-2sarge2 +CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...) + - freeradius 1.0.2-4 +CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...) + - freeradius 1.0.2-4 +CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...) + - leafnode 1.11.2.rel-1 +CVE-2005-XXXX [Missing input validation in xtradius] + NOTE: not shipped in deb + - xtradius 1.2.1-beta2-2 (bug #307796; low) +CVE-2005-XXXX [fai tempfile vulnerability] + - fai 2.8.2 +CVE-2005-2354 [nvu uses old copy of mozilla xpcom] + RESERVED + NOTE: have not checked to see which security holes are in it exactly + NOTE: Has been removed from Sarge + - nvu <unfixed> (bug #306822; medium) +CVE-2005-XXXX [eskuel: arbitrary file retreiving] + - eskuel 1.0.5-3.1 (bug #307270; low) +CVE-2005-2356 [eskuel: No authentication at all] + RESERVED + - eskuel <unfixed> (bug #163653; low) +CVE-2005-XXXX [Buffer overflow in elog's header buffer] + - elog 2.5.7+r1558-3 +CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] + - ipsec-tools 1:0.5.2-1 +CVE-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...) + NOT-FOR-US: Serendipity +CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) + NOT-FOR-US: Serendipity +CVE-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) + NOT-FOR-US: Serendipity +CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...) + NOT-FOR-US: Serendipity +CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) + NOT-FOR-US: Serendipity +CVE-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...) + NOT-FOR-US: SitePanel +CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) + NOT-FOR-US: SitePanel +CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...) + NOT-FOR-US: SitePanel +CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) + NOT-FOR-US: SitePanel +CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) + NOT-FOR-US: Invision Power Board +CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) + NOT-FOR-US: Lotus Domino +CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...) + NOT-FOR-US: Lotus Domino +CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...) + NOT-FOR-US: ViArt Shop +CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) + NOT-FOR-US: osTicket +CVE-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...) + NOT-FOR-US: osTicket +CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) + NOT-FOR-US: osTicket +CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) + NOT-FOR-US: osTicket +CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...) + NOTE: Was once part of Debian, but has been removed +CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) + NOT-FOR-US: HP OpenView +CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...) + NOT-FOR-US: HP OpenView +CVE-2005-1432 + RESERVED +CVE-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) + - gnutls11 1.0.16-13.1 (bug #309111; bug #307641) +CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) + NOT-FOR-US: Mac OS X +CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) + NOT-FOR-US: WWWguestbook +CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) + NOT-FOR-US: Uapplication Uphotogallery +CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) + NOT-FOR-US: Uapplication Uphotogallery +CVE-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...) + NOT-FOR-US: Uapplication Ublog +CVE-2005-1425 (Uapplication Uguestbook stores the database under the web document ...) + NOT-FOR-US: Uapplication Uguestbook +CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) + NOT-FOR-US: GoText +CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) + NOT-FOR-US: 602 LAN SUITE +CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) + NOT-FOR-US: Raysoft Video Cam Server +CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) + NOT-FOR-US: Raysoft Video Cam Server +CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) + NOT-FOR-US: Raysoft Video Cam Server +CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...) + NOT-FOR-US: Ocean12 Mailing list manager +CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) + NOT-FOR-US: Netleaf +CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) + NOT-FOR-US: MaxWebPortal +CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...) + NOT-FOR-US: 04WebServer +CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...) + NOT-FOR-US: GlobalSCAPE Secure FTP Server +CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...) + NOT-FOR-US: FilePocket +CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...) + NOT-FOR-US: enVivo +CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...) + NOT-FOR-US: ECommPro +CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...) + NOT-FOR-US: ICUII +CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...) + - postgresql 7.4.7-6 +CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) + - postgresql 7.4.7-6 +CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) + NOT-FOR-US: Apple +CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) + NOT-FOR-US: Skype +CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) + - kfreebsd5-source 5.3-10 +CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) + NOT-FOR-US: Lotus Domino +CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) + NOT-FOR-US: MyPHP Forum +CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...) + NOT-FOR-US: JW Amazon Web Store +CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) + NOT-FOR-US: NeL libarary +CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) + NOT-FOR-US: Mtp-Target +CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...) + - kfreebsd5-source 5.3-10 +CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...) + - kfreebsd5-source 5.3-10 +CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) + NOT-FOR-US: PHPCart +CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) + NOT-FOR-US: PHPCalender +CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) + NOT-FOR-US: ARPUS Ceterm +CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) + NOT-FOR-US: ARPUS Ceterm +CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) + NOT-FOR-US: ArcGIS +CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) + NOT-FOR-US: ArcGIS +CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) + NOTE: In Debian this is only part of the examples in share/doc, any admin will + NOTE: have to modify it for his purposes anyway, so there's no security problem +CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) + - pound 1.8.2-1.1 (bug #307852; bug #311548; medium) +CVE-2005-1390 + REJECTED +CVE-2005-1389 + REJECTED +CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) + NOT-FOR-US: SURVIVOR +CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) + NOT-FOR-US: Mac OS X +CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Safari +CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) + NOT-FOR-US: phpCoin +CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) + NOT-FOR-US: Oracle +CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) + NOT-FOR-US: Oracle +CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) + NOT-FOR-US: Oracle +CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) + NOT-FOR-US: BEA Weblogic +CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) + NOT-FOR-US: Mandrake specific packaging flaw +CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) + NOT-FOR-US: phpbb mod +CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...) + NOT-FOR-US: Claroline +CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) + NOT-FOR-US: Claroline +CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...) + NOT-FOR-US: Claroline +CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...) + NOT-FOR-US: Claroline +CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) + NOT-FOR-US: Koobi CMS +CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) + NOT-FOR-US: NetVault +CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) + NOT-FOR-US: NetVault +CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) + NOT-FOR-US: HP OpenView +CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) + NOTE: does not affect 2.4.27 per horms + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.6.11 2.6.11-4 +CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) + NOTE: does not affect 2.6.8, 2.4.27 per horms + - kernel-source-2.6.11 2.6.11-4 +CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) + NOT-FOR-US: pServ +CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) + NOT-FOR-US: pServ +CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) + NOT-FOR-US: pServ +CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd] + NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8) +CVE-2005-XXXX [Insecure tempfile generation in shadow's vipw] + NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u + - shadow 1:4.0.3-33 +CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...) + NOT-FOR-US: MetaBid Auctions +CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...) + NOT-FOR-US: MetaCart +CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...) + NOT-FOR-US: MetaCart +CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...) + NOT-FOR-US: MetaCart +CVE-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...) + NOT-FOR-US: GrayCMS +CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...) + NOT-FOR-US: text.cgi +CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...) + NOT-FOR-US: text.cgi +CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) + NOT-FOR-US: text.cgi +CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...) + NOT-FOR-US: includer.cgi +CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) + NOT-FOR-US: includer.cgi +CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...) + NOT-FOR-US: forum.pl +CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...) + NOT-FOR-US: forum.pl +CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...) + NOT-FOR-US: ad.cgi +CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...) + NOT-FOR-US: ad.cgi +CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...) + NOT-FOR-US: ad.cgi +CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...) + {DSA-727-1} + - libconvert-uulib-perl 1.0.5.1 +CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) + NOT-FOR-US: MailEnable +CVE-2005-1347 (** UNVERIFIABLE ** ...) + NOT-FOR-US: acrobat +CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) + NOT-FOR-US: Symantec +CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...) + {DSA-721-1} + - squid 2.5.9-7 +CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...) + - apache2 2.0.54-3 (bug #322604) +CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...) + NOT-FOR-US: vpnd for Mac OS X +CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...) + NOT-FOR-US: Apple Terminal +CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...) + NOT-FOR-US: Apple Terminal +CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...) + NOT-FOR-US: Mac OS X +CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...) + NOTE: verified that our lukemftpd uses pw->pw_name when + NOTE: checking /etc/ftpchroot. +CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...) + NOT-FOR-US: Mac OS X +CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...) + NOT-FOR-US: Mac OS X +CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...) + NOT-FOR-US: Mac OS X +CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...) + NOT-FOR-US: Mac OS X +CVE-2005-1334 + REJECTED +CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...) + NOT-FOR-US: Mac OS X +CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...) + NOT-FOR-US: Mac OS X +CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...) + NOT-FOR-US: Mac OS X +CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...) + NOT-FOR-US: Mac OS X +CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...) + NOT-FOR-US: OneWorldStore +CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...) + NOT-FOR-US: OneWorldStore +CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...) + NOT-FOR-US: Woltlab Burning Board +CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...) + NOT-FOR-US: VooDoo cIRCle BOTNET +CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...) + NOT-FOR-US: phpMyVisites +CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) + NOT-FOR-US: phpMyVisites +CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) + NOT-FOR-US: NetTerm +CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) + - nag 1.1-3.1 (bug #307173) +CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) + - sork-vacation 2.2.2-1 +CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...) + - mnemo 1.1-2.1 (bug #307180) + TODO: check whether nmeno2 is affected as well +CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...) + NOTE: imp4 is not affected + - imp3 3.2.8-1 (bug #328218; low) +CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...) + - sork-forwards 2.2.2-1 +CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...) + NOT-FOR-US: Hord Chora module +CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...) + - sork-accounts 2.1.2-1 +CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...) + NOTE: Maintainer is checking whether turba2 needs fixing as well + - turba 1.2.5-1 +CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...) + - kronolith 1.1.4-1 +CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) + - sork-passwd 2.2.2-1 +CVE-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...) + NOT-FOR-US: Yappa-NG +CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) + NOT-FOR-US: Yappa-NG +CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) + NOT-FOR-US: bBlog +CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) + NOT-FOR-US: bBlog +CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) + NOTE: upstream says attack won't work, see bug 307575 +CVE-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) + NOT-FOR-US: Adobe Version Cue +CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...) + NOT-FOR-US: Adobe Reader 7 +CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) + NOT-FOR-US: hyper.cgi +CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) + NOT-FOR-US: citat.pl +CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...) + NOT-FOR-US: citat.pl +CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) + NOT-FOR-US: Confixx +CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) + NOT-FOR-US: nProtect:Netizen +CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...) + NOT-FOR-US: inserter.cgi +CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...) + NOT-FOR-US: inserter.cgi +CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...) + NOT-FOR-US: inserter.cgi +CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...) + NOT-FOR-US: include.cgi +CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...) + NOT-FOR-US: include.cgi +CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) + NOT-FOR-US: include.cgi +CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...) + - affix-kernel 2.1.1-1.1 +CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...) + NOT-FOR-US: StorePortal +CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...) + NOT-FOR-US: CartWIZ ASP Cart +CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) + NOT-FOR-US: CartWIZ ASP Cart +CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) + - phpbb2 2.0.13-6sarge1 (low) +CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) + NOT-FOR-US: E-Cart +CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) + NOT-FOR-US: ACS Blog +CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...) + NOT-FOR-US: BK Forum +CVE-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...) + NOT-FOR-US: Bitdefender +CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...) + NOT-FOR-US: Woltlab Burning Board +CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...) + NOT-FOR-US: Argosoft Mail Server Pro +CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...) + NOT-FOR-US: Argosoft Mail Server Pro +CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...) + NOT-FOR-US: Argosoft Mail Server Pro +CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) + - ethereal 0.10.10-2 +CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...) + - ethereal 0.10.10-2 + - tcpdump 3.8.3-4 +CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) + {DSA-850-1} + - tcpdump 3.8.3-4 +CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) + - tcpdump 3.8.3-4 +CVE-2005-1277 + REJECTED +CVE-2005-1276 + RESERVED +CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) + - imagemagick 6:6.0.6.2-2.3 (bug #306424) +CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) + - maxdb-7.5.00 7.5.00.24-3 +CVE-2005-1273 + RESERVED +CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...) + NOT-FOR-US: Backup Agent for Microsoft SQL +CVE-2005-1271 + REJECTED +CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...) + - rkhunter 1.2.7-14 (medium) +CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] + - libconvert-uulib-perl 1.0.5.1-1 +CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) + {DSA-734-1} + - gaim 1:1.3.1-1 (bug #315356; low) +CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...) + {DSA-805-1} + NOTE: This is from latest Trustix advisory, exploitation would require to trick + NOTE: someone into using a maliciously crafted certificate revocation list + - apache2 2.0.54-5 (bug #320048; bug #320063; low) +CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) + {DSA-854-1} + - tcpdump 3.9.0.cvs.20050614-1 (medium) +CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...) + {DSA-736-2 DSA-736-1} + - spamassassin 3.0.4-1 (bug #314447; medium) +CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) + - kernel-source-2.6.8 2.6.8-17 + - linux-2.6 2.6.12-1 +CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.6.11 2.6.11-5 +CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...) + - kernel-source-2.6.11 2.6.11-4 + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-10 + NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H +CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...) + NOTE: see http://gaim.sourceforge.net/security/ + - gaim 1:1.2.1-1.1 +CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...) + NOTE: see http://gaim.sourceforge.net/security/ + - gaim 1:1.2.1-1.1 +CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...) + {DSA-741-1} + - bzip2 1.0.2-7 +CVE-2005-1259 + RESERVED +CVE-2005-1258 + RESERVED +CVE-2005-1257 + RESERVED +CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) + NOT-FOR-US: IMail +CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) + NOT-FOR-US: IMail +CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) + NOT-FOR-US: IMail +CVE-2005-1253 + RESERVED +CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) + NOT-FOR-US: IMail +CVE-2005-1251 + RESERVED +CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...) + NOT-FOR-US: IpSwitch +CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) + NOT-FOR-US: IMail +CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) + NOT-FOR-US: Apple iTunes +CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) + NOT-FOR-US: Novell Nsure Audit +CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...) + NOT-FOR-US: snmppd +CVE-2005-XXXX [Multiple security problems in Quake 2] + NOTE: this release added lots of warnings about the security problems + - quake2 1:0.3-1.1 + - quake2 <unfixed> (bug #280573; low) + NOTE: CVE id requested from mitre +CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2005-1244 (** DISPUTED ** ...) + NOT-FOR-US: AS/400 FTP server addon +CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...) + NOT-FOR-US: AS/400 FTP server addon +CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) + NOT-FOR-US: AS/400 FTP server addon +CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...) + NOT-FOR-US: AS/400 FTP server addon +CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...) + NOT-FOR-US: AS/400 FTP server addon +CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...) + NOT-FOR-US: AS/400 FTP server addon +CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) + NOT-FOR-US: AS/400 FTP server +CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...) + NOT-FOR-US: FlexPHPNews +CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...) + NOT-FOR-US: DUPortal +CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...) + NOT-FOR-US: phpbb-Auction +CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) + NOT-FOR-US: phpbb-Auction +CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...) + NOT-FOR-US: PHP Labs proFile +CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) + NOT-FOR-US: Sun ONE Proxy Server +CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...) + NOT-FOR-US: JAWS +CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) + NOT-FOR-US: Yawcan +CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) + {DSA-846-1} + - cpio 2.6-6 (bug #306693; medium) +CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) + {DSA-752-1} + - gzip 1.3.5-10 +CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) + NOT-FOR-US: PHPProjekt +CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...) + NOT-FOR-US: Coppermine Photo Gallery +CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) + NOT-FOR-US: Coppermine Photo Gallery +CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...) + NOT-FOR-US: DUPortal +CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) + NOT-FOR-US: Ocean12 Calender manager +CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...) + NOT-FOR-US: Annuaire Netref +CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) + NOT-FOR-US: ECommPro +CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...) + NOT-FOR-US: Shoutbox +CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...) + NOT-FOR-US: Microsoft Color Management Module +CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...) + NOT-FOR-US: Microsoft Color Management Module +CVE-2005-1217 + RESERVED +CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...) + NOT-FOR-US: Microsoft +CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...) + NOT-FOR-US: Microsoft +CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...) + NOT-FOR-US: Microsoft +CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...) + NOT-FOR-US: Microsoft +CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...) + NOT-FOR-US: Microsoft +CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2005-1210 + RESERVED +CVE-2005-1209 + RESERVED +CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...) + NOT-FOR-US: Microsoft +CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) + NOT-FOR-US: Microsoft +CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...) + NOT-FOR-US: Microsoft +CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...) + NOT-FOR-US: Microsoft +CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] + - libpam-ssh 1.91.0-9 +CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...) + NOT-FOR-US: Desktop Rover +CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...) + - egroupware 1.0.0.007-2.dfsg-1 +CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...) + - egroupware 1.0.0.007-2.dfsg-1 +CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) + NOT-FOR-US: AZbb +CVE-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...) + NOT-FOR-US: AZbb +CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...) + NOT-FOR-US: UBB.threads +CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...) + NOT-FOR-US: Anaconda Foundation Directory +CVE-2005-1197 (SQL injection vulnerability in the ...) + NOT-FOR-US: Oracle +CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...) + NOT-FOR-US: PHPBB Knowledgebase Mod +CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...) + NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian + - xine-lib 1.0.1-1 +CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) + - nasm 0.98.38-1.2 (bug #309049) +CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) + - phpbb2 2.0.13-6sarge1 (medium) +CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) + NOT-FOR-US: HP-UX +CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...) + NOT-FOR-US: Windows +CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...) + NOT-FOR-US: WebcamXP +CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...) + NOT-FOR-US: WebcamXP +CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...) + NOT-FOR-US: ComersusCart +CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...) + NOT-FOR-US: WinHex +CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...) + NOT-FOR-US: Musicmatch +CVE-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...) + NOT-FOR-US: Musicmatch +CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...) + NOTE: This looks rather obscure -jmm + TODO: check +CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...) + NOT-FOR-US: mvnForum +CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...) + NOT-FOR-US: iSeries OS +CVE-2005-1181 (** DISPUTED ** ...) + NOT-FOR-US: Ariadne CMS +CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...) + NOT-FOR-US: Xerox +CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...) + NOT-FOR-US: Oracle +CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...) + NOTE: According to maintainer posting in debian-release this does only affect 1.190 + NOTE: and not the version in Sarge +CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) + NOT-FOR-US: AIX +CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...) + {DSA-757-1} + TODO: check krb4 + - krb5 1.3.6-4 (bug #318437; medium) +CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...) + {DSA-757-1} + TODO: check krb4 + - krb5 1.3.6-4 (bug #318437; medium) +CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...) + NOT-FOR-US: PMSoftware Simple Web Server +CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...) + NOT-FOR-US: Coppermine Photo Gallery +CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...) + NOT-FOR-US: moddb phpbb2 add-on +CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...) + NOT-FOR-US: moddb phpbb2 add-on +CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...) + NOT-FOR-US: Mafia Blog +CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...) + NOT-FOR-US: Musicmatch +CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...) + NOT-FOR-US: Musicmatch +CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...) + NOT-FOR-US: Dameware +CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: Yager game +CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: Yager game +CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...) + NOT-FOR-US: Yager game +CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...) + NOT-FOR-US: OneWorldStore +CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...) + NOT-FOR-US: OneWorldStore +CVE-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...) + {DSA-781-1} + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 + - mozilla-thunderbird 1.0.6-1 (bug #318728; high) +CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...) + {DSA-781-1} + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 + - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) +CVE-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow ...) + - mozilla-firefox 1.0.3-1 +CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 +CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 +CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...) + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 +CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...) + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 +CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...) + - mozilla-firefox 1.0.3-1 + - mozilla 2:1.7.7-1 +CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...) + {DSA-728-1} + - qpopper 4.0.5-4sarge1 +CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...) + {DSA-728-1} + - qpopper 4.0.5-4sarge1 +CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) + NOT-FOR-US: Sun Java +CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...) + NOT-FOR-US: ACNews +CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...) + NOT-FOR-US: CalenderScript +CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...) + NOT-FOR-US: CalenderScript +CVE-2005-1146 (** DISPUTED ** ...) + NOT-FOR-US: CalenderScript +CVE-2005-1145 (** DISPUTED ** ...) + NOT-FOR-US: CalenderScript +CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...) + NOT-FOR-US: EasyPHPCalender +CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...) + NOT-FOR-US: EasyPHPCalender +CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...) + - gocr 0.39-5 +CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) + - gocr 0.39-5 +CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...) + NOT-FOR-US: MyBloggie +CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...) + NOT-FOR-US: Opera +CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...) + NOT-FOR-US: Kerio +CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...) + NOT-FOR-US: sphpBlog +CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...) + NOT-FOR-US: sphpBlog +CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) + NOT-FOR-US: sphpBlog +CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) + NOT-FOR-US: Serendipity +CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) + NOT-FOR-US: AS/400 system software +CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...) + NOT-FOR-US: LG mobile phone +CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) + NOT-FOR-US: Veritas Focalpoint Server +CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) + NOT-FOR-US: PinnacleCart +CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...) + - egroupware 1.0.0.007-2.dfsg-1 +CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...) + NOT-FOR-US: VHCS +CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...) + NOT-FOR-US: Free BSD +CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...) + NOT-FOR-US: Free BSD +CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...) + NOTE: Has been removed from Sarge + - libsafe <unfixed> (bug #305070; medium) +CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) + NOT-FOR-US: Solaris +CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) + NOT-FOR-US: monkeyd +CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...) + NOT-FOR-US: monkeyd +CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...) + {DSA-726-1} + NOTE: Not part of Sarge due to FTBFS on ia64 and alpha + - oops <unfixed> (bug #307360; high) +CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) + - ilohamail <unfixed> (bug #304525; medium) +CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) + - sudo <unfixed> (bug #283161; low) +CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) + NOT-FOR-US: RSA authentication agent +CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...) + NOT-FOR-US: All4WWW Homepage creator +CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) + NOT-FOR-US: phpbb2 calendar addon +CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) + NOT-FOR-US: Photo Album +CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...) + NOT-FOR-US: Photo Album +CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) + NOT-FOR-US: PhpBB Plus +CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) + NOT-FOR-US: IBM Websphere +CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) + {DSA-846-1} + - cpio 2.6-6 (bug #305372; low) +CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) + NOT-FOR-US: Sumus web server +CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) + {DSA-713-1} + NOTE: only part of Woody, has been removed from Sarge and sid + NOT-FOR-US: Junkbuster + NOTE: checked privoxy, is not vulnerable +CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...) + {DSA-713-1} + NOTE: only part of Woody, has been removed from Sarge and sid + NOT-FOR-US: Junkbuster + NOTE: checked privoxy, is not vulnerable +CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...) + NOT-FOR-US: McAfee +CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey] + - postgrey 1.21-1 +CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) + NOT-FOR-US: Windows +CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) + NOTE: api vulnerablity + - libgnumail-java <unfixed> (bug #304712; low) +CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) + NOT-FOR-US: Centra +CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) + NOT-FOR-US: Sygate Secure Enterprise +CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + NOTE: Upstream developers don't consider this an issue, see bug #304468 +CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) + NOT-FOR-US: Lotus Domino Server +CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) + - postfix-gld 1.5-1 +CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) + - postfix-gld 1.5-1 +CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) + NOT-FOR-US: GetDataBack for NTFS (Windows) +CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) + NOT-FOR-US: Rebrand P2P Share Spy +CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...) + NOT-FOR-US: Ocean12 Membership Manager Pro +CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...) + NOT-FOR-US: Ocean12 Membership Manager Pro +CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...) + NOT-FOR-US: FTP Now +CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...) + NOT-FOR-US: Miranda IM +CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...) + NOT-FOR-US: DeluxeFTP +CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...) + NOT-FOR-US: Maxthon +CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...) + NOT-FOR-US: Maxthon +CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...) + NOT-FOR-US: DC++ +CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...) + NOT-FOR-US: DameWare NT Utilities and Mini Remote Control +CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...) + NOT-FOR-US: AN HTTPD +CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...) + NOT-FOR-US: AN HTTPD +CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...) + NOT-FOR-US: aeDating +CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...) + NOT-FOR-US: aeDating +CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...) + NOT-FOR-US: aeDating +CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...) + NOT-FOR-US: AtDGDatingPlatinum +CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...) + NOT-FOR-US: AtDGDatingPlatinum +CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...) + NOT-FOR-US: JAR in J2SE SDK + TODO: check jar extractors in Debian just to be safe +CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...) + NOT-FOR-US: zOOm Media Gallery +CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...) + NOT-FOR-US: XAMPP Apache distribution specific issue +CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...) + NOT-FOR-US: XAMPP Apache distribution specific issue +CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...) + NOT-FOR-US: WebCT +CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...) + NOT-FOR-US: RadScripts RadBids Gold +CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...) + NOT-FOR-US: RadScripts RadBids Gold +CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...) + NOT-FOR-US: RadScripts RadBids Gold +CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...) + NOT-FOR-US: PunBB +CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...) + NOT-FOR-US: JPortal +CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...) + NOT-FOR-US: Invision Power Board +CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...) + NOT-FOR-US: sCssBoard +CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...) + NOT-FOR-US: sCssBoard +CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...) + NOT-FOR-US: Access_user class +CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...) + NOTE: the affected binary is not included in pine binary packages + NOTE: and the maintainer refuses to maintain code that is not + NOTE: see bug #304547 +CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...) + NOTE: we do not seem to be vulnerable; /var/cache/fonts is not + NOTE: writiable by normal users in Debian, only by root. +CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...) + - rsnapshot 1.2.1-1 +CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) + NOT-FOR-US: Kerio +CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) + NOT-FOR-US: Kerio +CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...) + - logwatch 5.0-1 +CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...) + NOT-FOR-US: Novell Netware +CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...) + NOT-FOR-US: Linksys WET11 +CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...) + NOT-FOR-US: Cisco +CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...) + NOT-FOR-US: Cisco +CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...) + NOT-FOR-US: HP OpenView Network Node Manager +CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...) + NOT-FOR-US: TowerBlog +CVE-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...) + NOT-FOR-US: ModernBill +CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) + NOT-FOR-US: ModernBill +CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...) + NOT-FOR-US: Microsoft +CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...) + NOT-FOR-US: PunBB +CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...) + NOT-FOR-US: PostNuke +CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...) + NOT-FOR-US: PostNuke +CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...) + NOT-FOR-US: PostNuke +CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...) + NOT-FOR-US: PunBB +CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...) + {DSA-714-1} + - kdelibs 4:3.3.2-6 +CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...) + NOT-FOR-US: OpenText +CVE-2005-1044 + REJECTED +CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...) + - php4 4:4.3.10-10 (bug #306003) +CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...) + - php4 4:4.3.10-10 (bug #306003) +CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...) + - kernel-source-2.6.11 2.6.11-1 + - kernel-source-2.6.8 2.6.8-16 + NOTE: does not affect 2.4.27 per horms +CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) + NOTE: Debian is not affected; see bug # 310833 +CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) + - coreutils <unfixed> (bug #304556; low) +CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) + NOTE: long fixed in Debian's cron +CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) + NOT-FOR-US: AIX +CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...) + NOT-FOR-US: FreeBSD +CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...) + - pavuk 0.9.32-1 +CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: SurgeFTP +CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: CubeCart +CVE-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...) + NOT-FOR-US: LiteCommerce +CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...) + NOT-FOR-US: exoops +CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...) + NOT-FOR-US: Active Auction House +CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...) + NOT-FOR-US: Active Auction House +CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...) + NOT-FOR-US: SnailSource phpBB mod +CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...) + NOT-FOR-US: IBM +CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...) + NOT-FOR-US: ColdFusion +CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...) + NOT-FOR-US: IOS +CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...) + NOT-FOR-US: IOS +CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...) + NOT-FOR-US: Aeon +CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...) + NOT-FOR-US: CA ArcServe Backup +CVE-2005-XXXX [Some security issues in mod_security] + NOTE: I don't understand mod_security fully, so I'm not entirely sure which of + NOTE: the changelog entries matches the security criteria, but the changelog + NOTE: claims so. + - libapache-mod-security 1.8.7-1 +CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] + NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix + - imms 2.0.3-1 +CVE-2005-XXXX [Multiple non-descript problems in PHP4] + NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the + NOTE: details before July 12th. The security fixes are accompanied by dozens of + NOTE: non-security bugfixes, so it's not obvious from the diff either. +CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] + - smarty 2.6.9-1 +CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] + - obexftp 0.10.7-3 +CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...) + NOT-FOR-US: MaxWebPortal +CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...) + NOT-FOR-US: MaxWebPortal +CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...) + NOT-FOR-US: MailEnable +CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...) + NOT-FOR-US: MailEnable +CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...) + NOT-FOR-US: MailEnable +CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...) + NOT-FOR-US: SiteEnable +CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...) + NOT-FOR-US: SiteEnable +CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...) + NOT-FOR-US: ComersusCart +CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...) + NOT-FOR-US: NetVault +CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...) + NOT-FOR-US: XM Forum +CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...) + NOT-FOR-US: CommuniGate Pro +CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...) + NOT-FOR-US: SonicWALL +CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...) + NOT-FOR-US: PayProCart +CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...) + NOT-FOR-US: PayProCart +CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...) + NOT-FOR-US: PayProCart +CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...) + NOT-FOR-US: LOG-FT File Transfer +CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...) + NOT-FOR-US: ProductCart +CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...) + NOT-FOR-US: ProductCart +CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...) + NOT-FOR-US: SCO +CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) + - phpmyadmin 3:2.6.2-rc1-1 +CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...) + NOT-FOR-US: AIX +CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...) + - sharutils 1:4.2.1-13 +CVE-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...) + {DSA-781-1} + - mozilla 2:1.7.7-1 (bug #306001) + - mozilla-firefox 1.0.2-3 + - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) +CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...) + {DSA-752-1} + - gzip 1.3.5-10 + NOTE: Essentially the same as CVE-2005-0953 +CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) + NOT-FOR-US: IRC Services NickServ +CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...) + NOT-FOR-US: Lotus Domino +CVE-2005-0985 + RESERVED +CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...) + NOT-FOR-US: Star Wars game +CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...) + NOT-FOR-US: Quake 3 based games +CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...) + NOT-FOR-US: Yet Another Forum.net +CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) + NOT-FOR-US: Alstrasoft EPay +CVE-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...) + NOT-FOR-US: Alstrasoft EPay +CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...) + NOT-FOR-US: Rumba +CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...) + NOT-FOR-US: IVT BlueSoleil +CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...) + - kernel-source-2.6.8 2.6.8-16 (bug #303177) +CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) + NOT-FOR-US: Apple +CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) + NOT-FOR-US: Apple +CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...) + NOT-FOR-US: Apple +CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...) + NOT-FOR-US: Apple +CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...) + NOT-FOR-US: Apple +CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...) + NOT-FOR-US: Apple +CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) + NOT-FOR-US: Apple +CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...) + NOT-FOR-US: Apple +CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) + NOT-FOR-US: CA eTrust IDS +CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...) + - gaim 1:1.2.1-1 +CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] + NOTE: Was once part of Debian, but has been removed +CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...) + - gaim 1:1.2.1-1 (bug #303581) +CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...) + - gaim 1:1.2.1-1 (bug #303581) +CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...) + NOT-FOR-US: Kerio firewall +CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...) + NOT-FOR-US: ACPI BIOS hardware issue +CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...) + NOT-FOR-US: SquirrelCart +CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...) + - horde3 3.0.4-1 + - horde2 2.2.8-1 +CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...) + NOT-FOR-US: OpenBSD +CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...) + NOT-FOR-US: YepYep mtftpd +CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...) + NOT-FOR-US: YepYep mtftpd +CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...) + NOT-FOR-US: BayTech RPC +CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...) + NOT-FOR-US: InterAKT MX Kart +CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...) + NOT-FOR-US: InterAKT MX Shop +CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...) + NOT-FOR-US: Windows +CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) + {DSA-730-1} + - bzip2 1.0.2-6 + NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) + NOTE: attacker would have to exploit the minimal time span between uncompressing + NOTE: the file and chmodding it to delete the file and place a hardlink to another + NOTE: file of the "attacked" user. Additionally the attacker needs write permissions + NOTE: to the directory where the file is being uncompressed, ruling out /~ etc. +CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...) + NOT-FOR-US: PafileDB +CVE-2005-0951 + REJECTED +CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...) + NOT-FOR-US: FastStone 4in1 Browser +CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...) + NOT-FOR-US: PortalApp +CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...) + NOT-FOR-US: PortalApp +CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...) + NOT-FOR-US: phpCoin +CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...) + NOT-FOR-US: phpCoin +CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...) + NOT-FOR-US: ACS Blog +CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll), ...) + NOT-FOR-US: Microsoft +CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...) + NOT-FOR-US: Cisco Hardware issue +CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) + NOT-FOR-US: Sybase ASE +CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) + - openoffice.org 1.1.3-9 +CVE-2005-0939 + RESERVED +CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...) + NOT-FOR-US: UBlog +CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...) + - kernel-source-2.6.8 2.6.8-16 +CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] + - freeciv 2.0.1-1 +CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack] + - mailscanner 4.40.11-1 +CVE-2005-XXXX [KDE Kopete ICQ remote DoS] + - kdenetwork 4:3.3.2-2 +CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...) + NOT-FOR-US: ESMI PayPal Storefront +CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...) + NOT-FOR-US: ESMI PayPal Storefront +CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...) + NOT-FOR-US: WackoWiki +CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...) + NOT-FOR-US: phpCOIN +CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...) + NOT-FOR-US: phpCOIN +CVE-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...) + NOT-FOR-US: The Includer +CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...) + NOT-FOR-US: Chatness +CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...) + NOT-FOR-US: PhotoPost PHP Pro +CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) + NOT-FOR-US: PhotoPost PHP Pro +CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...) + NOT-FOR-US: WebAPP +CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...) + - sylpheed 1.0.4-1 + - sylpheed-claws 1.0.4-1 +CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...) + NOT-FOR-US: Uapplication Ublog +CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...) + NOT-FOR-US: Adventia E-Data +CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...) + NOT-FOR-US: Norton AntiVirus +CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...) + NOT-FOR-US: Norton AntiVirus +CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...) + NOT-FOR-US: Lotus +CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...) + NOT-FOR-US: Bugtracker.NET +CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...) + NOT-FOR-US: Adventia E-Data +CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) + NOT-FOR-US: Adobe SVG Viewer +CVE-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...) + NOT-FOR-US: EncapsBB +CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) + - kernel-source-2.6.8 2.6.8-16 + NOTE: 2.4 doesn't seem to be vulnerable +CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...) + NOT-FOR-US: Webmasters-Debutants WD Guestbook +CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...) + NOT-FOR-US: CPG Dragonfly +CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...) + - smarty 2.6.8-1 +CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...) + NOT-FOR-US: deplate +CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...) + NOT-FOR-US: exoops +CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) + NOT-FOR-US: exoops +CVE-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...) + NOT-FOR-US: THai's Shoutbox +CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) + NOT-FOR-US: Valdersoft Shopping Cart +CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) + NOT-FOR-US: Valdersoft Shopping Cart +CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...) + NOT-FOR-US: Tincat network library +CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) + NOT-FOR-US: Maxthon +CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...) + NOT-FOR-US: Microsoft +CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...) + NOT-FOR-US: QuickTime PictureViewer +CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...) + NOT-FOR-US: NukeBookmarks for php-nuke +CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...) + NOT-FOR-US: NukeBookmarks for php-nuke +CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) + NOT-FOR-US: NukeBookmarks for php-nuke +CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...) + NOT-FOR-US: AS/400 running OS400 +CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) + NOT-FOR-US: E-Store Kit-2 PayPal Edition +CVE-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...) + NOT-FOR-US: E-Store Kit-2 PayPal Edition +CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) + NOT-FOR-US: phpMyDirectory +CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) + NOT-FOR-US: Netcomm 1300NB DSL Modem +CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) + - openmosixview 1.5-7 +CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...) + - smail <unfixed> (bug #301428; medium) + NOTE: no patch known at this time. +CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) + {DSA-722-1} + - smail 3.2.0.115-7 +CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) + NOTE: The description is wrong; 2.6 is affected as well + - gtk+2.0 2.6.4-1 + - gdk-pixbuf 0.22.0-7.1 +CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...) + NOT-FOR-US: Dream4 Koobi CMS +CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) + NOT-FOR-US: Dream4 Koobi CMS +CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + NOTE: the hole was introduced in 0.9.4.3; I suppose that having + NOTE: this package be orphaned and not get updated for years from 0.9.2 + NOTE: is good for _something_ after all :-P +CVE-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...) + - dcl 1:0.9.4.4-1 +CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) + NOT-FOR-US: Invision Power Board +CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) + NOT-FOR-US: XMB Forum +CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...) + NOT-FOR-US: DigitalHive +CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...) + NOT-FOR-US: DigitalHive +CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) + NOT-FOR-US: BirdBlog +CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...) + NOT-FOR-US: Interspire ArticleLive +CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...) + NOT-FOR-US: Vortex Portal +CVE-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...) + NOT-FOR-US: Vortex Portal +CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) + NOT-FOR-US: MercuryBoard +CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...) + - dnsmasq 2.21 +CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) + - dnsmasq 2.21 +CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) + NOT-FOR-US: Trillian plugin +CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) + NOT-FOR-US: Trillian plugin +CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...) + NOT-FOR-US: Oracle +CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) + NOT-FOR-US: Topic Calendar phpbb2 plugin +CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) + NOT-FOR-US: Topic Calendar phpbb2 plugin +CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) + {DSA-724-1} + - phpsysinfo 2.3-3 +CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) + NOTE: phpsysinfo maintainer does not consider path disclosure to + NOTE: be a bug. See bug #301118. +CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) + NOTE: checked tn5250, apparently the only AS/400 emulator in debian + NOTE: cannot find STRPCO or STRPCCMD in tn5250. +CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) + NOTE: According to Horms from the Debian kernel team 2.6.8 and 2.6.11 are not + NOTE: affected, 2.4 doesn't include sysfs anyway, see 306137 +CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) + - cdrtools 4:2.01+01a01-4 +CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) + NOT-FOR-US: Samsung ADSL modems +CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) + NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago +CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) + NOT-FOR-US: PHPOpenChat +CVE-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...) + NOT-FOR-US: PHPOpenChat +CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) + NOT-FOR-US: Delegate +CVE-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...) + NOT-FOR-US: TRG News Script +CVE-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...) + NOT-FOR-US: CzarNews +CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) + NOT-FOR-US: CoolForum +CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...) + NOT-FOR-US: CoolForum +CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) + NOT-FOR-US: CoolForum +CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...) + NOT-FOR-US: CoolForum +CVE-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...) + NOT-FOR-US: betaparticle blog +CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...) + NOT-FOR-US: betaparticle blog +CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...) + NOT-FOR-US: Microsoft Windows +CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...) + NOT-FOR-US: FileZilla FTP server +CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...) + NOT-FOR-US: FileZilla FTP server +CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) + NOT-FOR-US: Multiple commercial games by FUN Labs +CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) + NOT-FOR-US: Multiple commercial games by FUN Labs +CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Code Ocean FTP Server +CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) + NOT-FOR-US: SurgeMail +CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) + NOT-FOR-US: SurgeMail +CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...) + NOT-FOR-US: Nortel Contivity +CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) + NOT-FOR-US: Phorum +CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) + NOT-FOR-US: Kayako eSupport +CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) + NOT-FOR-US: phpmyfamily +CVE-2005-0840 + REJECTED +CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) + - kernel-source-2.6.8 2.6.8-16 +CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) + - icecast2 <unfixed> (bug #301368; low) +CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) + - icecast2 <unfixed> (bug #301368; low) +CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) + NOT-FOR-US: Java Web Start for proprietary Sun Java +CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) + NOT-FOR-US: Belkin 54G router +CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) + NOT-FOR-US: Belkin 54G router +CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) + NOT-FOR-US: Belkin 54G router +CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) + NOT-FOR-US: PHP-Post +CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) + NOT-FOR-US: PHP-Post +CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) + NOT-FOR-US: Xzabite DynDNS Updater +CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) + NOT-FOR-US: PHP-Fusion Addon +CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) + NOT-FOR-US: e-Xoops based products +CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) + NOT-FOR-US: e-Xoops based products +CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: OllyDbg MS Windows debugger +CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) + - ltris 1.0.6-1.1 (bug #291620) +CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) + - mathopd 1.5p5-1 +CVE-2005-XXXX [Various /tmp related security issues in cernlib] + - cernlib 2004.11.04-3 +CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...) + NOT-FOR-US: iSnooker +CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...) + NOT-FOR-US: Citrix +CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...) + NOT-FOR-US: Citrix +CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...) + NOT-FOR-US: MS Office +CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...) + NOT-FOR-US: Novell Netware +CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) + NOT-FOR-US: Pun BB +CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...) + NOT-FOR-US: Symantec Gateway +CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) + NOT-FOR-US: Solaris +CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...) + - kernel-source-2.4.27 2.4.27-10 (bug #300783; medium) + - linux-2.6 2.6.12-1 (bug #300783; medium) + - kernel-source-2.6.8 2.6.8-16 + NOTE: Fixed upstream in 2.6.12-rc1 +CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) + {DSA-717-1} + - lsh-utils 2.0.1-1 +CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...) + NOT-FOR-US: ir +CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) + NOT-FOR-US: NotifyLink +CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) + NOT-FOR-US: NotifyLink +CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...) + NOT-FOR-US: NotifyLink +CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...) + NOT-FOR-US: NotifyLink +CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) + NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/ +CVE-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) + NOT-FOR-US: Cain & Abel +CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) + - evolution 2.0.4-2 + - evolution-data-server 1.2.2-1 +CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...) + NOT-FOR-US: Subdreamer +CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) + NOT-FOR-US: MailEnable +CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...) + NOT-FOR-US: Windows +CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) + NOT-FOR-US: ACS Blog +CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) + NOT-FOR-US: The Includer +CVE-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...) + NOT-FOR-US: mcNews +CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) + NOT-FOR-US: MySQL on Windows +CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) + NOT-FOR-US: Novell iChain +CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...) + NOT-FOR-US: Novell iChain +CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...) + NOT-FOR-US: Hola CMS +CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) + NOT-FOR-US: Hola CMS +CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) + NOT-FOR-US: ZPanel +CVE-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...) + NOT-FOR-US: ZPanel +CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) + NOT-FOR-US: ZPanel +CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...) + NOT-FOR-US: phpAdsNew +CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: phpAdsNew +CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...) + NOT-FOR-US: SimpGB +CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...) + NOT-FOR-US: YaBB +CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...) + NOT-FOR-US: Phorum +CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...) + NOT-FOR-US: Phorum +CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...) + NOT-FOR-US: paFileDB +CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) + NOT-FOR-US: paFileDB +CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) + NOT-FOR-US: paFileDB +CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...) + NOT-FOR-US: PlatinumFTP +CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...) + NOT-FOR-US: PhotoPost +CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) + NOT-FOR-US: PhotoPost +CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...) + NOT-FOR-US: PhotoPost +CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...) + NOT-FOR-US: PhotoPost +CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) + NOT-FOR-US: PhotoPost +CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...) + NOT-FOR-US: VERITAS Backup Exec +CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...) + NOT-FOR-US: VERITAS Backup Exec +CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...) + NOT-FOR-US: VERITAS Backup Exec +CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) + NOT-FOR-US: IDA Pro +CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) + NOT-FOR-US: GoodTech Telnet Server +CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...) + - kernel-source-2.6.8 2.6.8-15 +CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...) + - ethereal 0.10.10-1 +CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) + - ethereal 0.10.10-1 +CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...) + - rxvt-unicode 5.3-1 +CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...) + {DSA-698-1} + NOTE: Seems to be a "fix the fix", correcting a previous DSA. + NOTE: Mainline mc is apparently not affected. +CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...) + {DSA-702-1} + - imagemagick 5:6.0.0-1 + NOTE: Does only affect imagemagick releases prior to 6 +CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...) + - imagemagick 5:6.0.2.5 (bug #301110) +CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...) + {DSA-702-1} + - imagemagick 5:6.0.0-1 + NOTE: Does only affect imagemagick releases prior to 6 +CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...) + {DSA-702-1} + - imagemagick 5:6.0.0-1 + NOTE: Does only affect imagemagick releases prior to 6 +CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) + NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 + - gzip 1.3.5-10 + - bzip2 1.0.2-8.1 (bug #321286; medium) +CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) + - kernel-source-2.4.27 2.4.27-11 (bug #311164) + - kernel-source-2.6.8 2.6.8-17 + - linux-2.6 2.6.12-1 +CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) + - kernel-source-2.4.27 2.4.27-11 (medium) + - kernel-source-2.6.8 2.6.8-17 (medium) + - kernel-source-2.6.11 2.6.11-7 (medium) + - linux-2.6 2.6.12-1 (medium) + NOTE: Commited to kernel 2.6 git on 2005-05-20, between .12-rc4 and .12-rc5 +CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) + - helix-player 1.0.4-1 +CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...) + - kdewebdev 4:3.3.2-6 +CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...) + {DSA-742-1} + - cvs 1:1.12.9-13 +CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...) + - mozilla-firefox 1.0.3-1 +CVE-2005-0751 + REJECTED +CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...) + - kernel-source-2.4.27 2.4.27-10 + - kernel-source-2.6.8 2.6.8-16 +CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...) + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-10 +CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4] + - omniorb4 4.0.5-2 +CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...) + NOT-FOR-US: not part of Woody, has been removed from sarge/sid +CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...) + NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable +CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...) + - wine 0.0.20050310-1.1 +CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...) + - openslp 1.0.11a-2 +CVE-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...) + NOT-FOR-US: WEBInsta +CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...) + NOT-FOR-US: ApplyYourself +CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...) + NOT-FOR-US: Novell iChain +CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...) + NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor +CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...) + NOT-FOR-US: Novell iChain +CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...) + NOT-FOR-US: XOOPS +CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) + NOT-FOR-US: Sun Java System Application Server +CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...) + NOT-FOR-US: YaBB +CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...) + NOT-FOR-US: OpenBSD +CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...) + {DSA-718-1} + - ethereal 0.10.10-1 +CVE-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...) + NOT-FOR-US: Microsoft +CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...) + NOT-FOR-US: Yahoo Messenger +CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...) + NOTE: 2.6 through .11 + NOTE: There is no epoll in 2.4 + - kernel-source-2.6.8 2.6.8-14 +CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...) + NOT-FOR-US: newsscript +CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOT-FOR-US: PY Software Active Webcam WebServer +CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOT-FOR-US: PY Software Active Webcam WebServer +CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOT-FOR-US: PY Software Active Webcam WebServer +CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOT-FOR-US: PY Software Active Webcam WebServer +CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOT-FOR-US: PY Software Active Webcam WebServer +CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...) + NOT-FOR-US: Xpand Rally +CVE-2005-0728 + REJECTED +CVE-2005-0727 + REJECTED +CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...) + NOT-FOR-US: UBB.threads +CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...) + NOT-FOR-US: wfsections +CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) + NOT-FOR-US: paFileDB +CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...) + NOT-FOR-US: paFileDB +CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...) + NOT-FOR-US: eXPerience2 +CVE-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...) + NOT-FOR-US: eXPerience2 +CVE-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...) + NOT-FOR-US: mcNews +CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...) + NOT-FOR-US: Tru64 +CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...) + - squid 2.5.8 (bug #305605) +CVE-2005-0717 + RESERVED +CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) + NOT-FOR-US: Mac OS +CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...) + NOT-FOR-US: Mac OS +CVE-2005-0714 + REJECTED +CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...) + NOT-FOR-US: Mac OS +CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...) + NOT-FOR-US: Mac OS +CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...) + {DSA-707-1} + - mysql-dfsg 4.0.24 + - mysql-dfsg-4.1 4.1.10a +CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) + {DSA-707-1} + - mysql-dfsg 4.0.24 + - mysql-dfsg-4.1 4.1.10a +CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) + {DSA-707-1} + - mysql-dfsg 4.0.24 + - mysql-dfsg-4.1 4.1.10a +CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...) + NOT-FOR-US: FreeBSD +CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...) + NOT-FOR-US: Ipswitch Collaboration Suite +CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) + NOTE: Sarge version of gnome-vfs2 does not install the module with the vulnerable code + NOTE: fixed in gnome-vfs2 2.10 long ago too. + - grip 3.2.0-4 (low) + - libcdaudio 0.99.9-2.1 (bug #304799; low) + - gnome-vfs 1.0.5-5.1 (bug #305163; low) +CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...) + - ethereal 0.10.10-1 +CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...) + - ethereal 0.10.10-1 +CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...) + NOT-FOR-US: Xerox MicroServer Web Server +CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...) + NOT-FOR-US: phpMyFAQ +CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...) + NOT-FOR-US: Oracle +CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...) + NOT-FOR-US: Aztek +CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...) + - ethereal 0.10.9-2 +CVE-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...) + NOT-FOR-US: PHPWebLog +CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...) + NOT-FOR-US: CopperExport +CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...) + NOT-FOR-US: ArGoSoft +CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...) + NOT-FOR-US: Hosting Controller +CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...) + NOT-FOR-US: Hosting Controller +CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...) + NOT-FOR-US: JoWood Chaser (for Windows) +CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...) + NOT-FOR-US: PHP-Fusion +CVE-2005-0691 (PHP remote code injection vulnerability in article mode for ...) + NOT-FOR-US: SocialMPN +CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) + NOT-FOR-US: Gene6 FTP Server for Win +CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...) + NOT-FOR-US: The Includer +CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...) + NOT-FOR-US: Windows +CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...) + NOTE: hashcash 1.13 (which is in Debian) is not vulnerable + NOTE: hashcash 1.17 is also ok +CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...) + - mlterm 2.9.2 + NOTE: see bug #298621, was stalled in NEW, now accepted +CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...) + NOT-FOR-US: OutStart Participate Enterprise +CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...) + - maxdb-7.5.00 7.5.00.24-3 +CVE-2005-0683 + REJECTED +CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...) + - drupal 4.5.2 +CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: Nokia +CVE-2005-0680 (PHP remote code injection vulnerability in ...) + NOT-FOR-US: Download Center Lite +CVE-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...) + NOT-FOR-US: Tell A Friend Script +CVE-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...) + NOT-FOR-US: Form Mail Script +CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) + NOT-FOR-US: Zorum +CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...) + NOT-FOR-US: Zorum +CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...) + NOT-FOR-US: Zorum +CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) + NOT-FOR-US: Pabox for PHPNuke +CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...) + - phpbb2 2.0.13-2 +CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...) + NOT-FOR-US: Ca3DE +CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...) + NOT-FOR-US: Ca3DE +CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...) + NOT-FOR-US: phpCOIN +CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...) + NOT-FOR-US: phpCOIN +CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...) + NOT-FOR-US: HAVP +CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...) + - sylpheed 1.0.3-1 + - sylpheed-claws 1.0.3-1 +CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...) + - kernel-patch-adamantix 1.7 +CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...) + NOT-FOR-US: XV +CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...) + {DSA-709-1} + - libexif 0.6.9-5 +CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...) + NOT-FOR-US: Mercury Board +CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...) + NOT-FOR-US: Mercury Board +CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...) + NOT-FOR-US: Woltlab Burning Board +CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...) + NOT-FOR-US: D-Forum +CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...) + NOTE: This is not a security issue as the installation path is known. +CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) + NOT-FOR-US: Typo3 +CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...) + NOT-FOR-US: Computalynx CProxy +CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...) + NOT-FOR-US: auraCMS +CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: auraCMS +CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...) + NOTE: this is not a security issue according to maintainer +CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...) + - phpmyadmin 3:2.6.1-pl3-1 +CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...) + NOT-FOR-US: OpenVMS +CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...) + NOT-FOR-US: ProjectBB +CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...) + NOT-FOR-US: ProjectBB +CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...) + NOT-FOR-US: Pixel-Apes SafeHTML +CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...) + NOT-FOR-US: Pixel-Apes SafeHTML +CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...) + NOT-FOR-US: paNews +CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...) + NOT-FOR-US: paNews +CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...) + NOT-FOR-US: CuteNews +CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) + NOT-FOR-US: McAfee Virus Scanners +CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) + NOT-FOR-US: McAfee Virus Scanners +CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...) + NOT-FOR-US: Computer Associates UAM +CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) + NOT-FOR-US: Computer Associates UAM +CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) + NOT-FOR-US: Computer Associates UAM +CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) + {DSA-695-1 DSA-694-1} + - xloadimage 4.1-14.2 + - xli 1.17.0-17 +CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) + {DSA-695-1 DSA-694-1} + - xli 1.17.0-18 + - xloadimage 4.1-14.1 (bug #298926) +CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...) + NOT-FOR-US: OpenBSD +CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) + NOT-FOR-US: Foxmail +CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...) + NOT-FOR-US: Foxmail +CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...) + NOT-FOR-US: Golden FTP Server +CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) + NOT-FOR-US: Trillian +CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...) + NOT-FOR-US: PHPNews +CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...) + NOT-FOR-US: PBLang +CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...) + NOT-FOR-US: PBLang +CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) + NOT-FOR-US: 427BB +CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...) + NOT-FOR-US: Forumwa +CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...) + NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since + NOTE: Martin Loschwitz maintain it. +CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...) + - squid 2.5.9-2 +CVE-2005-0940 + REJECTED +CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) + - reportbug 3.8 +CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) + - reportbug 3.8 +CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) + NOT-FOR-US: RaidenHTTPD +CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) + NOT-FOR-US: RaidenHTTPD +CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: Scrapland +CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) + NOT-FOR-US: Einstein +CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) + NOT-FOR-US: Einstein +CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) + NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware +CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) + NOT-FOR-US: PostNuke +CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...) + NOT-FOR-US: PostNuke +CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...) + NOT-FOR-US: PostNuke +CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) + - phpbb2 2.0.13-1 +CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) + NOT-FOR-US: FCKeditor +CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) + NOT-FOR-US: Cisco +CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) + NOT-FOR-US: Real +CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) + NOT-FOR-US: FreeBSD portupgrade +CVE-2005-0609 + RESERVED +CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) + NOT-FOR-US: Half Life WebMod +CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) + NOT-FOR-US: CubeCert +CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...) + NOT-FOR-US: CubeCert +CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...) + {DSA-723-1} + NOTE: lesstif2 + - lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236) + NOTE: lesstif1 + - lesstif1-1 1:0.93.94-11.3 (bug #300421) + NOTE: libxmp4 is the real culprit, but there are different + NOTE: source packages for it (xorg-x11 and xfree86). xorg-x11 + NOTE: in unstable is not affected (was fixed before the upload). + - xfree86 4.3.0.dfsg.1-13 + NOTE: openmotif is non-free + - openmotif 2.2.3-1.1 (bug #308819; medium) +CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) + NOT-FOR-US: GFI Languard Network Security Scanner +CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) + - phpbb2 2.0.13-1 +CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) + - unzip 5.52-1 + NOTE: um, tar does this too, not really considered a security hole +CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOT-FOR-US: Cisco +CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOT-FOR-US: Cisco +CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOT-FOR-US: Cisco +CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) + NOT-FOR-US: Real +CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOT-FOR-US: Cisco +CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...) + NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037 + - php4 4:4.3.8-1 +CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...) + NOT-FOR-US: BadBlue +CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...) + NOT-FOR-US: Apple +CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 + - mozilla-thunderbird 1.0.2-1 +CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) + - mozilla-firefox 1.0.1 +CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...) + - mozilla-firefox 1.0.1 + - mozilla-thunderbird 1.0.2-1 +CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...) + - mozilla-firefox 1.0.1 +CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) + NOTE: windows only +CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) + NOT-FOR-US: Computer Associates (CA) License Client +CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...) + NOT-FOR-US: Computer Associates (CA) License Client +CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...) + NOT-FOR-US: Computer Associates (CA) License Client +CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) + NOT-FOR-US: cmd5checkpw +CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) + NOT-FOR-US: FreeNX +CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) + - mozilla-firefox 1.0.1-1 +CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) + NOT-FOR-US: MKBold-MKItalic +CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) + NOT-FOR-US: STSF in Solaris +CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) + NOT-FOR-US: Stormy Studios Knet +CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...) + NOT-FOR-US: CIS Webserver +CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...) + NOTE: don't know if we are vulnerable, I've mailed maintainers -- Djoume + TODO: check +CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) + NOT-FOR-US: phpWebSite +CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...) + NOT-FOR-US: PunBB +CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...) + NOT-FOR-US: PunBB +CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...) + NOT-FOR-US: PunBB +CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) + NOT-FOR-US: Soldier of Fortune II +CVE-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...) + - phpmyadmin 3:2.6.1-pl2-1 +CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...) + NOT-FOR-US: Golden FTP Server +CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...) + NOT-FOR-US: phpWebSite +CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...) + NOT-FOR-US: Microsoft Word +CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...) + NOT-FOR-US: Microsoft +CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) + NOT-FOR-US: MSN Messenger +CVE-2005-0561 + RESERVED +CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...) + NOT-FOR-US: Exchange server +CVE-2005-0559 + RESERVED +CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...) + NOT-FOR-US: Microsoft Word +CVE-2005-0557 + RESERVED +CVE-2005-0556 + RESERVED +CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) + NOT-FOR-US: MSIE +CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...) + NOT-FOR-US: MSIE +CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...) + NOT-FOR-US: MSIE +CVE-2005-0552 + RESERVED +CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...) + NOT-FOR-US: Microsoft +CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) + NOT-FOR-US: Microsoft +CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) + NOT-FOR-US: Solaris +CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) + NOT-FOR-US: Solaris +CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...) + NOT-FOR-US: ftpd on HP-UX +CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...) + - cyrus21-imapd 2.1.18-1 +CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...) + NOT-FOR-US: MS Office +CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...) + - phpmyadmin 3:2.6.1-pl2-1 +CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...) + - phpmyadmin 3:2.6.1-pl2-1 +CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...) + NOT-FOR-US: Cyclades AlterPath Manager +CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...) + NOT-FOR-US: Cyclades AlterPath Manager +CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...) + NOT-FOR-US: Cyclades AlterPath Manager +CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) + NOT-FOR-US: IBM +CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...) + NOT-FOR-US: ginp +CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) + NOT-FOR-US: iGeneric (iG) Shop +CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) + - mediawiki 1.4.9 (bug #276057) +CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...) + NOT-FOR-US: Trend Micro AntiVirus +CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) + - kernel-source-2.6.8 2.6.8-14 + NOTE: 2.4.27 seems to be unaffected +CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...) + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.4.27 2.4.27-9 +CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...) + - kernel-source-2.6.8 2.6.8-14 + NOTE: affects only 2.6 (see #296906) +CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...) + - kernel-source-2.6.8 2.6.8-14 + NOTE: 2.4.27 seems to be unaffected +CVE-2005-0528 + RESERVED +CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) + - mozilla-firefox 1.0.1 + NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. + - mozilla 2:1.7.6 +CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) + NOT-FOR-US: PBLang +CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) + {DSA-729-1 DSA-708-1} + - php4 4:4.3.10-10 + - php3 3:3.0.18-31 +CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) + NOTE: php3 not affected + - php4 4:4.3.10-10 +CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) + {DSA-719-1} + - prozilla 1:1.3.7.4-1 +CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...) + NOT-FOR-US: Chat Anywhere +CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...) + NOT-FOR-US: SendLink +CVE-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...) + NOT-FOR-US: ArGoSoft +CVE-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...) + NOT-FOR-US: ArGoSoft +CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) + NOT-FOR-US: eXeem +CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...) + NOT-FOR-US: PeerFTP +CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...) + NOT-FOR-US: ImageGalleryPlugin for Twiki +CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...) + NOT-FOR-US: My Firewall Plus +CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...) + NOT-FOR-US: Verity Ultraseek +CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...) + NOT-FOR-US: pMachine +CVE-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...) + NOT-FOR-US: Mambo +CVE-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...) + NOT-FOR-US: vBulletin +CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) + NOT-FOR-US: fallback-reboot +CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) + NOTE: default config of Mono not vulnerable + - mono 1.1.6-4 (medium) +CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) + - batik 1.5.1-1 +CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) + NOT-FOR-US: SD Server +CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...) + NOT-FOR-US: Avaya IP Office Phone Manager +CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) + - irm 1.5.3.1-1 +CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) + - kernel-source-2.6.8 2.6.8-12 + - kernel-source-2.6.9 2.6.9-5 + - kernel-source-2.6.10 2.6.10-2 + - kernel-source-2.4.27 2.4.27-8 +CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...) + - uim 1:0.4.6beta2-1 +CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) + NOT-FOR-US: Xinkaa +CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...) + NOT-FOR-US: Bontago +CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) + NOT-FOR-US: MSIE6 +CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...) + NOT-FOR-US: Gigafast router +CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...) + NOT-FOR-US: Gigafast router +CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...) + NOT-FOR-US: ADP Elite System +CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...) + NOT-FOR-US: Arkeia Network Backup +CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...) + NOT-FOR-US: ZeroBoard +CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...) + NOT-FOR-US: Thomson TCW690 cable modem +CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...) + NOT-FOR-US: Biz Mail From +CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...) + NOT-FOR-US: Acrobat Reader +CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...) + NOT-FOR-US: Arkeia Server Backup +CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...) + - curl 7.13.0-2 +CVE-2005-0489 + RESERVED +CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) + TODO: check heimdal, netkit-telnet-ssl + - krb4 <unfixed> (low) + - krb5 <unfixed> (low) + - netkit-telnet <not-affected> (netkit-telnet is not affected) +CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...) + NOT-FOR-US: Kyako ESupport +CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...) + NOT-FOR-US: Tarantella Secure Global Desktop +CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...) + NOT-FOR-US: paNews +CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) + NOT-FOR-US: GProFTPD +CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...) + NOT-FOR-US: Glftpd +CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) + NOT-FOR-US: TrackerCam +CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) + NOT-FOR-US: TrackerCam +CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...) + NOT-FOR-US: TrackerCam +CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...) + NOT-FOR-US: TrackerCam +CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...) + NOT-FOR-US: TrackerCam +CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...) + NOT-FOR-US: Invision Power Board +CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...) + NOT-FOR-US: hpm_guestbook.cgi +CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...) + NOT-FOR-US: paFAQ +CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...) + - webcalendar 0.9.45-3 +CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...) + - gaim 1:1.1.3-1 +CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...) + {DSA-716-1} + - gaim 1:1.1.3-1 +CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...) + NOT-FOR-US: SUN JRE +CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...) + - wpasupplicant 0.3.8-1 +CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...) + {DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1} + - krb4 1.2.2-11.2 (bug #306141) + - krb5 1.3.6-2 + - netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036) + - netkit-telnet 0.17-28 + - heimdal 0.6.3-10 +CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) + {DSA-731-1 DSA-703-1} + - krb5 1.3.6-2 + - krb4 1.2.2-11.2 (bug #306141) + TODO: check netkit-telnet, netkit-telnet-ssl +CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...) + - putty 0.57-1 +CVE-2005-0466 + RESERVED +CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...) + NOT-FOR-US: SGI IRIX +CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...) + NOT-FOR-US: SGI IRIX +CVE-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) + NOT-FOR-US: ulog-php +CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) + NOT-FOR-US: MercuryBoard +CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...) + NOT-FOR-US: NewsBruiser +CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...) + NOT-FOR-US: MercuryBoard +CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...) + NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> : + NOTE: I think it is not a problem on Debian as far as everybody knows the full + NOTE: path of phpMyAdmin is /usr/share/phpmyadmin. +CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...) + NOT-FOR-US: oscommerce +CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...) + NOT-FOR-US: Opera +CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...) + NOT-FOR-US: Opera +CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) + NOT-FOR-US: Real +CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) + NOT-FOR-US: DCP-Portal +CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) + NOT-FOR-US: Lighttpd +CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Sami HTTP Server +CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...) + NOT-FOR-US: Sami HTTP Server +CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) + NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html + NOTE: The vulnerable code has been removed from the kernel in favor of a better + NOTE: fix between 2.6.11 and 2.6.12, see + NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82" + - kernel-source-2.6.8 2.6.8-14 (bug #295949; high) + - linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12) +CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) + {DSA-696-1} + - perl 5.8.4-7 +CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...) + NOT-FOR-US: Quake3 +CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Solaris +CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...) + {DSA-688-1} + - squid 2.5.8-3 +CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...) + NOTE: Not in testing, only sid + NOTE: Was once part of Debian, but has been removed +CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...) + NOT-FOR-US: VMware +CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...) + NOT-FOR-US: CubeCart +CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...) + NOT-FOR-US: CubeCart +CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...) + NOT-FOR-US: Sybase +CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...) + - elog 2.5.7+r1558-1 +CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...) + - elog 2.5.7+r1558-1 +CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...) + - awstats 6.3-1 +CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...) + - awstats 6.3-1 +CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...) + - awstats 6.3-1 +CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...) + - awstats 6.3-1 +CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...) + NOT-FOR-US: PHP-Nuke +CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...) + NOT-FOR-US: BEA WebLogic Server +CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...) + NOT-FOR-US: Barracuda Spam Firewall +CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...) + NOT-FOR-US: vBulletin +CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) + - pdns 2.9.16-6 +CVE-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...) + - webmin 1.180-1 +CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...) + NOT-FOR-US: Solaris +CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...) + NOT-FOR-US: Websphere +CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...) + NOT-FOR-US: ASPjar Guestbook +CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...) + NOT-FOR-US: ASPjar Guestbook +CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...) + NOT-FOR-US: DelphiTurk +CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...) + NOT-FOR-US: DelphiTurk +CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...) + NOT-FOR-US: Microsoft +CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...) + NOT-FOR-US: 3com +CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) + NOT-FOR-US: Sun Java +CVE-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...) + NOT-FOR-US: IBM DB2 +CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) + NOT-FOR-US: Windows +CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...) + NOT-FOR-US: Emdros +CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...) + NOT-FOR-US: MercuryBoard +CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...) + NOT-FOR-US: MyPHP Forum +CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...) + NOT-FOR-US: Spidean PostWrap +CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) + NOT-FOR-US: CitrusDB +CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...) + NOT-FOR-US: CitrusDB +CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...) + NOT-FOR-US: CitrusDB +CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) + NOT-FOR-US: CitrusDB +CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) + NOT-FOR-US: Openconf +CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) + TODO: check all softwares that modifies JPEG images in Debian... + - imagemagick <unfixed> (bug #298051; low) +CVE-2005-0405 + RESERVED +CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) + NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html + NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 + NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html + NOTE: see http://secunia.com/advisories/14925 + NOTE: kde maintainers informed of it by security team + - kdepim <unfixed> (bug #305601; medium) + NOTE: On woody, kmail is part of kdenetwork, but there is no GnuPG + NOTE: support, so this issue is not very important. +CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...) + - glibc <not-affected> (Specific to the NPTL backport for RHEL 3) +CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) + - mozilla-firefox 1.0.2-1 +CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...) + - mozilla-firefox 1.0.2-1 + - mozilla-thunderbird 1.0.2-1 +CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...) + - kernel-source-2.4.27 2.4.27-10 (bug #303294) + - kernel-source-2.6.8 2.6.8-16 (bug #303294) +CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...) + - mozilla-firefox 1.0.2-1 + - mozilla-thunderbird 1.0.2-1 +CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...) + - racoon 1:0.5-5 +CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...) + {DSA-702-1} + - imagemagick 6:6.0.6.2-2.2 (bug #297990) +CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...) + NOTE: fix in -4 was broken + - kdelibs 4:3.3.2-6 +CVE-2005-0395 + REJECTED +CVE-2005-0394 + RESERVED +CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...) + {DSA-733-1} + TODO: check +CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...) + {DSA-725-2 DSA-725-1} + TODO: check +CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) + {DSA-712-1} + - geneweb 4.10-7 (bug #304405) +CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...) + {DSA-706-1} + - axel 1.0b-1 +CVE-2005-0389 + REJECTED +CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...) + {DSA-704-1} + - remstats 1.0.13a-5 +CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...) + {DSA-704-1} + - remstats 1.0.13a-5 +CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) + {DSA-700-1} + - mailreader 2.3.29-11 +CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...) + {DSA-693-1} + - luxman 0.41-20 (bug #299857) +CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...) + - kernel-source-2.6.8 2.6.8-15 + - kernel-source-2.4.27 2.4.27-9 +CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...) + NOT-FOR-US: Breed game +CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...) + NOT-FOR-US: forumKIT +CVE-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...) + NOT-FOR-US: ZeroBoard +CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...) + NOT-FOR-US: ZeroBoard +CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...) + NOTE: horde 2.0 not vulnerable +CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) + NOT-FOR-US: sgallery +CVE-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...) + NOT-FOR-US: sgallery +CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...) + NOT-FOR-US: sgallery +CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...) + NOT-FOR-US: bitboard +CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...) + NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details + NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there + NOTE: cyrus-sasl2 already has patch applied + NOTE: cyrus-sasl code seems too old for any of the problems to apply +CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...) + {DSA-686-1} + - gftp 2.0.18-1 + NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong. +CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) + - armagetron <unfixed> (bug #296840; low) +CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) + - armagetron 0.2.7.0-1 +CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) + - armagetron 0.2.7.0-1 +CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...) + NOT-FOR-US: CMScore +CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...) + NOT-FOR-US: ArGoSoft Mail Server +CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...) + - gnupg 1.4.1-1 +CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...) + NOT-FOR-US: bind on hp-ux +CVE-2005-0361 + RESERVED +CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...) + NOT-FOR-US: Microsoft +CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...) + NOT-FOR-US: EMC Legato +CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...) + NOT-FOR-US: EMC Legato +CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...) + NOT-FOR-US: EMC Legato +CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) + NOTE: linux is not vulnerable, see #310804 + - kfreebsd5-source 5.3-15 (medium) +CVE-2005-0355 + RESERVED +CVE-2005-0354 + RESERVED +CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...) + NOT-FOR-US: Sentinel License Manager +CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...) + NOT-FOR-US: Servers Alive +CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...) + NOT-FOR-US: SCO OpenServer +CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...) + NOT-FOR-US: F-Secure Anti-Virus +CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...) + NOT-FOR-US: BrightStor ARCserve Backup +CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...) + - kdelibs 4:3.3.2-2 +CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...) + {DSA-682-1} + - awstats 6.2-1.2 +CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...) + - awstats 6.2-1.2 + NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff + NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf +CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...) + NOT-FOR-US: Woltlab Burning Book +CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...) + NOT-FOR-US: RealArcade +CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...) + NOT-FOR-US: RealArcade +CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) + NOT-FOR-US: SafeNet +CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...) + NOT-FOR-US: php-fusion +CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...) + NOT-FOR-US: 602LAN SUITE +CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) + NOT-FOR-US: PerlDesk +CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...) + NOT-FOR-US: Apple +CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...) + NOT-FOR-US: Apple +CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...) + NOT-FOR-US: Apple +CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...) + NOT-FOR-US: Foxmail +CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...) + NOT-FOR-US: Savant Web Server +CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...) + - postfix 2.1.4-5 +CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...) + NOT-FOR-US: eMotion MediaPartner +CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...) + NOT-FOR-US: eMotion MediaPartner +CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) + NOT-FOR-US: Linksys +CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...) + NOT-FOR-US: LanChat +CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...) + NOT-FOR-US: DeskNow Mail server +CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) + NOT-FOR-US: Winrar +CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...) + NOT-FOR-US: Painkiller +CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) + NOT-FOR-US: ZipGenius +CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...) + NOT-FOR-US: Netgear +CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...) + NOT-FOR-US: PafileDB +CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) + NOT-FOR-US: PafileDB +CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...) + NOT-FOR-US: Xpand Rally +CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...) + NOT-FOR-US: Infinite Mobile Delivery Webmail +CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...) + NOT-FOR-US: Infinite Mobile Delivery Webmail +CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...) + NOT-FOR-US: Merak Mail server +CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...) + NOT-FOR-US: Merak Mail server +CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...) + NOT-FOR-US: Merak Mail server +CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...) + NOT-FOR-US: Webadmin +CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...) + NOT-FOR-US: Webadmin +CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...) + NOT-FOR-US: Webadmin +CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) + NOT-FOR-US: WebWasher +CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) + NOT-FOR-US: Magic Winmail +CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) + NOT-FOR-US: Magic Winmail +CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...) + NOT-FOR-US: Magic Winmail +CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...) + NOT-FOR-US: WarFTPD under NT +CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) + NOT-FOR-US: Ingate +CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) + NOT-FOR-US: Exponent +CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) + NOT-FOR-US: Exponent +CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...) + NOT-FOR-US: W32Dasm +CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + NOT-FOR-US: MercuryBoard +CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...) + NOT-FOR-US: MercuryBoard +CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...) + NOT-FOR-US: Siteman +CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...) + NOT-FOR-US: DivX Player +CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + NOT-FOR-US: BackOffice Lite +CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) + NOT-FOR-US: BackOffice Lite +CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...) + NOT-FOR-US: BackOffice Lite +CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) + - jsboard 2.0.10-1 +CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...) + - gforge 3.1-26 +CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...) + NOT-FOR-US: Oracle +CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...) + NOT-FOR-US: Oracle +CVE-2005-0296 (** DISPUTED ** ...) + NOT-FOR-US: Novell +CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...) + NOT-FOR-US: nProtect +CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) + NOT-FOR-US: Minis +CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...) + NOT-FOR-US: Minis +CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...) + NOT-FOR-US: phpGiftReg +CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) + NOT-FOR-US: NetGear +CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...) + NOT-FOR-US: NetGear +CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...) + NOT-FOR-US: Apple +CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...) + NOT-FOR-US: BottomLine WebSeries +CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...) + NOT-FOR-US: BottomLine WebSeries +CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) + NOT-FOR-US: eMotion MediaPartner +CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...) + NOT-FOR-US: BottomLine WebSeries +CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) + NOT-FOR-US: QwikiWiki +CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) + NOT-FOR-US: MyBB +CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) + NOT-FOR-US: Soldner Secret +CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...) + NOT-FOR-US: Soldner Secret +CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...) + NOT-FOR-US: Soldner Secret +CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) + NOT-FOR-US: 3COM 3CDaemon +CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...) + NOT-FOR-US: 3COM 3CDaemon +CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...) + NOT-FOR-US: 3COM 3CDaemon +CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) + NOT-FOR-US: 3COM 3CDaemon +CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) + NOT-FOR-US: PhotoPost +CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) + NOT-FOR-US: PhotoPost +CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...) + NOT-FOR-US: ReviewPost +CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...) + NOT-FOR-US: ReviewPost +CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) + NOT-FOR-US: ReviewPost +CVE-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...) + NOT-FOR-US: GNUBoard +CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...) + NOT-FOR-US: FlatNuke +CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...) + NOT-FOR-US: FlatNuke +CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) + NOT-FOR-US: SugerCRM +CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...) + NOT-FOR-US: OWL intranet +CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...) + NOT-FOR-US: OWL intranet +CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...) + NOT-FOR-US: AIX +CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...) + NOT-FOR-US: AIX +CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...) + NOT-FOR-US: AIX +CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...) + NOT-FOR-US: ARCserve Backup +CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...) + - phpbb2 2.0.12-1 +CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...) + - phpbb2 2.0.12-1 +CVE-2005-0257 + RESERVED +CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...) + {DSA-705-1} + - wu-ftpd 2.6.2-19 +CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...) + - mozilla-firefox 1.0.1 + NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. + - mozilla 2:1.7.6 +CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) + NOT-FOR-US: BibORB +CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) + NOT-FOR-US: BibORB +CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...) + NOT-FOR-US: BibORB +CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...) + NOT-FOR-US: BibORB +CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...) + NOT-FOR-US: AIX +CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...) + NOT-FOR-US: Symantec AntiVirus Library +CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...) + NOT-FOR-US: Solaris +CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...) + {DSA-683-1} + - postgresql 7.4.7-2 +CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...) + - postgresql 7.4.7-1 +CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...) + {DSA-683-1} + - postgresql 7.4.7-1 +CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) + - postgresql 7.4.7-1 +CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) + NOT-FOR-US: Yahoo! Messenger +CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) + NOT-FOR-US: Yahoo! Messenger +CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) + - squid 2.5.7-7 +CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) + NOT-FOR-US: AIX +CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) + NOT-FOR-US: S/MIME plugin +CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) + NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381 + - epiphany-browser 1.4.8-2 +CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...) + - kdelibs 4:3.3.2-3 +CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...) + NOT-FOR-US: Omniweb +CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...) + NOT-FOR-US: Opera +CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...) + NOT-FOR-US: Safari +CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...) + NOTE: IDN is now disabled by default in firefox, but there may be a more elegant + NOTE: solution in the future + - mozilla-firefox 1.0.1-1 + - mozilla 2:1.7.6-1 +CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...) + - mozilla-firefox 1.0+dfsg.1-6 +CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) + - mozilla-firefox 1.0+dfsg.1-6 +CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) + NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link + NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers + NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser + NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF + NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet. + NOT-FOR-US: Firefox on Windows +CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) + NOT-FOR-US: CitrusDB +CVE-2005-0228 + REJECTED +CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...) + {DSA-668-1} + - postgresql 7.4.7-1 +CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...) + NOT-FOR-US: ngIRCd +CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...) + - firehol 1.214-4 +CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...) + NOT-FOR-US: HP-UX +CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...) + NOT-FOR-US: Java SDK and RTE for Tru64 UNIX +CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...) + - gallery 1.4.4-pl5-1 +CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...) + - gallery 1.4.4-pl5-1 +CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...) + - gallery 1.4.4-pl5-1 +CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...) + - gallery 1.4.4-pl5-1 +CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...) + NOT-FOR-US: Invision Community Blog +CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...) + NOT-FOR-US: Woltlab Burning Board Lite +CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...) + NOT-FOR-US: Mozilla 1.6 for Windows +CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...) + NOT-FOR-US: SPHPBlog +CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...) + NOT-FOR-US: WinHKI +CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...) + NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier +CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...) + {DSA-667-1} + - squid 2.5.7-6 +CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...) + NOTE: fixed in ubuntu kernels + NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant + NOTE: was bug #300838 + - kernel-source-2.6.8 2.6.8-15 + - kernel-source-2.4.27 2.4.27-9 +CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...) + NOTE: <horms> all kernels seem to be clear with regards to 2005-0209 + NOTE: <dilinger> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is in all our kernels + - kernel-source-2.4.27 2.4.27-9 +CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) + - gaim 1:1.1.4 +CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...) + NOTE: this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch + NOTE: http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA + NOTE: fixed in upstream 2.6.10, 2.6.9 is dead + - kernel-source-2.6.8 2.6.8-14 +CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) + NOTE: turns out that xpdf, kpdf, tetex-bin and pdftohtml were patched for CVE-2004-0888 with + NOTE: a fixed patch from the beginning, cupsys doesn't include xpdf code any more + NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 + NOTE: gpdf ok, all implementations seem ok +CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) + {DSA-692-1} + - kdenetwork 4:3.1.6 +CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...) + NOTE: According to a question on linux-kernel 2.6 is not vulnerable + - kernel-source-2.4.27 2.4.27-12 (bug #296700) +CVE-2005-0203 + REJECTED +CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...) + {DSA-674-1} + - mailman 2.1.5-6 +CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...) + - dbus 0.22 +CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) + NOT-FOR-US: TikiWiki +CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...) + NOT-FOR-US: ngIRCd +CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...) + NOT-FOR-US: Cisco +CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...) + NOT-FOR-US: Cisco +CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...) + NOT-FOR-US: Cisco +CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...) + {DSA-667-1} + - squid 2.5.7-7 +CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...) + NOT-FOR-US: mRouter in iSync in OS X +CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...) + NOT-FOR-US: RealPlayer +CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...) + NOT-FOR-US: RealPlayer +CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...) + NOT-FOR-US: RealPlayer +CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...) + NOT-FOR-US: RealPlayer +CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...) + NOT-FOR-US: AtHoc toolbar +CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...) + NOT-FOR-US: AtHoc toolbar +CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...) + NOT-FOR-US: CIsco +CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...) + NOT-FOR-US: NodeManager Professional +CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...) + NOT-FOR-US: vacation plugin +CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...) + NOT-FOR-US: vacation plugin +CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...) + NOT-FOR-US: mod_dosevasive module for apache +CVE-2005-0181 + RESERVED +CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...) + - kernel-source-2.6.8 2.6.8-12 + - kernel-source-2.6.9 2.6.9-5 + - kernel-source-2.6.10 2.6.10-2 +CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...) + NOTE: Does not apply to 2.6.8 + NOTE: Fix in 2.6.9-6 pending upload + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-4 +CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...) + NOTE: see USN-82-1 + NOTE: <horms> hacim: at a cursory glance, 2.4.27 does not seem to have been fixed with regards to that problem + NOTE: <horms> although it was supposed to be fixed in 2.4.25-2 according to my notes + NOTE: <horms> i would try asking marcello + NOTE: reponse from Marcelo: No - v2.4 is safe because back there current->signal was not shared. + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-6 +CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...) + NOTE: According to joshk, doesn't apply to 2.4.27 + NOTE: see USN-82-1 + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-6 +CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...) + NOTE: see USN-82-1 + NOTE: only affects 2.6.9 + - kernel-source-2.6.9 2.6.9-6 +CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...) + - clamav 0.81 +CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...) + - uw-imap 7:2002edebian1-6 +CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) + {DSA-667-1} + - squid 2.5.7-6 +CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) + - squid 2.5.7-6 +CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...) + {DSA-667-1} + - squid 2.5.7-4 +CVE-2005-0172 + RESERVED +CVE-2005-0171 + RESERVED +CVE-2005-0170 + RESERVED +CVE-2005-0169 + RESERVED +CVE-2005-0168 + RESERVED +CVE-2005-0167 + RESERVED +CVE-2005-0166 + RESERVED +CVE-2005-0165 + RESERVED +CVE-2005-0164 + RESERVED +CVE-2005-0163 + RESERVED +CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...) + - openswan 2.3.0-2 + NOTE: does not seem to affect freeswan +CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...) + - unace 1.2b-3 +CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...) + - unace 1.2b-3 +CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...) + {DSA-679-1} + - toolchain-source 3.4-5 +CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) + {DSA-687-1} + - bidwatcher 1.3.17-1 +CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...) + {DSA-720-1} + - smartlist 3.15-18 +CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...) + - perl 5.8.4-6 +CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...) + - perl 5.8.4-6 + - mooix 1.0rc5.pre4 +CVE-2005-0154 + RESERVED +CVE-2005-0153 + RESERVED +CVE-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...) + {DSA-662-1} + NOTE: This bug exists only in version 1.2.6. +CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) + NOT-FOR-US: Adobe License Management Software +CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) + - mozilla-firefox 1.0 +CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) + - mozilla-thunderbird 0.7 + - mozilla 2:1.7.4 +CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...) + NOT-FOR-US: thunderbird on windows +CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...) + - mozilla-firefox 1.0 +CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...) + - mozilla-firefox 1.0 + - mozilla-thunderbird 0.7 + - mozilla 2:1.7.5 +CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) + NOT-FOR-US: PeID +CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...) + NOT-FOR-US: Irix +CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...) + NOT-FOR-US: Irix +CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) + NOTE: Does not affect 2.6 based kernels in Debian + - kernel-source-2.4.27 2.4.27-10 (bug #308584) +CVE-2005-0136 + RESERVED + - kernel-source-2.6.8 2.6.8-14 +CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) + - kernel-source-2.6.8 2.6.8-14 +CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...) + NOT-FOR-US: SCO UnixWare +CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...) + - clamav 0.80-0.81rc1-1 +CVE-2005-0132 + RESERVED +CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...) + - konversation 0.15-3 +CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...) + - konversation 0.15-3 +CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) + - konversation 0.15-3 +CVE-2005-0128 + RESERVED +CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) + NOT-FOR-US: MacOS +CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) + NOT-FOR-US: MacOS +CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) + NOT-FOR-US: MacOS +CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) + - kernel-source-2.4.27 2.4.27-8 + NOTE: 2.6.8 apparently ok +CVE-2005-0123 + RESERVED +CVE-2005-0122 + REJECTED +CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) + NOT-FOR-US: golddig +CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...) + NOT-FOR-US: helvis +CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...) + NOT-FOR-US: helvis +CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...) + NOT-FOR-US: helvis +CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...) + - xshisen 1.51-1-1.1 (bug #289784) +CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) + - awstats 6.2-1.1 +CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...) + NOT-FOR-US: DataRescue Interactive Disassembler +CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...) + NOT-FOR-US: ZoneAlarm +CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...) + NOT-FOR-US: IRIX +CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...) + NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point +CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...) + - maxdb-7.5.00 7.5.00.18 +CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) + NOT-FOR-US: MSIE +CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...) + NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical + NOTE: attack, paranoid people should disable hyper threading + - kfreebsd5-source 5.3-11 +CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...) + {DSA-659-1} + - libapache-mod-auth-radius 1.5.7-6 + - libpam-radius-auth 1.3.16-3 +CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...) + {DSA-690-1} + - bsmtpd 2.3pl8b-16 +CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...) + - libnet-ssleay-perl 1.25-1.1 +CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...) + {DSA-684-1} + - typespeed 0.4.4-8 +CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...) + {DSA-662-1} + TODO: check + - squirrelmail 2:1.4.4 +CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...) + - squirrelmail 2:1.4.4-1 +CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...) + {DSA-673-1} + - evolution 2.0.3-1.2 +CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...) + - newspost 2.1.1-2 +CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...) + {DSA-685-1 DSA-671-1 DSA-670-1} + - emacs21 21.3+1-9 + - xemacs21 21.4.16-2 +CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...) + {DSA-691-1} + NOTE: abuse is only in woody. +CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...) + {DSA-691-1} + NOTE: abuse is only in woody. +CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...) + - squid 2.5.7-4 +CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...) + - squid 2.5.7-4 +CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...) + {DSA-651-1} + - squid 2.5.7-4 +CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...) + {DSA-651-1} + - squid 2.5.7-4 +CVE-2005-0093 + REJECTED +CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) + NOTE: apparently specific to redhat hugemem kernel +CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) + NOTE: apparently specific to redhat hugemem kernel +CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) + NOTE: apparently specific to redhat hugemem kernel +CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...) + {DSA-666-1} + - python2.2 2.2.3-14 + - python2.3 2.3.4+2.3.5c1-2 + - python2.4 2.4-5 +CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...) + {DSA-689-1} + - libapache2-mod-python 3.1.3-3 + - libapache-mod-python 2:2.7.10-4 +CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) + NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9 + - alsa-lib 1.0.9-1 +CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) + NOT-FOR-US: redhat specific less bug +CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) + {DSA-680-1} + - htdig 1:3.1.6-11 +CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) + {DSA-653-1} + - ethereal 0.10.9-1 +CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...) + NOTE: advisory is vague but implies non-Windows platforms may be vulnerable. +CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...) + - maxdb-7.5.00 7.5.00.21-1 +CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...) + - maxdb-7.5.00 7.5.00.21-1 +CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) + - mailman 2.1.5-5 +CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...) + {DSA-649-1} + TODO: check +CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...) + {DSA-660-1} + TODO: check +CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...) + {DSA-658-1} + TODO: check +CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...) + {DSA-672-1} + - xview 3.2p1.4-19 +CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...) + - squirrelmail 2:1.4.4-1 +CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...) + {DSA-676-1} + - xpcd 2.08-11.1 +CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...) + {DSA-677-1} + - sympa 4.1.2-2.1 +CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...) + {DSA-655-1} + TODO: check +CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...) + {DSA-656-1} + TODO: check +CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...) + {DSA-681-1} + TODO: check +CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...) + - vim 1:6.3-058+1 +CVE-2005-0068 (The original design of ICMP does not require authentication for ...) + NOTE: general icmp design error +CVE-2005-0067 (The original design of TCP does not require that port numbers be ...) + NOTE: general tcp design error, no indication it affects linux +CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...) + NOTE: general tcp design error +CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) + NOTE: general tcp design error +CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...) + {DSA-648-1 DSA-645-1} + - xpdf 3.00-13 + - gpdf 2.8.2-1.2 + - pdftohtml 0.36-11 + - kdegraphics 4:3.3.2-2 + - tetex-bin 2.0.2-26 + NOTE: only affects source package, not used in binary + - cupsys <unfixed> (bug #324459; unimportant) +CVE-2005-0063 (The document processing application used by the Windows Shell in ...) + NOT-FOR-US: Microsoft +CVE-2005-0062 + RESERVED +CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) + NOT-FOR-US: Microsoft +CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...) + NOT-FOR-US: Microsoft +CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...) + NOT-FOR-US: Microsoft +CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...) + NOT-FOR-US: TAPI for Windows +CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...) + NOT-FOR-US: Microsoft +CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...) + NOT-FOR-US: Microsoft +CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...) + NOT-FOR-US: Microsoft +CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...) + NOT-FOR-US: Microsoft +CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...) + NOT-FOR-US: Microsoft +CVE-2005-0052 + RESERVED +CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...) + NOT-FOR-US: Microsoft +CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...) + NOT-FOR-US: Microsoft +CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...) + NOT-FOR-US: Microsoft +CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...) + NOT-FOR-US: Microsoft +CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) + NOT-FOR-US: Microsoft +CVE-2005-0046 + RESERVED +CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...) + NOT-FOR-US: Microsoft +CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...) + NOT-FOR-US: Microsoft +CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...) + NOT-FOR-US: iTunes +CVE-2005-0042 + RESERVED +CVE-2005-0041 + RESERVED +CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) + NOT-FOR-US: DotNetNuke +CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) + NOTE: These are known issues of IPSEC and basically every VPN system using + NOTE: encryption without authentication. + NOTE: openswan even prevents such configurations +CVE-2005-0038 + RESERVED +CVE-2005-0037 + RESERVED +CVE-2005-0036 + RESERVED +CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...) + NOT-FOR-US: Adobe +CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) + NOTE: only affects bind9 9.3.0, we have an earlier version + NOTE: fixed in 9.3.1 +CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) + - bind 1:8.4.6-1 +CVE-2005-0032 + RESERVED +CVE-2005-0031 + RESERVED +CVE-2005-0030 + RESERVED +CVE-2005-0029 + RESERVED +CVE-2005-0028 + RESERVED +CVE-2005-0027 + RESERVED +CVE-2005-0026 + RESERVED +CVE-2005-0025 + RESERVED +CVE-2005-0024 + RESERVED +CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...) + - gnome-libs <unfixed> (bug #329156) + - vte <unfixed> (bug #330907) +CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...) + - exim4 4.34-10 +CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...) + {DSA-637-1 DSA-635-1} + TODO: check +CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...) + {DSA-641-1} + TODO: check +CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...) + {DSA-675-1} + - hztty 2.0-6.1 +CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...) + {DSA-661-2} + - f2c 20020621-3.4 (bug #292792) +CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...) + {DSA-661-2} + - f2c 20020621-3.4 (bug #292792) +CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...) + {DSA-640-1} + TODO: check +CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...) + {DSA-650-1} + TODO: check +CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...) + - ncpfs 2.2.6-1 +CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...) + {DSA-665-1} + - ncpfs 2.2.6-1 +CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...) + - dillo 0.8.3-1 +CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...) + - kdeedu 4:3.3.2-2 +CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...) + - ethereal 0.10.9-1 +CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...) + - ethereal 0.10.9-1 +CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...) + - ethereal 0.10.9-1 +CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...) + - ethereal 0.10.9-1 +CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...) + - ethereal 0.10.9-1 +CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) + {DSA-646-1} + - imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033) +CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...) + {DSA-647-1} + - mysql-dfsg-4.1 4.1.8a-6 + - mysql-dfsg 4.0.23-3 +CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...) + - kernel-source-2.4.27 2.4.27-9 + - kernel-source-2.6.8 2.6.8-9 + - kernel-source-2.6.9 2.6.9-3 +CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) + NOT-FOR-US: poppassd_pam +CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...) + NOTE: i386 and smp specific + - kernel-source-2.6.8 2.6.8-13 + - kernel-source-2.4.27 2.4.27-8 + - kernel-image-2.4.27-i386 2.4.27-8 + - kernel-image-2.4.27-speakup 2.4.27-1.1 + - kernel-patch-powerpc-2.6.8 2.6.8-10 |