diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:12:25 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:12:25 +0000 |
commit | abe9ee4b3eee00b6f6a7c9106dd20e41fbf86c95 (patch) | |
tree | 4368abb74de2acf9e323f50472e5e83bc439ff5c /data/CVE/2002.list | |
parent | b52483e988b611ffa7ff016030b0a61101f28219 (diff) |
automatic update
Diffstat (limited to 'data/CVE/2002.list')
-rw-r--r-- | data/CVE/2002.list | 4702 |
1 files changed, 2351 insertions, 2351 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 6af08a4d2c..f0c4a4f9d8 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,8 +1,8 @@ CVE-2002-2447 RESERVED -CVE-2002-2446 +CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2445 +CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password o ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2483 - linux-2.6 2.4.20 @@ -11,7 +11,7 @@ CVE-2002-2444 [snoopy: Security hole in exec cURL] - libphp-snoopy <not-affected> (affected version never was in the repo) NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2 NOTE: http://sourceforge.net/p/snoopy/bugs/13/ -CVE-2002-2443 +CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...) {DSA-2701-1} - krb5 1.10.1+dfsg-6 (bug #708267) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 @@ -44,648 +44,648 @@ CVE-2002-2439 CVE-2002-2438 RESERVED NOT-FOR-US: ancient linux 2.4 issue -CVE-2002-2437 +CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbi ...) - iceweasel 4.0-1 (unimportant) -CVE-2002-2436 +CVE-2002-2436 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox bef ...) - iceweasel 4.0-1 (unimportant) -CVE-2002-2435 +CVE-2002-2435 (The Cascading Style Sheets (CSS) implementation in Microsoft Internet ...) NOT-FOR-US: Internet Explorer -CVE-2002-2434 +CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not p ...) NOT-FOR-US: Novell NetWare -CVE-2002-2433 +CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows rem ...) NOT-FOR-US: Novell NetWare -CVE-2002-2432 +CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...) NOT-FOR-US: Novell NetWare -CVE-2002-2431 +CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows rem ...) NOT-FOR-US: GoAhead WebServer -CVE-2002-2430 +CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a deni ...) NOT-FOR-US: GoAhead WebServer -CVE-2002-2429 +CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ca ...) NOT-FOR-US: GoAhead WebServer -CVE-2002-2428 +CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ca ...) NOT-FOR-US: GoAhead WebServer -CVE-2002-2427 +CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote a ...) NOT-FOR-US: GoAhead WebServer -CVE-2002-2426 +CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...) NOT-FOR-US: predating security tracker -CVE-2002-2425 +CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2424 +CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2423 +CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2422 +CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2421 +CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2420 +CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ex ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2419 +CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2418 +CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2417 +CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is provide ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2416 +CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2415 +CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2414 +CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properl ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2413 +CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2412 +CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2411 +CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2410 +CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive informat ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2409 +CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2408 +CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ema ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2407 +CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2406 +CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2405 +CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth con ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2404 +CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2403 +CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2402 +CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community st ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2401 +CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2400 +CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 al ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2399 +CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2398 +CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2397 +CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass fi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2396 +CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed set ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2395 +CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2394 +CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2393 +CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2392 +CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file locati ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2391 +CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in XO ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2390 +CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2389 +CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document roo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2388 +CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2387 +CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2386 +CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2385 +CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2384 +CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleart ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2383 +CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2382 +CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2381 +CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2380 +CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2379 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2378 +CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2377 +CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2376 +CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2375 +CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibl ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2374 +CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2373 +CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2372 +CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2371 +CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2370 +CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2369 +CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password prot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2368 +CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2367 +CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2366 +CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2365 +CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2364 +CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2363 +CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow lo ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2362 +CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in MyMarke ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2361 +CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify pac ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2360 +CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without roo ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2359 +CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in Mo ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2358 +CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in Op ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2357 +CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2356 +CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative settin ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2355 +CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to back ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2354 +CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2353 +CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbit ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2352 +CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2351 +CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and pos ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2350 +CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreel ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2349 +CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which all ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2348 +CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2347 +CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (O ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2346 +CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2345 +CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2344 +CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail int ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2343 +CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 all ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2342 +CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.d ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2341 +CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in SonicW ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2340 +CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2339 +CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in Script-Sh ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2338 +CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communic ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2337 +CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block atta ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2336 +CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically bl ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2335 +CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web r ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2334 +CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user s ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2333 +CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows r ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2332 +CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a denia ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2331 +CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2330 +CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2329 +CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a d ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2328 +CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V authentic ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2327 +CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2326 +CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2325 +CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2324 +CVE-2002-2324 (The "System Restore" directory and subdirectories, and possibly other ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2323 +CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access contro ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2322 +CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2321 +CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ad ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2320 +CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email mes ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2319 +CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews allow ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2318 +CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.10 ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2317 +CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociR ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2316 +CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7. ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2315 +CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ta ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2314 +CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other domain ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2313 +CVE-2002-2313 (Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2312 +CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2311 +CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote atta ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2310 +CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web docu ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2309 +CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ter ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2308 +CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2307 +CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...) NOT-FOR-US: not processed, predates tracker -CVE-2002-2306 +CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...) NOT-FOR-US: KaZaA Media Desktop -CVE-2002-2305 +CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows rem ...) NOT-FOR-US: Immobilier -CVE-2002-2304 +CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in MyPHPLin ...) NOT-FOR-US: MyPHPLinks -CVE-2002-2303 +CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...) NOT-FOR-US: ShopFactory -CVE-2002-2302 +CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify ...) NOT-FOR-US: ShopFactory -CVE-2002-2301 +CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...) NOT-FOR-US: Lawson Financials -CVE-2002-2300 +CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com N ...) NOT-FOR-US: 3Com NBX ftpd -CVE-2002-2299 +CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware 0. ...) NOT-FOR-US: Thatware -CVE-2002-2298 +CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3 ...) NOT-FOR-US: Thatware -CVE-2002-2297 +CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5 ...) NOT-FOR-US: Thatware -CVE-2002-2296 +CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bul ...) NOT-FOR-US: YABB -CVE-2002-2295 +CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allow ...) NOT-FOR-US: Pico Server -CVE-2002-2294 +CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, E ...) NOT-FOR-US: Symantec Raptor -CVE-2002-2293 +CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...) NOT-FOR-US: Webshots Desktop screensaver -CVE-2002-2292 +CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon ...) NOT-FOR-US: Remote Console Applet in Halycon -CVE-2002-2291 +CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ca ...) NOT-FOR-US: Calisto Internet Talker -CVE-2002-2290 +CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2289 +CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows r ...) NOT-FOR-US: BadBlue -CVE-2002-2288 +CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the physica ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2287 +CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB A ...) NOT-FOR-US: phpBB Advanced Quick Reply Hack -CVE-2002-2286 +CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote ...) NOT-FOR-US: apt-www-proxy -CVE-2002-2285 +CVE-2002-2285 (eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may ...) NOT-FOR-US: eTrust -CVE-2002-2284 +CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to bypa ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2283 +CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not r ...) NOT-FOR-US: Microsoft Windows XP -CVE-2002-2282 +CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searc ...) NOT-FOR-US: McAfee VirusScan -CVE-2002-2281 +CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2280 +CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP addre ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2279 +CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...) NOT-FOR-US: aldap -CVE-2002-2278 +CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in Po ...) NOT-FOR-US: PortailPHP -CVE-2002-2277 +CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...) NOT-FOR-US: PortailPHP -CVE-2002-2276 +CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physi ...) NOT-FOR-US: PHP Board -CVE-2002-2275 +CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the W ...) NOT-FOR-US: Fortres -CVE-2002-2274 +CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the akfing ...) NOT-FOR-US: akfingerd -CVE-2002-2273 +CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...) NOT-FOR-US: Webster HTTP Server -CVE-2002-2272 +CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 thr ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2271 +CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Con ...) NOT-FOR-US: BigFun -CVE-2002-2270 +CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, an ...) NOT-FOR-US: HP-UX -CVE-2002-2269 +CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...) NOT-FOR-US: Webster HTTP Server -CVE-2002-2268 +CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to exec ...) NOT-FOR-US: Webster HTTP Server -CVE-2002-2267 +CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitra ...) - bogofilter 0.9.0.5 -CVE-2002-2266 +CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeetin ...) NOT-FOR-US: NetScreen -CVE-2002-2265 +CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of O ...) NOT-FOR-US: Open Source Internet Solutions -CVE-2002-2264 +CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...) NOT-FOR-US: Internet Group Management Protocol -CVE-2002-2263 +CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 run ...) NOT-FOR-US: HP-UX Visualize Conference -CVE-2002-2262 +CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...) NOT-FOR-US: HP-UX xntpd -CVE-2002-2261 +CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relayi ...) - sendmail 8.12.7 -CVE-2002-2260 +CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in Mozil ...) {DSA-218} - bugzilla 2.14.2-1 -CVE-2002-2259 +CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in S ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2258 +CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service (cr ...) NOT-FOR-US: Moby NetSuite -CVE-2002-2257 +CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c f ...) NOT-FOR-US: libcgi NOTE: this is another libcgi than the one we ship -CVE-2002-2256 +CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...) NOT-FOR-US: pWins -CVE-2002-2255 +CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...) - phpbb2 2.0.13-6sarge3 NOTE: might be fixed in prior versions -CVE-2002-2254 +CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...) - linux-2.6 <not-affected> (Fixed before initial upload into the archive, during 2.4) -CVE-2002-2253 +CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...) - libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded) -CVE-2002-2252 +CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earl ...) NOT-FOR-US: Thatware -CVE-2002-2251 +CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos Lui ...) NOT-FOR-US: Marcos Luiz Onisto -CVE-2002-2250 +CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allo ...) NOT-FOR-US: Sybase -CVE-2002-2249 +CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows r ...) NOT-FOR-US: News Evolution -CVE-2002-2248 +CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...) NOT-FOR-US: Netscape -CVE-2002-2247 +CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allow ...) NOT-FOR-US: Mambo NOTE: mambo is in experimental -CVE-2002-2246 +CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before 3. ...) NOT-FOR-US: VisNetic Website -CVE-2002-2245 +CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a dig ...) NOT-FOR-US: NetBSD ftpd -CVE-2002-2244 +CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...) NOT-FOR-US: Akfingerd -CVE-2002-2243 +CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...) NOT-FOR-US: Akfingerd -CVE-2002-2242 +CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file pe ...) NOT-FOR-US: Apple Package Manager of KisMAC -CVE-2002-2241 +CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3. ...) NOT-FOR-US: Deerfield VisNetic WebSite -CVE-2002-2240 +CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remo ...) NOT-FOR-US: MyServer -CVE-2002-2239 +CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...) NOT-FOR-US: Cisco -CVE-2002-2238 +CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...) NOT-FOR-US: Kunani ODBC FTP Server -CVE-2002-2237 +CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...) NOT-FOR-US: tftp32 TFTP -CVE-2002-2236 +CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy 0 ...) NOT-FOR-US: apt-www-proxy -CVE-2002-2235 +CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...) NOT-FOR-US: vBulletin -CVE-2002-2234 +CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...) NOT-FOR-US: NetScreen ScreenOS -CVE-2002-2233 +CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...) NOT-FOR-US: Enceladus Server Suite -CVE-2002-2232 +CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...) NOT-FOR-US: Enceladus Server Suite -CVE-2002-2231 +CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows rem ...) NOT-FOR-US: Ikonboard -CVE-2002-2230 +CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows rem ...) NOT-FOR-US: Ikonboard -CVE-2002-2229 +CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...) NOT-FOR-US: WebReflex -CVE-2002-2228 +CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...) - mailscanner 4.22.5-1 -CVE-2002-2227 +CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers ...) - ssldump 0.9b3-1 (low) -CVE-2002-2226 +CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote atta ...) NOT-FOR-US: Tftpd32 -CVE-2002-2225 +CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of servic ...) NOT-FOR-US: SafeNet VPN -CVE-2002-2224 +CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allo ...) NOT-FOR-US: PGPFreeware -CVE-2002-2223 +CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cau ...) NOT-FOR-US: NetScreen-Remote -CVE-2002-2222 +CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) NOT-FOR-US: FreeBSD -CVE-2002-2221 +CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2. ...) - chetcpasswd <removed> (medium) -CVE-2002-2220 +CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when conf ...) - chetcpasswd <removed> (medium) -CVE-2002-2219 +CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remo ...) - chetcpasswd <removed> (low) -CVE-2002-2218 +CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in sipssys/c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2217 +CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server Creat ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2216 +CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL strings ...) NOT-FOR-US: 04WebServer -CVE-2002-2215 +CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before 4.3. ...) - php4 4:4.3.2+rc3-1 -CVE-2002-2214 +CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...) - php4 4:4.3.2+rc3-1 -CVE-2002-2213 +CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when res ...) NOT-FOR-US: Infoblox DNS One -CVE-2002-2212 +CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolv ...) NOT-FOR-US: Fujitsu UXP/V -CVE-2002-2211 +CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...) - bind <removed> (unimportant) - bind9 <not-affected> (does not send parallel queries) NOTE: Disabling recursion does not close all attack vectors. NOTE: Browser reflection attacks will still work. NOTE: Bind 8 design limitations that are only addressed in bind 9 are not NOTE: treated a security issues, DNS admins need to be aware what they are using -CVE-2002-2210 +CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite f ...) - openoffice.org 1.0.2 -CVE-2002-2209 +CVE-2002-2209 (Unspecified "security vulnerability" in Baby FTP Server versions befor ...) NOT-FOR-US: Baby FTP Server -CVE-2002-2208 +CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...) NOT-FOR-US: IOS -CVE-2002-2207 +CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in decrypti ...) - ssldump 0.9b3 -CVE-2002-2206 +CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows l ...) NOT-FOR-US: Norton AntiVirus -CVE-2002-2205 +CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote attacker ...) NOT-FOR-US: webresolve -CVE-2002-2204 +CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks tha ...) NOTE: verified with rpm 4.4.1, but this can hardly affect debian at NOTE: all since it requires rpm be configured to trust some key, NOTE: which in debian requires a manual and non-documented NOTE: initialization of the rpm database which is not configured in NOTE: the package -CVE-2002-2203 +CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) NOT-FOR-US: Solaris -CVE-2002-2202 +CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...) NOT-FOR-US: Outlook Express -CVE-2002-2201 +CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...) - webmin 1.000 (high) -CVE-2002-2200 +CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attacke ...) NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM) -CVE-2002-2199 +CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...) NOTE: freebsd misconfiguration -CVE-2002-2198 +CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...) - zmailer 2.99.56-1 (high) NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian. -CVE-2002-2197 +CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...) NOT-FOR-US: Solaris -CVE-2002-2196 +CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the enum_csc_policy dat ...) - samba 2.2.5 (high) -CVE-2002-2195 +CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and earlie ...) NOT-FOR-US: Winamp CVE-2002-2194 REJECTED -CVE-2002-2193 +CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...) NOT-FOR-US: Mojo Mail -CVE-2002-2192 +CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...) NOT-FOR-US: Perception LiteServe -CVE-2002-2191 +CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the 'Domino ...) NOT-FOR-US: (Lotus Domino -CVE-2002-2190 +CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext unde ...) NOT-FOR-US: ArtsCore Studios CuteCast Forum -CVE-2002-2189 +CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software Acti ...) NOT-FOR-US: ActiveXperts Software ActiveWebserver -CVE-2002-2188 +CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service (ke ...) NOT-FOR-US: OpenBSD kernel -CVE-2002-2187 +CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, a ...) NOT-FOR-US: Macromedia JRun -CVE-2002-2186 +CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the s ...) NOT-FOR-US: Macromedia JRun -CVE-2002-2185 +CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ca ...) NOTE: fixed in IRIX.. -CVE-2002-2184 +CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) NOT-FOR-US: DigiChat -CVE-2002-2183 +CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) NOT-FOR-US: phpShare -CVE-2002-2182 +CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 al ...) NOT-FOR-US: MSN666 -CVE-2002-2181 +CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited we ...) NOT-FOR-US: SonicWall -CVE-2002-2180 +CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not prope ...) NOT-FOR-US: OpenBSD kernel -CVE-2002-2179 +CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment al ...) NOT-FOR-US: ClearPath MCP -CVE-2002-2178 +CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for php ...) NOT-FOR-US: phpWebSite -CVE-2002-2177 +CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP reque ...) NOT-FOR-US: BEA -CVE-2002-2176 +CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote attacker ...) NOT-FOR-US: Gender MOD -CVE-2002-2175 +CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...) NOT-FOR-US: phpSquidPass -CVE-2002-2174 +CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...) NOT-FOR-US: 602Pro LAN SUITE -CVE-2002-2173 +CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-2172 +CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly allo ...) NOT-FOR-US: Informed Designer, Informed Filler -CVE-2002-2171 +CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...) NOT-FOR-US: acWEB -CVE-2002-2170 +CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 att ...) NOT-FOR-US: BadBlue Enterprise Edition -CVE-2002-2169 +CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...) NOT-FOR-US: AIM -CVE-2002-2168 +CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...) NOT-FOR-US: 123tkShop -CVE-2002-2167 +CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for Thors ...) NOT-FOR-US: 123tkShop -CVE-2002-2166 +CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allow ...) NOT-FOR-US: FuseTalk -CVE-2002-2165 +CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...) NOT-FOR-US: IMHO Webmail for Roxen -CVE-2002-2164 +CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...) NOT-FOR-US: MSIE -CVE-2002-2163 +CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...) NOT-FOR-US: KvPoll -CVE-2002-2162 +CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-2161 +CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...) NOT-FOR-US: Kerio Personal Firewall CVE-2002-2160 REJECTED -CVE-2002-2159 +CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the fir ...) NOT-FOR-US: Linksys hardware -CVE-2002-2158 +CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...) NOT-FOR-US: zenTrack CVE-2002-2157 REJECTED -CVE-2002-2156 +CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-2155 +CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite respon ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-2154 +CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows r ...) NOT-FOR-US: Monkey HTTP Daemon -CVE-2002-2153 +CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...) NOT-FOR-US: Oracle Application Server -CVE-2002-2152 +CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 al ...) NOT-FOR-US: Software602 CVE-2002-2151 REJECTED -CVE-2002-2150 +CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than th ...) NOTE: SYN floods etc generally filed as issues in linux specifically NOTE: if it is affected -CVE-2002-2149 +CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Rout ...) NOT-FOR-US: Lucent Access Point -CVE-2002-2148 +CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Route ...) NOT-FOR-US: Lucent MAX Router CVE-2002-2147 REJECTED -CVE-2002-2146 +CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote attacke ...) NOT-FOR-US: Savant Web Server -CVE-2002-2145 +CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass au ...) NOT-FOR-US: Savant Web Server -CVE-2002-2144 +CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...) NOT-FOR-US: BearShare -CVE-2002-2143 +CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative pas ...) NOT-FOR-US: MySimple News -CVE-2002-2142 +CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...) NOT-FOR-US: BEA -CVE-2002-2141 +CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...) NOT-FOR-US: BEA -CVE-2002-2140 +CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...) NOT-FOR-US: Cisco -CVE-2002-2139 +CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delet ...) NOT-FOR-US: Cisco -CVE-2002-2138 +CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when r ...) NOT-FOR-US: HP Advanced Server -CVE-2002-2137 +CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and poss ...) NOT-FOR-US: GlobalSunTech Wireless Access Points CVE-2002-2136 REJECTED CVE-2002-2135 REJECTED -CVE-2002-2134 +CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: PEEL -CVE-2002-2133 +CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...) NOT-FOR-US: Telindus 1100 ASDL router -CVE-2002-2132 +CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove o ...) NOT-FOR-US: Windows -CVE-2002-2131 +CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows re ...) NOT-FOR-US: Perl-HTTPd -CVE-2002-2130 +CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execut ...) - gallery 1.3.3 (high) -CVE-2002-2129 +CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4 ...) NOT-FOR-US: w-Agora -CVE-2002-2128 +CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...) NOT-FOR-US: w-Agora -CVE-2002-2127 +CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \De ...) NOT-FOR-US: Integrity Protection Driver (IPD) -CVE-2002-2126 +CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) NOT-FOR-US: Integrity Protection Driver (IPD) -CVE-2002-2125 +CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) NOT-FOR-US: MSIE -CVE-2002-2124 +CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: nylon CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - libnss-ldap 199-1 (bug #169793) @@ -693,353 +693,353 @@ CVE-2002-XXXX [sanitizer bypassal through quoted file names] - sanitizer 1.76-1 (bug #149799; medium) [sarge] - sanitizer <not-affected> (Sarge version already fixed) NOTE: This was fixed earlier in fact, but it's unknown when -CVE-2002-2123 +CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for Gal ...) - gallery 1.3.3 -CVE-2002-2122 +CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...) NOT-FOR-US: Pointsec -CVE-2002-2121 +CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attac ...) NOT-FOR-US: SurfControl -CVE-2002-2120 +CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to exec ...) NOT-FOR-US: QNX -CVE-2002-2119 +CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) NOT-FOR-US: Novell eDirectory -CVE-2002-2118 +CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remot ...) NOT-FOR-US: Blue World Lasso Web Data Engine -CVE-2002-2117 +CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Microsoft -CVE-2002-2116 +CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers t ...) NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers -CVE-2002-2115 +CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) L ...) NOT-FOR-US: Hyper NIKKI System (HNS) Lite -CVE-2002-2114 +CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arb ...) - netjuke 1.0b7 -CVE-2002-2113 +CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ar ...) NOT-FOR-US: HTMLsearch -CVE-2002-2112 +CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...) NOT-FOR-US: RCA Digital Cable Modem -CVE-2002-2111 +CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Fwmon -CVE-2002-2110 +CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...) NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E -CVE-2002-2109 +CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...) NOTE: debian's nms-formmail is a reimplementation of old formmail -CVE-2002-2108 +CVE-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony VA ...) NOT-FOR-US: Sony VAIO -CVE-2002-2107 +CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in Verid ...) NOT-FOR-US: OpenKeyServer -CVE-2002-2106 +CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...) NOT-FOR-US: WikkiTikkiTavi -CVE-2002-2105 +CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from boo ...) NOT-FOR-US: Microsoft -CVE-2002-2104 +CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...) NOT-FOR-US: Ganglia PHP RRD Web Client NOTE: not ganglia-monitor -CVE-2002-2103 +CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...) - apache 1.3.24 (low) -CVE-2002-2102 +CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...) - jzlib 0.0.7 (low) -CVE-2002-2101 +CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary Ja ...) NOT-FOR-US: Microsoft -CVE-2002-2100 +CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the fil ...) NOT-FOR-US: Microsoft -CVE-2002-2099 +CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows loc ...) - ddd <not-affected> (ddd is not setuid/gid so not exploitable) -CVE-2002-2098 +CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remot ...) NOT-FOR-US: Axspawn-pam -CVE-2002-2097 +CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...) - maradns 0.9.01 (low) -CVE-2002-2096 +CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWa ...) NOT-FOR-US: Netware -CVE-2002-2095 +CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ar ...) NOT-FOR-US: Joe Testa hellbent 01 webserver -CVE-2002-2094 +CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full pa ...) NOT-FOR-US: Joe Testa hellbent 01 webserver -CVE-2002-2093 +CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...) NOT-FOR-US: SGI IRIX -CVE-2002-2092 +CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ea ...) NOT-FOR-US: OpenBSD/NetBSD/FreeBSD -CVE-2002-2091 +CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, 0. ...) NOT-FOR-US: decfingerd -CVE-2002-2090 +CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) NOT-FOR-US: aucho Technology Resin server -CVE-2002-2089 +CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ar ...) NOT-FOR-US: Solaris -CVE-2002-2088 +CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) NOT-FOR-US: clump/os -CVE-2002-2087 +CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2086 +CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of Sq ...) NOT-FOR-US: magicHTML -CVE-2002-2085 +CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 be ...) NOT-FOR-US: WWWeBBB forum -CVE-2002-2084 +CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...) NOT-FOR-US: Portix -CVE-2002-2083 +CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...) NOT-FOR-US: Novell Netware -CVE-2002-2082 +CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication s ...) NOT-FOR-US: FTGate -CVE-2002-2081 +CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cau ...) NOT-FOR-US: Microsoft -CVE-2002-2080 +CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...) NOT-FOR-US: FTGate -CVE-2002-2079 +CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX ...) - kernel-patch-openmosix <removed> (bug #319621; low) -CVE-2002-2078 +CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FT ...) NOT-FOR-US: FTGate -CVE-2002-2077 +CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear mem ...) NOT-FOR-US: Microsoft -CVE-2002-2076 +CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allo ...) NOT-FOR-US: Lil' HTTP server -CVE-2002-2075 +CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of servi ...) NOT-FOR-US: ICQ -CVE-2002-2074 +CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote a ...) NOT-FOR-US: Mailidx -CVE-2002-2073 +CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on M ...) NOT-FOR-US: Microsoft -CVE-2002-2072 +CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in JR ...) NOT-FOR-US: Sun Java -CVE-2002-2071 +CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Tru64 -CVE-2002-2070 +CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...) NOT-FOR-US: SecureClean -CVE-2002-2069 +CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...) NOT-FOR-US: Proprietary PGP -CVE-2002-2068 +CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are atta ...) NOT-FOR-US: Eraser -CVE-2002-2067 +CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams tha ...) NOT-FOR-US: Eraser -CVE-2002-2066 +CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows a ...) NOT-FOR-US: BCWipe -CVE-2002-2065 +CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' e ...) NOT-FOR-US: WebCalender -CVE-2002-2064 +CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain admin ...) NOT-FOR-US: PhpWebGallery -CVE-2002-2063 +CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and exec ...) NOT-FOR-US: AtGuard -CVE-2002-2062 +CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explor ...) NOT-FOR-US: Microsoft -CVE-2002-2061 +CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earli ...) NOTE: fixed in upstream 1.0.1 NOTE: see http://web.archive.org/web/20090628044831/http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html - mozilla 2:1.1-1 (low) -CVE-2002-2060 +CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash cli ...) - links2 <not-affected> (Fixed before upload into archiv; 2.0pre5) -CVE-2002-2059 +CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) NOT-FOR-US: Intel motherboards -CVE-2002-2058 +CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage statistic ...) NOT-FOR-US: TeeKai -CVE-2002-2057 +CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/ ...) NOT-FOR-US: TeeKai -CVE-2002-2056 +CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows re ...) NOT-FOR-US: TeeKai -CVE-2002-2055 +CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Trac ...) NOT-FOR-US: TeeKai -CVE-2002-2054 +CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the admini ...) NOT-FOR-US: TeeKai -CVE-2002-2053 +CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...) NOT-FOR-US: Cisco -CVE-2002-2052 +CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) NOT-FOR-US: Cisco -CVE-2002-2051 +CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) - modlogan 0.7.12-1 (low) -CVE-2002-2050 +CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) - modlogan 0.7.12-1 (low) -CVE-2002-2049 +CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when down ...) NOTE: one day upstream webserver compromise -CVE-2002-2048 +CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to exe ...) NOT-FOR-US: PFinger -CVE-2002-2047 +CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows rem ...) - sketch 0.6.13-1 (low) -CVE-2002-2046 +CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) NOT-FOR-US: X-News -CVE-2002-2045 +CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...) NOT-FOR-US: x-stat -CVE-2002-2044 +CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...) NOT-FOR-US: x-stat -CVE-2002-2043 +CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...) NOTE: old patch -CVE-2002-2042 +CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allo ...) NOT-FOR-US: QNX -CVE-2002-2041 +CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 al ...) NOT-FOR-US: QNX -CVE-2002-2040 +CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operat ...) NOT-FOR-US: QNX -CVE-2002-2039 +CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...) NOT-FOR-US: QNX -CVE-2002-2038 +CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based s ...) NOT-FOR-US: NGPT NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html NOTE: NPTL does not have this problem. -CVE-2002-2037 +CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier ...) NOT-FOR-US: Cisco -CVE-2002-2036 +CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...) NOT-FOR-US: Sun -CVE-2002-2035 +CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ear ...) NOT-FOR-US: RealityScape -CVE-2002-2034 +CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...) NOT-FOR-US: Email Sanitizer -CVE-2002-2033 +CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...) NOT-FOR-US: FAQManager -CVE-2002-2032 +CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...) NOT-FOR-US: PHPNuke -CVE-2002-2031 +CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...) NOT-FOR-US: Microsoft -CVE-2002-2030 +CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows re ...) NOT-FOR-US: Microsoft -CVE-2002-2029 +CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ s ...) NOT-FOR-US: PHP, Mircrosoft -CVE-2002-2028 +CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...) NOT-FOR-US: Microsoft -CVE-2002-2027 +CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not proper ...) NOT-FOR-US: DOOW -CVE-2002-2026 +CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...) NOT-FOR-US: BrowseFTP -CVE-2002-2025 +CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to caus ...) NOT-FOR-US: Lotus Domino -CVE-2002-2024 +CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root pa ...) - imp 3:2.2.6-5 (high) -CVE-2002-2023 +CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) NOT-FOR-US: We use the OTHER beep program :P -CVE-2002-2022 +CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows l ...) NOTE: only affects old-stable -CVE-2002-2021 +CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbb ...) NOT-FOR-US: wbboard -CVE-2002-2020 +CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default a ...) NOT-FOR-US: Netgear hardware -CVE-2002-2019 +CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in osComme ...) NOT-FOR-US: osCommerce -CVE-2002-2018 +CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...) NOT-FOR-US: SAS/Base -CVE-2002-2017 +CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code b ...) NOT-FOR-US: SAS/Base -CVE-2002-2016 +CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel addr ...) - user-mode-linux 2.4.17-9 (high) -CVE-2002-2015 +CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...) NOT-FOR-US: PostNuke -CVE-2002-2014 +CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) NOT-FOR-US: Lotus Domino -CVE-2002-2013 +CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2012 +CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Lin ...) NOT-FOR-US: Apache -CVE-2002-2011 +CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.c ...) NOT-FOR-US: faqomatic -CVE-2002-2010 +CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht: ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2009 +CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root pat ...) NOT-FOR-US: Tomcat -CVE-2002-2008 +CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) NOT-FOR-US: Tomcat -CVE-2002-2007 +CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remo ...) NOT-FOR-US: Tomcat -CVE-2002-2006 +CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 thro ...) NOT-FOR-US: Tomcat -CVE-2002-2005 +CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1 ...) NOT-FOR-US: Sun -CVE-2002-2004 +CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ca ...) NOT-FOR-US: Compaq -CVE-2002-2003 +CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote at ...) NOT-FOR-US: Compaq -CVE-2002-2002 +CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...) NOT-FOR-US: Compaq -CVE-2002-2001 +CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...) NOT-FOR-US: jmcce -CVE-2002-2000 +CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use pr ...) NOT-FOR-US: OpenVMS -CVE-2002-1999 +CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow rem ...) NOT-FOR-US: VVOS -CVE-2002-1998 +CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...) NOT-FOR-US: UnixWare -CVE-2002-1997 +CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...) NOT-FOR-US: ZoneAlarm -CVE-2002-1996 +CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...) NOT-FOR-US: Postnuke -CVE-2002-1995 +CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...) NOT-FOR-US: Postnuke -CVE-2002-1994 +CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...) NOT-FOR-US: Windows -CVE-2002-1993 +CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...) NOT-FOR-US: WebBBS -CVE-2002-1992 +CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...) NOT-FOR-US: Windows -CVE-2002-1991 +CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary c ...) NOT-FOR-US: osCommerce -CVE-2002-1990 +CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical p ...) NOT-FOR-US: Resin -CVE-2002-1989 +CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service (thre ...) NOT-FOR-US: Resin -CVE-2002-1988 +CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service (memo ...) NOT-FOR-US: Resin -CVE-2002-1987 +CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 al ...) NOT-FOR-US: Resin -CVE-2002-1986 +CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obta ...) NOT-FOR-US: Perception LiteServe -CVE-2002-1985 +CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: iSMTP -CVE-2002-1984 +CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windo ...) NOT-FOR-US: Microsoft -CVE-2002-1983 +CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) NOT-FOR-US: QNX -CVE-2002-1982 +CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in Ic ...) NOTE: verified current version is not vulnerable to exploit -CVE-2002-1981 +CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "publ ...) NOT-FOR-US: Microsoft -CVE-2002-1980 +CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 t ...) NOT-FOR-US: Solaris -CVE-2002-1979 +CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclas ...) NOT-FOR-US: Watchguard SOHO -CVE-2002-1978 +CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewa ...) NOT-FOR-US: IPFilter -CVE-2002-1977 +CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to th ...) NOT-FOR-US: Proprietary PGP -CVE-2002-1976 +CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...) - net-tools <unfixed> (unimportant) NOTE: This seems to be a misunderstanding of what the PROMISC flag NOTE: is about. ifconfig reports properly when it is set using NOTE: "ifconfig promisc". -CVE-2002-1975 +CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt t ...) NOT-FOR-US: Zaurus hardware -CVE-2002-1974 +CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require a ...) NOT-FOR-US: Zaurus hardware -CVE-2002-1973 +CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (I ...) NOT-FOR-US: Microsoft -CVE-2002-1972 +CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch ...) NOT-FOR-US: pp_powerSwitch -CVE-2002-1971 +CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft Networking_Uti ...) NOT-FOR-US: Sourcecraft Networking Utils -CVE-2002-1970 +CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the rul ...) NOT-FOR-US: SnortCenter -CVE-2002-1969 +CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) NOT-FOR-US: Magic Notebook -CVE-2002-1968 +CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) NOT-FOR-US: Com21 hardware -CVE-2002-1967 +CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) NOT-FOR-US: XiRCON -CVE-2002-1966 +CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards Pla ...) NOT-FOR-US: My Postcards Platinum -CVE-2002-1965 +CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitam ...) NOT-FOR-US: Imatix Xitami -CVE-2002-1964 +CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote atta ...) NOT-FOR-US: phpEventCalender -CVE-2002-1963 +CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) NOTE: No kernels in Sarge or sid affected -CVE-2002-1962 +CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to by ...) NOT-FOR-US: SurfinGate -CVE-2002-1961 +CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to by ...) NOT-FOR-US: SurfinGate -CVE-2002-1960 +CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) NOT-FOR-US: Cybozu Share -CVE-2002-1959 +CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrar ...) NOTE: Nagios was packaged for Debian after these vulnerable versions have been released -CVE-2002-1958 +CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...) NOT-FOR-US: kmMail -CVE-2002-1957 +CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9. ...) - pen <not-affected> (pen was introduced after this old vulnerability) -CVE-2002-1956 +CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) - rox 1.3.0-1 -CVE-2002-1955 +CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting CI ...) NOT-FOR-US: Iomega hardware issue -CVE-2002-1954 +CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...) NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a NOTE: php function that displays the PHP logo and version information. In the bug NOTE: log the developers seem unwilling to fix this, as it only affects a debug @@ -1047,1009 +1047,1009 @@ CVE-2002-1954 NOTE: can not reproduce in any versions of php4 in the archive. - php4 <not-affected> (bug #349260; low) - php5 5.1.1-1 (bug #336654; low) -CVE-2002-1953 +CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant Messenge ...) NOT-FOR-US: AIM -CVE-2002-1952 +CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL operati ...) NOT-FOR-US: phpRank -CVE-2002-1951 +CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ex ...) NOT-FOR-US: GoAhead WebServer -CVE-2002-1950 +CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) NOT-FOR-US: phpRank -CVE-2002-1949 +CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) NOT-FOR-US: Iomega NAS -CVE-2002-1948 +CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to exe ...) - gringotts <not-affected> (fixed before Gringotts was in Debian) -CVE-2002-1947 +CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all install ...) - webmin 1.000-2 -CVE-2002-1946 +CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000 ...) NOT-FOR-US: VNSL -CVE-2002-1945 +CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attacker ...) NOT-FOR-US: SmailMail -CVE-2002-1944 +CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) NOT-FOR-US: Motorola Surfboard -CVE-2002-1943 +CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, lea ...) NOT-FOR-US: SafeTP -CVE-2002-1942 +CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive co ...) NOT-FOR-US: Imatix -CVE-2002-1941 +CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote a ...) NOT-FOR-US: RadioBird -CVE-2002-1940 +CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) NOT-FOR-US: LCC-Win32 -CVE-2002-1939 +CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are transfer ...) NOT-FOR-US: FlashFXP -CVE-2002-1938 +CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Virgil CGI Scanner -CVE-2002-1937 +CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the adminis ...) NOT-FOR-US: Symantex Appliance -CVE-2002-1936 +CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door account ...) NOT-FOR-US: UTStarcom -CVE-2002-1935 +CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) NOT-FOR-US: Pingtel Xpressa -CVE-2002-1934 +CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leak ...) NOT-FOR-US: Pingtel Xpressa -CVE-2002-1933 +CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) NOT-FOR-US: Microsoft -CVE-2002-1932 +CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send adminis ...) NOT-FOR-US: Microsoft -CVE-2002-1931 +CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 a ...) NOT-FOR-US: PHP Arena -CVE-2002-1930 +CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attacker ...) NOT-FOR-US: AN HTTPd -CVE-2002-1929 +CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) NOT-FOR-US: PHP Arena -CVE-2002-1928 +CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory tr ...) NOT-FOR-US: 602Pro LAN SUITE -CVE-2002-1927 +CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) NOT-FOR-US: Aquonics File Manager -CVE-2002-1926 +CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File Manag ...) NOT-FOR-US: Aquonics File Manager -CVE-2002-1925 +CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ca ...) NOT-FOR-US: Tiny Personal Firewall -CVE-2002-1924 +CVE-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during installati ...) NOT-FOR-US: Powerchute -CVE-2002-1923 +CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when runni ...) - mysql <not-affected> (Windows specific) -CVE-2002-1922 +CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBul ...) NOT-FOR-US: vBulletin -CVE-2002-1921 +CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when runni ...) - mysql <not-affected> (Windows specific) -CVE-2002-1920 +CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) NOT-FOR-US: FtpXQ -CVE-2002-1919 +CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remo ...) NOT-FOR-US: VS-ASP -CVE-2002-1918 +CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MD ...) NOT-FOR-US: Microsoft ADO -CVE-2002-1917 +CVE-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) NOT-FOR-US: Geeklog -CVE-2002-1916 +CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) NOT-FOR-US: Pirch -CVE-2002-1915 +CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to caus ...) NOT-FOR-US: tip -CVE-2002-1914 +CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of servi ...) - dump 0.4b31-1 -CVE-2002-1913 +CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbit ...) NOT-FOR-US: myPHPNuke -CVE-2002-1912 +CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable t ...) NOT-FOR-US: SkyStream -CVE-2002-1911 +CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allow ...) NOT-FOR-US: ZoneAlarm -CVE-2002-1910 +CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) NOT-FOR-US: Ingenium Learning Management System -CVE-2002-1909 +CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) NOT-FOR-US: Ingenium Learning Management System -CVE-2002-1908 +CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Microsoft IIS -CVE-2002-1907 +CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) NOT-FOR-US: TelCondex -CVE-2002-1906 +CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attacker ...) NOT-FOR-US: ViaVideo -CVE-2002-1905 +CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allo ...) NOT-FOR-US: ViaVideo -CVE-2002-1904 +CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 thr ...) NOT-FOR-US: ghttpd -CVE-2002-1903 +CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: a ...) - pine 4.62-1 (low) - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) NOTE: checked listed version, and it didn't have the problem NOTE: pine is non-free (alpine is free) -CVE-2002-1902 +CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) NOT-FOR-US: CGIForum -CVE-2002-1901 +CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 a ...) NOT-FOR-US: BBGallery -CVE-2002-1900 +CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) NOT-FOR-US: Pinboard -CVE-2002-1899 +CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) NOT-FOR-US: IceWarp Web Mail -CVE-2002-1898 +CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) NOT-FOR-US: Mac OS X -CVE-2002-1897 +CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a d ...) NOT-FOR-US: MyWebserver -CVE-2002-1896 +CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, all ...) - alsaplayer 0.99.72-1 -CVE-2002-1895 +CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) - tomcat4 <not-affected> (Windows-specific Tomcat problems) -CVE-2002-1894 +CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0 ...) - phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295) -CVE-2002-1893 +CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1 ...) NOT-FOR-US: ArGoSoft Mail Server -CVE-2002-1892 +CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password i ...) NOT-FOR-US: Netgear hardware -CVE-2002-1891 +CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to e ...) NOT-FOR-US: IRCIT -CVE-2002-1890 +CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbi ...) NOT-FOR-US: RedHat specific -CVE-2002-1889 +CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) NOT-FOR-US: Logsurfer -CVE-2002-1888 +CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to t ...) NOT-FOR-US: CommonName Toolbar -CVE-2002-1887 +CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for phpMyNews ...) NOT-FOR-US: phpMyNewsletter -CVE-2002-1886 +CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with in ...) NOT-FOR-US: TightAuction -CVE-2002-1885 +CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlo ...) NOT-FOR-US: PPhlogger -CVE-2002-1884 +CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ad ...) NOT-FOR-US: Py-Membres -CVE-2002-1883 +CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) - qt-x11-free 2:3.0.4-1 -CVE-2002-1882 +CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) NOT-FOR-US: Oracle -CVE-2002-1881 +CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attacke ...) - flashplugin-nonfree 6.0.61.0-1 -CVE-2002-1880 +CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by mo ...) NOT-FOR-US: LokwaBB -CVE-2002-1879 +CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers t ...) NOT-FOR-US: LokwaBB -CVE-2002-1878 +CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...) NOT-FOR-US: w-Agora -CVE-2002-1877 +CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions f ...) NOT-FOR-US: Netgear hardware -CVE-2002-1876 +CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) NOT-FOR-US: Microsoft -CVE-2002-1875 +CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, a ...) NOT-FOR-US: Entercept Agent -CVE-2002-1874 +CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...) NOT-FOR-US: Astrocam -CVE-2002-1873 +CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure Cal ...) NOT-FOR-US: Microsoft -CVE-2002-1872 +CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled ...) NOT-FOR-US: Microsoft -CVE-2002-1871 +CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid roo ...) NOT-FOR-US: Solaris -CVE-2002-1870 +CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle w ...) NOT-FOR-US: Simple Web Server -CVE-2002-1869 +CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) NOT-FOR-US: Heysoft EventSave -CVE-2002-1868 +CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) NOT-FOR-US: Dispair -CVE-2002-1867 +CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 do ...) NOT-FOR-US: ImageFolio -CVE-2002-1866 +CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descri ...) NOT-FOR-US: Simple Web Server -CVE-2002-1865 +CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI- ...) NOT-FOR-US: Embedded HTTP server -CVE-2002-1864 +CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 thr ...) NOT-FOR-US: Simple Web Server -CVE-2002-1863 +CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other models ...) NOT-FOR-US: Iomega NAS -CVE-2002-1862 +CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: SmartMail Server -CVE-2002-1861 +CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, all ...) NOT-FOR-US: Sybase ASE -CVE-2002-1860 +CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers t ...) NOT-FOR-US: Pramati -CVE-2002-1859 +CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) NOT-FOR-US: Orion -CVE-2002-1858 +CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1 ...) NOT-FOR-US: Oracle -CVE-2002-1857 +CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) NOT-FOR-US: jo! jo Webserver -CVE-2002-1856 +CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote atta ...) NOT-FOR-US: HP Application Server -CVE-2002-1855 +CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows remot ...) NOT-FOR-US: Macromedia JRun -CVE-2002-1854 +CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execu ...) NOT-FOR-US: rlaj whois.cgi -CVE-2002-1853 +CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) NOT-FOR-US: MyNewsGroups -CVE-2002-1852 +CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) - monkey 0.9.2-1 NOTE: Vulnerable code verified not be present in any Debian version -CVE-2002-1851 +CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute c ...) NOT-FOR-US: WS_FTP Pro -CVE-2002-1850 +CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly re ...) - apache2 2.0.42-1 -CVE-2002-1849 +CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back butto ...) NOT-FOR-US: ParaChat -CVE-2002-1848 +CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) NOT-FOR-US: TightVNC on Windows only -CVE-2002-1847 +CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) NOT-FOR-US: Microsoft Windows Media Player -CVE-2002-1846 +CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a use ...) NOT-FOR-US: YaBB -CVE-2002-1845 +CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another B ...) NOT-FOR-US: YaBB -CVE-2002-1844 +CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, i ...) NOT-FOR-US: Microsoft Windows Media Player -CVE-2002-1843 +CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: Perlbot -CVE-2002-1842 +CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Perlbot -CVE-2002-1841 +CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not restri ...) NOT-FOR-US: Nogusta NOLA -CVE-2002-1840 +CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could con ...) NOT-FOR-US: some irssi tarballs contained a backdoor -CVE-2002-1839 +CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record th ...) NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52) -CVE-2002-1838 +CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbi ...) NOT-FOR-US: Charities.cron -CVE-2002-1837 +CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display Syste ...) NOT-FOR-US: Image Display System -CVE-2002-1836 +CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exp ...) NOT-FOR-US: Xerox Docutech -CVE-2002-1835 +CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 run ...) NOT-FOR-US: Xerox Docutech -CVE-2002-1834 +CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 all ...) NOT-FOR-US: Xerox Docutech -CVE-2002-1833 +CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) NOT-FOR-US: Xerox Docutech -CVE-2002-1832 +CVE-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in Firestor ...) NOT-FOR-US: Firestorm IDS -CVE-2002-1831 +CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attacker ...) NOT-FOR-US: Microsoft MSN Messenger Service -CVE-2002-1830 +CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypa ...) NOT-FOR-US: Open Bulletin Board -CVE-2002-1829 +CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bull ...) NOT-FOR-US: Open Bulletin Board -CVE-2002-1828 +CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Savant Webserver -CVE-2002-1827 +CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) - sendmail 8.12-4 -CVE-2002-1826 +CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) - kernel-patch-2.4-grsecurity 1.9.6-1 -CVE-2002-1825 +CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) NOT-FOR-US: WASD -CVE-2002-1824 +CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) NOT-FOR-US: MSIE -CVE-2002-1823 +CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1. ...) NOT-FOR-US: Zeroo -CVE-2002-1822 +CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the pa ...) NOT-FOR-US: IBM HTTP Server on AS/400 -CVE-2002-1821 +CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated user ...) NOT-FOR-US: Ultimate PHP Board -CVE-2002-1820 +CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administ ...) NOT-FOR-US: Ultimate PHP Board -CVE-2002-1819 +CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote at ...) NOT-FOR-US: TinyHTTPD -CVE-2002-1818 +CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ar ...) NOT-FOR-US: httpbench -CVE-2002-1817 +CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsN ...) NOT-FOR-US: Veritas -CVE-2002-1816 +CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...) NOT-FOR-US: ATPhttpd -CVE-2002-1815 +CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in Aquo ...) NOT-FOR-US: Aquonics -CVE-2002-1814 +CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows l ...) - bonobo <not-affected> (efstool not suid on Debian) -CVE-2002-1813 +CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2 ...) NOT-FOR-US: AIM -CVE-2002-1812 +CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to execu ...) NOT-FOR-US: gdam123 -CVE-2002-1811 +CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 a ...) NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point -CVE-2002-1810 +CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) NOT-FOR-US: D-Link DWL-900AP+ Access Point -CVE-2002-1809 +CVE-2002-1809 (The default configuration of the Windows binary release of MySQL 3.23. ...) NOT-FOR-US: MySQL windows binary -CVE-2002-1808 +CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System 1 ...) NOT-FOR-US: Meunity -CVE-2002-1807 +CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows re ...) NOT-FOR-US: phpWebSite -CVE-2002-1806 +CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) NOT-FOR-US: Drupal -CVE-2002-1805 +CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) - dacode <removed> (bug #322605; low) [sarge] - dacode <no-dsa> (Minor issue; attacker would need to bypass moderator review/approval) NOTE: Sarge is affected (has same version as testing/unstable) -CVE-2002-1804 +CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote att ...) NOT-FOR-US: NPDS -CVE-2002-1803 +CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) NOT-FOR-US: PHP-Nuke -CVE-2002-1802 +CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remot ...) NOT-FOR-US: Xoops -CVE-2002-1801 +CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensiti ...) NOT-FOR-US: ImageFolio -CVE-2002-1800 +CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ser ...) NOT-FOR-US: phpRank -CVE-2002-1799 +CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) NOT-FOR-US: phpRank -CVE-2002-1798 +CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) up ...) NOT-FOR-US: MidiCart -CVE-2002-1797 +CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 815 ...) NOT-FOR-US: ChaiVM -CVE-2002-1796 +CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 41 ...) NOT-FOR-US: ChaiVM -CVE-2002-1795 +CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft T ...) NOT-FOR-US: Microsoft -CVE-2002-1794 +CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) NOT-FOR-US: HP ldapux-pamauthz -CVE-2002-1793 +CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) NOT-FOR-US: HP Virtualvault OS -CVE-2002-1792 +CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) NOT-FOR-US: Fake Identd -CVE-2002-1791 +CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world ...) NOT-FOR-US: SGI IRIX -CVE-2002-1790 +CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) NOT-FOR-US: microsoft -CVE-2002-1789 +CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows l ...) - newsx 1.4pl6.0-2 -CVE-2002-1788 +CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 thr ...) - nn 6.6.4-1 -CVE-2002-1787 +CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) NOT-FOR-US: SGI IRIX -CVE-2002-1786 +CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) NOT-FOR-US: SGI IRIX -CVE-2002-1785 +CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) NOT-FOR-US: Zeus Administration Server -CVE-2002-1784 +CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allo ...) NOT-FOR-US: HP Tru64 -CVE-2002-1783 +CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_ur ...) - php4 4:4.3.10-15 -CVE-2002-1782 +CVE-2002-1782 (The default configuration of University of Washington IMAP daemon (wu- ...) - uw-imap 7:2002ddebian1-2 (bug #315499; unimportant) NOTE: This only applies to very exotic setups. It's also documented in the FAQ NOTE: and if someone has such a setup she will have to recompile the package with NOTE: the security features enabled. -CVE-2002-1781 +CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) NOT-FOR-US: DeleGate -CVE-2002-1780 +CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) NOT-FOR-US: BPM Studio Pro -CVE-2002-1779 +CVE-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal F ...) NOT-FOR-US: Norton -CVE-2002-1778 +CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to bypa ...) NOT-FOR-US: Norton -CVE-2002-1777 +CVE-2002-1777 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec -CVE-2002-1776 +CVE-2002-1776 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec -CVE-2002-1775 +CVE-2002-1775 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec -CVE-2002-1774 +CVE-2002-1774 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec -CVE-2002-1773 +CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows rem ...) NOT-FOR-US: ICQ for MacOS X -CVE-2002-1772 +CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain A ...) NOT-FOR-US: Novell Netware -CVE-2002-1771 +CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send s ...) NOT-FOR-US: FormMail -CVE-2002-1770 +CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Eudora -CVE-2002-1769 +CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_A ...) NOT-FOR-US: Microsoft -CVE-2002-1768 +CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) NOT-FOR-US: Cisco -CVE-2002-1767 +CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linu ...) NOT-FOR-US: Oracle -CVE-2002-1766 +CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ove ...) NOT-FOR-US: Netscape NOTE: didn't check mozilla -CVE-2002-1765 +CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) - evolution 1.0.5 -CVE-2002-1764 +CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to o ...) NOT-FOR-US: acrobat -CVE-2002-1763 +CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" an ...) NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver -CVE-2002-1762 +CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) NOT-FOR-US: Microsoft -CVE-2002-1761 +CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) NOT-FOR-US: PHProjekt -CVE-2002-1760 +CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 al ...) NOT-FOR-US: PHProjekt -CVE-2002-1759 +CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ver ...) NOT-FOR-US: PHProjekt -CVE-2002-1758 +CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify da ...) NOT-FOR-US: PHProjekt -CVE-2002-1757 +CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authent ...) NOT-FOR-US: PHProjekt -CVE-2002-1756 +CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: ACDSee -CVE-2002-1755 +CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) - tinc 1.0pre5 -CVE-2002-1754 +CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows loca ...) NOT-FOR-US: Novell NetWare -CVE-2002-1753 +CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) NOT-FOR-US: csNews -CVE-2002-1752 +CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers t ...) NOT-FOR-US: csChat-R-Box -CVE-2002-1751 +CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attacke ...) NOT-FOR-US: csLiveSupport -CVE-2002-1750 +CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attacke ...) NOT-FOR-US: csGuestbook -CVE-2002-1749 +CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of t ...) NOT-FOR-US: Windows 2000 Terminal Services -CVE-2002-1748 +CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) - slash 2.2.3 -CVE-2002-1747 +CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows remot ...) - vtun 2.5b2 -CVE-2002-1746 +CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions b ...) - vtun 2.5b2 -CVE-2002-1745 +CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5. ...) NOT-FOR-US: Microsoft -CVE-2002-1744 +CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) NOT-FOR-US: Microsoft -CVE-2002-1743 +CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) NOT-FOR-US: AOL ICQ -CVE-2002-1742 +CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) - soap-lite 0.55 -CVE-2002-1741 +CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient fo ...) NOT-FOR-US: WorldClient -CVE-2002-1740 +CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologie ...) NOT-FOR-US: WorldClient -CVE-2002-1739 +CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption al ...) NOT-FOR-US: Alt-N Technologies Mdaemon -CVE-2002-1738 +CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaem ...) NOT-FOR-US: Alt-N Technologies Mdaemon -CVE-2002-1737 +CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and directori ...) NOT-FOR-US: Astaro Security Linux -CVE-2002-1736 +CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) NOT-FOR-US: CGINews -CVE-2002-1735 +CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain privile ...) NOT-FOR-US: dlogin -CVE-2002-1734 +CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized administrato ...) NOT-FOR-US: NewsPro -CVE-2002-1733 +CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message boar ...) NOT-FOR-US: Prospero MessageBoards -CVE-2002-1732 +CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) NOT-FOR-US: Actinic Catalog -CVE-2002-1731 +CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) NOT-FOR-US: IBM AS/400 -CVE-2002-1730 +CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary mess ...) NOT-FOR-US: ASPjar Guestbook -CVE-2002-1729 +CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allo ...) NOT-FOR-US: ASPjar Guestbook -CVE-2002-1728 +CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) NOT-FOR-US: askSam Web Publisher -CVE-2002-1727 +CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_ ...) NOT-FOR-US: askSam Web Publisher -CVE-2002-1726 +CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authen ...) NOT-FOR-US: PhotoDB -CVE-2002-1725 +CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) NOT-FOR-US: PHPImageView -CVE-2002-1724 +CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPIm ...) NOT-FOR-US: PHPImageView -CVE-2002-1723 +CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) NOT-FOR-US: Powerboards -CVE-2002-1722 +CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) NOT-FOR-US: microsoft -CVE-2002-1721 +CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attacker ...) - altermime <not-affected> (fixed before the first Debian upload) -CVE-2002-1720 +CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows rem ...) NOT-FOR-US: Spooky Login -CVE-2002-1719 +CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify po ...) NOT-FOR-US: Bavo -CVE-2002-1718 +CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote attac ...) NOT-FOR-US: microsoft -CVE-2002-1717 +CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote attacker ...) NOT-FOR-US: microsoft -CVE-2002-1716 +CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on Microsof ...) NOT-FOR-US: microsoft -CVE-2002-1715 +CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to by ...) - openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.") -CVE-2002-1714 +CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) NOT-FOR-US: microsoft -CVE-2002-1713 +CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) NOT-FOR-US: msec -CVE-2002-1712 +CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of se ...) NOT-FOR-US: microsoft -CVE-2002-1711 +CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX direc ...) NOT-FOR-US: BasiliX -CVE-2002-1710 +CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 doe ...) NOT-FOR-US: BasiliX -CVE-2002-1709 +CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote atta ...) NOT-FOR-US: BasiliX -CVE-2002-1708 +CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allow ...) NOT-FOR-US: BasiliX -CVE-2002-1707 +CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "re ...) - phpbb2 2.0.6c-1 -CVE-2002-1706 +CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7 ...) NOT-FOR-US: Cisco -CVE-2002-1705 +CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) NOT-FOR-US: microsoft -CVE-2002-1704 +CVE-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" varia ...) NOT-FOR-US: Zeroboard -CVE-2002-1703 +CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft Ne ...) NOT-FOR-US: NetAuction -CVE-2002-1702 +CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifie ...) NOT-FOR-US: DeltaScripts PHP Classifieds -CVE-2002-1700 +CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template handl ...) NOT-FOR-US: ColdFusion -CVE-2002-1699 +CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 al ...) NOT-FOR-US: ASP Client Check -CVE-2002-1698 +CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 all ...) NOT-FOR-US: Microsoft -CVE-2002-1697 +CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak en ...) - vtun 2.6-1 -CVE-2002-1696 +CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently s ...) NOT-FOR-US: Microsoft Outlook plugin -CVE-2002-1695 +CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) NOT-FOR-US: Norton -CVE-2002-1694 +CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with F ...) NOT-FOR-US: Microsoft -CVE-2002-1692 +CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows attac ...) NOT-FOR-US: Microsoft -CVE-2002-1691 +CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) NOT-FOR-US: Alcatel hardware issue -CVE-2002-1690 +CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors an ...) NOT-FOR-US: AIX -CVE-2002-1689 +CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could all ...) NOT-FOR-US: AIX -CVE-2002-1688 +CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) NOT-FOR-US: Microsoft -CVE-2002-1687 +CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users t ...) NOT-FOR-US: AIX -CVE-2002-1686 +CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown impact ...) NOT-FOR-US: AIX -CVE-2002-1685 +CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) NOT-FOR-US: BadBlue Enterprise Edition -CVE-2002-1684 +CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) NOT-FOR-US: Deerfield D2Gfx -CVE-2002-1683 +CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1 ...) NOT-FOR-US: BadBlue Personal Edition -CVE-2002-1682 +CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) NOT-FOR-US: NewsReactor -CVE-2002-1681 +CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases Jun ...) - slash <not-affected> (Only present in intermediate CVS version, not released in Debian) -CVE-2002-1680 +CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shoppi ...) NOT-FOR-US: COWS -CVE-2002-1679 +CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 al ...) NOT-FOR-US: vBulletin -CVE-2002-1678 +CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) NOT-FOR-US: vBulletin -CVE-2002-1677 +CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine th ...) NOT-FOR-US: mrtgconfig -CVE-2002-1676 +CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local user ...) NOT-FOR-US: BindView NetInventory -CVE-2002-1675 +CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c i ...) NOT-FOR-US: Unreal IRCd -CVE-2002-1674 +CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of s ...) - kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel) -CVE-2002-1673 +CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter sc ...) - webmin 0.93 (medium) -CVE-2002-1672 +CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with inse ...) - webmin <not-affected> (packaging flaw of an unknown RPM based distro) NOTE: Permissions of Debian's webmin package look sane and FHS compliant -CVE-2002-1671 +CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) NOT-FOR-US: Microsoft -CVE-2002-1670 +CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites previousl ...) NOT-FOR-US: Microsoft -CVE-2002-1669 +CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) NOT-FOR-US: FreeBSD -CVE-2002-1668 +CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of servic ...) NOT-FOR-US: HP-UX -CVE-2002-1667 +CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and earlie ...) - kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel) -CVE-2002-1666 +CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 a ...) NOT-FOR-US: Oracle -CVE-2002-1665 +CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) NOT-FOR-US: Yahoo Messenger -CVE-2002-1664 +CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add a ...) NOT-FOR-US: Yahoo Messenger -CVE-2002-1663 +CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before 0.5 ...) NOT-FOR-US: Monkey -CVE-2002-1662 +CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...) NOT-FOR-US: Mambo -CVE-2002-1660 +CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to exec ...) NOT-FOR-US: vBulletin -CVE-2002-1659 +CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain privilege ...) NOT-FOR-US: PortalApp -CVE-2002-1661 +CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attacke ...) - leafnode <not-affected> (Leafnode2 development branch) -CVE-2002-1658 +CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow atta ...) - apache 1.3.31-1 -CVE-2002-1657 +CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, whi ...) - postgresql <unfixed> (unimportant) NOTE: This is not a real world problem; it's only applicable in rare circurstances NOTE: like someone analysing stolen user database information and even then the gain NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. -CVE-2002-1656 +CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ot ...) NOT-FOR-US: X-News -CVE-2002-1655 +CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and iPlan ...) NOT-FOR-US: Netscape Enterprise Server -CVE-2002-1654 +CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4 ...) NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server -CVE-2002-1653 +CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does n ...) - cryptcat 20031202-2 NOTE: don't know when it was fixed, verified above version is ok -CVE-2002-1652 +CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers t ...) - cgiemail 1.6-14 -CVE-2002-1651 +CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows rem ...) NOT-FOR-US: Verity Search97 -CVE-2002-1650 +CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before 1. ...) - squirrelmail 1:1.2.3 -CVE-2002-1649 +CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelM ...) - squirrelmail 1:1.2.3 -CVE-2002-1648 +CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...) - squirrelmail 1:1.2.3 -CVE-2002-1647 +CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) - slash 2.2.6-8 (bug #160579; low) [sarge] - slash <no-dsa> (Minor security implications) -CVE-2002-1646 +CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) NOT-FOR-US: commercial ssh -CVE-2002-1645 +CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for Wo ...) NOT-FOR-US: commercial ssh -CVE-2002-1644 +CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0 ...) NOT-FOR-US: commercial ssh -CVE-2002-1643 +CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ( ...) NOT-FOR-US: RealNetworks Helix Universal Server -CVE-2002-1642 +CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction lo ...) - postgresql 7.2.3 -CVE-2002-1641 +CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i Applicatio ...) NOT-FOR-US: Oracle -CVE-2002-1640 +CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configur ...) NOT-FOR-US: Oracle -CVE-2002-1639 +CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) NOT-FOR-US: Oracle CVE-2002-1638 REJECTED -CVE-2002-1637 +CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are install ...) NOT-FOR-US: Oracle -CVE-2002-1636 +CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) NOT-FOR-US: Oracle -CVE-2002-1635 +CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application Se ...) NOT-FOR-US: Oracle -CVE-2002-1634 +CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote atta ...) NOT-FOR-US: NetWare -CVE-2002-1633 +CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) NOT-FOR-US: QNX -CVE-2002-1632 +CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages tha ...) NOT-FOR-US: Oracle -CVE-2002-1631 +CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) NOT-FOR-US: Oracle -CVE-2002-1630 +CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) al ...) NOT-FOR-US: Oracle -CVE-2002-1629 +CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) NOT-FOR-US: Multi-Tech ProxyServer -CVE-2002-1628 +CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vo ...) NOT-FOR-US: Mike Spice Mike's Vote CGI -CVE-2002-1627 +CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) NOT-FOR-US: Mike Spice Quiz CGI -CVE-2002-1626 +CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) NOT-FOR-US: Mike Spice My Calendar -CVE-2002-1625 +CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) - flashplugin-nonfree 6.0.61.0-1 -CVE-2002-1624 +CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when loggin ...) NOT-FOR-US: Lotus Domino -CVE-2002-1623 +CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using Agg ...) NOT-FOR-US: General protocol flaw, cannot be fixed -CVE-2002-1622 +CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attac ...) NOT-FOR-US: AIX -CVE-2002-1621 +CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) NOT-FOR-US: AIX -CVE-2002-1620 +CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PS ...) NOT-FOR-US: AIX -CVE-2002-1619 +CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attac ...) NOT-FOR-US: AIX -CVE-2002-1618 +CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not p ...) NOT-FOR-US: HP-UX -CVE-2002-1617 +CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ex ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1616 +CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1615 +CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1614 +CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute arbitra ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1613 +CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1612 +CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1611 +CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4. ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1610 +CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1609 +CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1608 +CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1607 +CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1606 +CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1605 +CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1604 +CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly re ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1603 +CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) NOT-FOR-US: GoAhead Web Server -CVE-2002-1602 +CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE ...) - screen <not-affected> (HAVE_BRAILLE not set in binary build) -CVE-2002-1601 +CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe d ...) NOT-FOR-US: Adobe PhotoDeluxe -CVE-2002-1600 +CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds (clas ...) NOT-FOR-US: Mike Spice's My Classifieds -CVE-2002-1599 +CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) - dansguardian 2.4.5-1 -CVE-2002-1598 +CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earli ...) NOT-FOR-US: Computer Associates MLink -CVE-2002-1597 +CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attacker ...) NOT-FOR-US: Cisco -CVE-2002-1596 +CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attacker ...) NOT-FOR-US: Cisco -CVE-2002-1595 +CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to re ...) NOT-FOR-US: Cisco -CVE-2002-1594 +CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a sy ...) - shadow <not-affected> (Debian's pwck and grpck do not overflow and are not suid) -CVE-2002-1593 +CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ho ...) - apache2 2.0.42 -CVE-2002-1592 +CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI app ...) - apache2 2.0.36 -CVE-2002-1591 +CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) NOT-FOR-US: AIM in MSIE -CVE-2002-1590 +CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...) NOT-FOR-US: Solaris -CVE-2002-1589 +CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_D ...) NOT-FOR-US: Solaris -CVE-2002-1588 +CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) NOT-FOR-US: Mailtool for OpenWindows -CVE-2002-1587 +CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 all ...) NOT-FOR-US: Solaris -CVE-2002-1586 +CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of servic ...) NOT-FOR-US: Solaris -CVE-2002-1585 +CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for S ...) NOT-FOR-US: Solaris -CVE-2002-1584 +CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in Solari ...) NOT-FOR-US: Solaris -CVE-2002-1583 +CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Datab ...) NOT-FOR-US: IBM DB2 -CVE-2002-1582 +CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail a ...) [woody] - mailreader <not-affected> (Affects only 2.3.30-2.3.32) - mailreader 2.3.33 -CVE-2002-1581 +CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3. ...) {DSA-534} - mailreader 2.3.29-9 -CVE-2002-1580 +CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 a ...) {DSA-215} - cyrus-imapd 1.5.19-9.10 -CVE-2002-1579 +CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ser ...) NOT-FOR-US: SAP -CVE-2002-1578 +CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) NOT-FOR-US: SAP -CVE-2002-1577 +CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and p ...) NOT-FOR-US: SAP -CVE-2002-1576 +CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory t ...) NOT-FOR-US: SAP -CVE-2002-1575 +CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via C ...) {DSA-437} - cgiemail 1.6-20 -CVE-2002-1573 +CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pci ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-1572 +CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ( ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-1571 +CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-1570 +CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earli ...) - ucd-snmp 4.2.3-2 -CVE-2002-1569 +CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ex ...) - gv 1:3.5.8-27 -CVE-2002-1568 +CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) - openssl 0.9.6g-1 -CVE-2002-1567 +CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows r ...) NOTE: tomcat4 cross-site scripting vuln -CVE-2002-1566 +CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) - netris 0.52-1 -CVE-2002-1565 +CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows attacke ...) - wget 1.8.2-8 -CVE-2002-1564 +CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal potenti ...) NOT-FOR-US: microsoft -CVE-2002-1563 +CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of servic ...) - stunnel4 4.04-1 - stunnel 2:3.24-1 -CVE-2002-1562 +CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual hostin ...) {DSA-396} - thttpd 2.23beta1-2.3 (bug #216677) -CVE-2002-1561 +CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allo ...) NOT-FOR-US: microsoft -CVE-2002-1559 +CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remo ...) NOT-FOR-US: ion-p -CVE-2002-1558 +CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) NOT-FOR-US: cisco -CVE-2002-1557 +CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOT-FOR-US: cisco -CVE-2002-1556 +CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOT-FOR-US: cisco -CVE-2002-1555 +CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNM ...) NOT-FOR-US: cisco -CVE-2002-1554 +CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames an ...) NOT-FOR-US: cisco -CVE-2002-1553 +CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attac ...) NOT-FOR-US: cisco -CVE-2002-1551 +CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) NOT-FOR-US: AIX -CVE-2002-1546 +CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass passwo ...) NOT-FOR-US: Webweaver -CVE-2002-1545 +CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain t ...) NOT-FOR-US: Coolsoft -CVE-2002-1544 +CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server 2.2 ...) NOT-FOR-US: Coolsoft -CVE-2002-1542 +CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to c ...) NOT-FOR-US: SolarWinds -CVE-2002-1539 +CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) NOT-FOR-US: MDaemon -CVE-2002-1536 +CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary command ...) NOT-FOR-US: Molly -CVE-2002-1535 +CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6. ...) NOT-FOR-US: Symantec -CVE-2002-1533 +CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine a ...) - jetty <not-affected> (Fixed before upload into archive; 4.1 series) -CVE-2002-1527 +CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine th ...) NOT-FOR-US: EMU Webmail -CVE-2002-1526 +CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmai ...) NOT-FOR-US: EMU Webmail -CVE-2002-1525 +CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for Su ...) NOT-FOR-US: Sun -CVE-2002-1523 +CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 al ...) NOT-FOR-US: Miniserver -CVE-2002-1522 +CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other versio ...) NOT-FOR-US: PowerFTP -CVE-2002-1515 +CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) NOT-FOR-US: Coolforum -CVE-2002-1512 +CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: BRU -CVE-2002-1508 +CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users t ...) {DSA-227} - openldap2 2.0.27-3 -CVE-2002-1507 +CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote attac ...) NOT-FOR-US: Unreal -CVE-2002-1506 +CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to execu ...) - linuxconf <removed> -CVE-2002-1504 +CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) NOT-FOR-US: webserver-4everyone -CVE-2002-1503 +CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) NOT-FOR-US: AFD not in debian -CVE-2002-1500 +CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4. ...) NOT-FOR-US: NetBSD -CVE-2002-1499 +CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows remot ...) NOT-FOR-US: FactoSystem -CVE-2002-1498 +CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows r ...) NOT-FOR-US: SWServer -CVE-2002-1495 +CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows rem ...) NOT-FOR-US: Jawmail -CVE-2002-1492 +CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) NOT-FOR-US: Cisco -CVE-2002-1489 +CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) NOT-FOR-US: PlanetDNS -CVE-2002-1488 +CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious IR ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-1487 +CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious IR ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-1486 +CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and 0. ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-1485 +CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) NOT-FOR-US: Cerulean Trillian -CVE-2002-1484 +CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows r ...) NOT-FOR-US: db4web -CVE-2002-1483 +CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) NOT-FOR-US: db4web -CVE-2002-1482 +CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, w ...) NOT-FOR-US: phpGB not in Debian -CVE-2002-1481 +CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require authentica ...) NOT-FOR-US: phpGB not in Debian -CVE-2002-1480 +CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows r ...) NOT-FOR-US: phpGB not in Debian -CVE-2002-1475 +CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0 ...) NOT-FOR-US: HPUX -CVE-2002-1474 +CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tr ...) NOT-FOR-US: HPUX -CVE-2002-1473 +CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.1 ...) NOT-FOR-US: HPUX -CVE-2002-1470 +CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) NOT-FOR-US: Shoutcase -CVE-2002-1467 +CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to byp ...) - flashplugin-nonfree 6.0.61.0-1 -CVE-2002-1466 +CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) NOT-FOR-US: Cafelog -CVE-2002-1465 +CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote at ...) NOT-FOR-US: Cafelog -CVE-2002-1464 +CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool all ...) NOT-FOR-US: Cafelog -CVE-2002-1462 +CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versi ...) NOT-FOR-US: Organic PHP -CVE-2002-1461 +CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary comm ...) NOT-FOR-US: Webshop Manager -CVE-2002-1460 +CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was u ...) NOT-FOR-US: L-Forum not in Debian -CVE-2002-1459 +CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when t ...) NOT-FOR-US: L-Forum not in Debian -CVE-2002-1458 +CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when t ...) NOT-FOR-US: L-Forum not in Debian -CVE-2002-1457 +CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows remo ...) NOT-FOR-US: L-Forum not in Debian -CVE-2002-1456 +CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to e ...) NOT-FOR-US: mIRC -CVE-2002-1455 +CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) NOT-FOR-US: OmniHTTPD -CVE-2002-1454 +CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute pa ...) NOT-FOR-US: MyWebServer -CVE-2002-1453 +CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows r ...) NOT-FOR-US: MyWebServer -CVE-2002-1452 +CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) NOT-FOR-US: MyWebServer -CVE-2002-1451 +CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) NOT-FOR-US: Blazix not in Debian -CVE-2002-1450 +CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of servic ...) NOT-FOR-US: IBM UniVerse -CVE-2002-1449 +CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under t ...) NOT-FOR-US: eUpload not in Debian -CVE-2002-1445 +CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows r ...) NOT-FOR-US: CERN HTTPD not in Debian -CVE-2002-1444 +CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6 ...) NOT-FOR-US: Google Toolbar -CVE-2002-1442 +CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to perfo ...) NOT-FOR-US: Google Toolbar -CVE-2002-1441 +CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remo ...) NOT-FOR-US: Tomahawk -CVE-2002-1440 +CVE-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) NOT-FOR-US: Gateway -CVE-2002-1439 +CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon fo ...) NOT-FOR-US: HPUX -CVE-2002-1434 +CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail mo ...) NOT-FOR-US: Kerio -CVE-2002-1433 +CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Kerio -CVE-2002-1432 +CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) NOT-FOR-US: MidiCart -CVE-2002-1431 +CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) NOT-FOR-US: Belkin -CVE-2002-1429 +CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) NOT-FOR-US: ShoutBox -CVE-2002-1428 +CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass auth ...) NOT-FOR-US: dotproject -CVE-2002-1427 +CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) NOT-FOR-US: Easy Homepage Creator -CVE-2002-1426 +CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a de ...) NOT-FOR-US: HP -CVE-2002-1423 +CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) -CVE-2002-1422 +CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to crea ...) - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) -CVE-2002-1421 +CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote at ...) - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) -CVE-2002-1416 +CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates difffer ...) NOT-FOR-US: Webeasymail -CVE-2002-1415 +CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 an ...) NOT-FOR-US: Webeasymail -CVE-2002-1411 +CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) NOT-FOR-US: Duma -CVE-2002-1410 +CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, whi ...) NOT-FOR-US: East Guestbook -CVE-2002-1409 +CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a deni ...) NOT-FOR-US: HPUX -CVE-2002-1408 +CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 s ...) NOT-FOR-US: HP Openview -CVE-2002-1406 +CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown imp ...) NOT-FOR-US: HPUX CVE-2002-1404 REJECTED -CVE-2002-1402 +CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment varia ...) {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1401 +CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1400 +CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL bef ...) {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1399 +CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in Post ...) - postgresql 7.2.2-2 -CVE-2002-1398 +CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1397 +CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and earl ...) - postgresql 7.2.2-2 -CVE-2002-1395 +CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and dir ...) {DSA-202} - im 1:141-20 -CVE-2002-1393 +CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quo ...) {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} - kdemultimedia 4:3.0.5a - kdebase 4:3.0.5a @@ -2061,80 +2061,80 @@ CVE-2002-1393 - kdenetwork 4:3.0.5a - kdegraphics 4:3.0.5a - kdeadmin 4:3.0.5a -CVE-2002-1387 +CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1386 +CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow loca ...) {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1383 +CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.1 ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1379 +CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attack ...) {DSA-227} - openldap2 2.0.27-3 -CVE-2002-1378 +CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) {DSA-227} - openldap2 2.0.27-3 -CVE-2002-1376 +CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0. ...) {DSA-212} - mysql <removed> CVE-2002-1370 REJECTED -CVE-2002-1368 +CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1360 +CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1359 +CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1358 +CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with em ...) - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1357 +CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or da ...) - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1356 +CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial o ...) - ethereal 0.9.8-1 -CVE-2002-1355 +CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal 0. ...) - ethereal 0.9.8-1 -CVE-2002-1354 +CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) NOT-FOR-US: TYPSoft FTP Server -CVE-2002-1353 +CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under th ...) NOT-FOR-US: LocalWEB2000 HTTP server -CVE-2002-1352 +CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earli ...) NOT-FOR-US: CartMan -CVE-2002-1351 +CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) NOT-FOR-US: Melange Chat System -CVE-2002-1347 +CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allo ...) - cyrus-sasl2 2.1.10-1 CVE-2002-1346 RESERVED -CVE-2002-1345 +CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX sy ...) NOTE: multiple ftp client issues -CVE-2002-1344 +CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a remo ...) {DSA-209} - wget 1.8.2-8 CVE-2002-1343 RESERVED -CVE-2002-1342 +CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote a ...) {DSA-203} - smb2www 980804-17 -CVE-2002-1341 +CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for Squirrel ...) {DSA-220} - squirrelmail 1:1.3.2-2 -CVE-2002-1340 +CVE-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in Of ...) NOT-FOR-US: Office Web Components -CVE-2002-1339 +CVE-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web Compo ...) NOT-FOR-US: Office Web Components -CVE-2002-1338 +CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) NOT-FOR-US: Office Web Components -CVE-2002-1335 +CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) {DSA-251 DSA-250 DSA-249} - w3m 0.3.2.2-1 - w3mmee 0.3.p24.17-3 - w3m-ssl <removed> -CVE-2002-1334 +CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) NOT-FOR-US: BizDesign CVE-2002-1333 RESERVED @@ -2152,23 +2152,23 @@ CVE-2002-1326 RESERVED CVE-2002-1324 RESERVED -CVE-2002-1322 +CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows re ...) NOT-FOR-US: ClearCase -CVE-2002-1321 +CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote attac ...) NOT-FOR-US: Realplayer -CVE-2002-1316 +CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) NOT-FOR-US: iPlanet -CVE-2002-1315 +CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for iPlan ...) NOT-FOR-US: iPlanet CVE-2002-1314 RESERVED -CVE-2002-1312 +CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 wi ...) NOT-FOR-US: Linksys -CVE-2002-1310 +CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOT-FOR-US: Macromedia -CVE-2002-1309 +CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOT-FOR-US: Macromedia -CVE-2002-1306 +CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KD ...) {DSA-214} - kdenetwork 4:2.2.2-14.20 CVE-2002-1305 @@ -2189,68 +2189,68 @@ CVE-2002-1298 REJECTED CVE-2002-1297 REJECTED -CVE-2002-1295 +CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft -CVE-2002-1294 +CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can p ...) NOT-FOR-US: Microsoft -CVE-2002-1293 +CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, provi ...) NOT-FOR-US: Microsoft -CVE-2002-1292 +CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) NOT-FOR-US: Microsoft -CVE-2002-1291 +CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft -CVE-2002-1290 +CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft -CVE-2002-1289 +CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft -CVE-2002-1288 +CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft -CVE-2002-1287 +CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as u ...) NOT-FOR-US: Microsoft -CVE-2002-1286 +CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft -CVE-2002-1285 +CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root priv ...) NOT-FOR-US: SuSE-specific lprfilter package -CVE-2002-1283 +CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) NOT-FOR-US: Novell iManager (eMFrame) -CVE-2002-1282 +CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) {DSA-204} - kdelibs 4:3.1.0-1 -CVE-2002-1281 +CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) {DSA-204} - kdelibs 4:3.1.0-1 -CVE-2002-1280 +CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to caus ...) NOT-FOR-US: RealSecure Event Collector -CVE-2002-1279 +CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) {DSA-194} - masqmail 0.2.15-1 -CVE-2002-1276 +CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in Sq ...) {DSA-191} - squirrelmail 1:1.2.8-1.1 -CVE-2002-1275 +CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when u ...) {DSA-192} - html2ps 1.0b3-2 CVE-2002-1274 RESERVED CVE-2002-1273 RESERVED -CVE-2002-1269 +CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2. ...) NOT-FOR-US: MacOS CVE-2002-1263 REJECTED -CVE-2002-1262 +CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security check ...) NOT-FOR-US: Microsoft CVE-2002-1261 REJECTED CVE-2002-1259 REJECTED -CVE-2002-1258 +CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and includ ...) NOT-FOR-US: Microsoft -CVE-2002-1254 +CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cr ...) NOT-FOR-US: Microsoft CVE-2002-1249 RESERVED -CVE-2002-1247 +CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw soc ...) {DSA-193} - kdenetwork 4:2.2.2-14.3 CVE-2002-1246 @@ -2261,47 +2261,47 @@ CVE-2002-1241 RESERVED CVE-2002-1240 RESERVED -CVE-2002-1238 +CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote atta ...) NOT-FOR-US: Peter Sandvik's Simple Web Server CVE-2002-1237 RESERVED -CVE-2002-1235 +CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility administr ...) {DSA-185 DSA-184 DSA-183} - heimdal 0.4e-22 - krb4 1.1-11-8 - krb5 1.2.6-2 CVE-2002-1234 REJECTED -CVE-2002-1233 +CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl packa ...) {DSA-195 DSA-188 DSA-187} - apache-perl 1.3.26-1.1-1.27-3-1 - apache 1.3.27-1 -CVE-2002-1229 +CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier co ...) NOT-FOR-US: Avaya Cajun switches -CVE-2002-1228 +CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) NOT-FOR-US: Solaris -CVE-2002-1226 +CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, pos ...) {DSA-178} - heimdal 0.4e-21 -CVE-2002-1225 +CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) {DSA-178} - heimdal 0.4e-21 CVE-2002-1218 RESERVED -CVE-2002-1217 +CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) NOT-FOR-US: Microsoft -CVE-2002-1216 +CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...) - tar 1.13.25 -CVE-2002-1215 +CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) {DSA-174} - heartbeat 0.4.9.2-1 -CVE-2002-1213 +CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 Ev ...) NOT-FOR-US: RadioBird Software WebServer 4 Everyone -CVE-2002-1212 +CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1. ...) NOT-FOR-US: RadioBird Software WebServer 4 Everyone -CVE-2002-1210 +CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email a ...) NOT-FOR-US: Eudora -CVE-2002-1209 +CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, an ...) NOT-FOR-US: SolarWinds TFTP Server CVE-2002-1208 RESERVED @@ -2311,32 +2311,32 @@ CVE-2002-1206 RESERVED CVE-2002-1205 RESERVED -CVE-2002-1204 +CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a us ...) NOT-FOR-US: Netscape Communicator 4.x -CVE-2002-1203 +CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before d ...) NOT-FOR-US: IBM SecureWay Firewall -CVE-2002-1202 +CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1201 +CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of s ...) NOT-FOR-US: AIX -CVE-2002-1194 +CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) NOT-FOR-US: NetBSD -CVE-2002-1192 +CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) NOT-FOR-US: NetBSD -CVE-2002-1191 +CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) NOT-FOR-US: Sabre Desktop -CVE-2002-1190 +CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which c ...) NOT-FOR-US: Cisco -CVE-2002-1181 +CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Microsoft IIS -CVE-2002-1177 +CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) NOT-FOR-US: Winamp -CVE-2002-1176 +CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute arbi ...) NOT-FOR-US: Winamp -CVE-2002-1175 +CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not prope ...) {DSA-171} - fetchmail 6.1.0-1 -CVE-2002-1174 +CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) {DSA-171} - fetchmail 6.1.0-1 CVE-2002-1173 @@ -2345,819 +2345,819 @@ CVE-2002-1172 RESERVED CVE-2002-1171 RESERVED -CVE-2002-1168 +CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Ca ...) NOT-FOR-US: IBM Websphere -CVE-2002-1167 +CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Ca ...) NOT-FOR-US: IBM Websphere -CVE-2002-1166 +CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows r ...) - wn <removed> -CVE-2002-1165 +CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.1 ...) - sendmail 8.12.3-5 CVE-2002-1161 REJECTED -CVE-2002-1155 +CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to e ...) NOTE: kon2. patched, but I don't know when. NOTE: assuming the current unstable/testing version is ok then.. - kon2 0.3.9b-18 -CVE-2002-1150 +CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability fo ...) NOT-FOR-US: Microsoft Netmeeting -CVE-2002-1149 +CVE-2002-1149 (The installation procedure for Invision Board suggests that users inst ...) NOT-FOR-US: Invision Board -CVE-2002-1145 +CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of Micro ...) NOT-FOR-US: Microsoft SQL CVE-2002-1144 RESERVED -CVE-2002-1143 +CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive inf ...) NOT-FOR-US: Microsoft Word & Excel CVE-2002-1136 RESERVED -CVE-2002-1134 +CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) NOT-FOR-US: HP Tru64 -CVE-2002-1133 +CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 all ...) NOT-FOR-US: Dino's Webserver -CVE-2002-1131 +CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier ...) {DSA-191} - squirrelmail 1:1.2.8-1.1 CVE-2002-1130 RESERVED -CVE-2002-1129 +CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) NOT-FOR-US: HP Tru64 -CVE-2002-1128 +CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows l ...) NOT-FOR-US: HP Tru64 -CVE-2002-1127 +CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) NOT-FOR-US: HP Tru64 -CVE-2002-1125 +CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ea ...) NOT-FOR-US: FreeBSD -CVE-2002-1124 +CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain pri ...) {DSA-166} - purity 1-16 -CVE-2002-1121 +CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for Exchan ...) NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages. -CVE-2002-1120 +CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote att ...) NOT-FOR-US: Savant Web Server -CVE-2002-1115 +CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private bug ...) {DSA-161} - mantis 0.17.5-2 -CVE-2002-1114 +CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to exe ...) {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1110 +CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, w ...) {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1103 +CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, all ...) NOT-FOR-US: Cisco -CVE-2002-1101 +CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, all ...) NOT-FOR-US: Cisco -CVE-2002-1100 +CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOT-FOR-US: Cisco -CVE-2002-1094 +CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x befor ...) NOT-FOR-US: Cisco -CVE-2002-1090 +CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) - libesmtp 0.8.11-1 -CVE-2002-1089 +CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides sens ...) NOT-FOR-US: Oracle -CVE-2002-1087 +CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.ph ...) NOT-FOR-US: ezContents -CVE-2002-1086 +CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) NOT-FOR-US: ezContents -CVE-2002-1085 +CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and e ...) NOT-FOR-US: ezContents -CVE-2002-1084 +CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not prope ...) NOT-FOR-US: ezContents -CVE-2002-1083 +CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier all ...) NOT-FOR-US: ezContents -CVE-2002-1082 +CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows rem ...) NOT-FOR-US: ezContents -CVE-2002-1080 +CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 a ...) NOT-FOR-US: Abyss -CVE-2002-1078 +CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory conte ...) NOT-FOR-US: Abyss -CVE-2002-1077 +CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote attacke ...) NOT-FOR-US: IPSwitch -CVE-2002-1075 +CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) NOT-FOR-US: Pegasus -CVE-2002-1073 +CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 allow ...) NOT-FOR-US: MERCUR Mailserver -CVE-2002-1072 +CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows re ...) NOT-FOR-US: ZyXEL -CVE-2002-1071 +CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of servi ...) NOT-FOR-US: ZyXEL -CVE-2002-1070 +CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module all ...) - phpwiki 1.3.4-1 -CVE-2002-1069 +CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) NOT-FOR-US: D-Link hardware -CVE-2002-1068 +CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) NOT-FOR-US: D-Link hardware -CVE-2002-1067 +CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware 7.1. ...) NOT-FOR-US: IC9 Print Server -CVE-2002-1066 +CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) NOT-FOR-US: Jana Server -CVE-2002-1065 +CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, doe ...) NOT-FOR-US: Jana Server -CVE-2002-1064 +CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, gen ...) NOT-FOR-US: Jana Server -CVE-2002-1063 +CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, all ...) NOT-FOR-US: Jana Server -CVE-2002-1062 +CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1. ...) NOT-FOR-US: Jana Server -CVE-2002-1061 +CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2. ...) NOT-FOR-US: Jana Server -CVE-2002-1058 +CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3 ...) NOT-FOR-US: Cobalt Qube -CVE-2002-1055 +CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h prin ...) NOT-FOR-US: Brother hardware -CVE-2002-1052 +CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) NOT-FOR-US: Jigsaw -CVE-2002-1048 +CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the administrat ...) NOT-FOR-US: HP printers -CVE-2002-1047 +CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote atta ...) NOT-FOR-US: Soho Firewall -CVE-2002-1045 +CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Ultrafunk Popcorn -CVE-2002-1044 +CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to c ...) NOT-FOR-US: Ultrafunk Popcorn -CVE-2002-1043 +CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Ultrafunk Popcorn -CVE-2002-1042 +CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ser ...) NOT-FOR-US: iPlanet -CVE-2002-1041 +CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration com ...) NOT-FOR-US: SMIT -CVE-2002-1040 +CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration utilitie ...) NOT-FOR-US: WebSecure -CVE-2002-1038 +CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.2-1 -CVE-2002-1037 +CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.2-1 -CVE-2002-1036 +CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics Sea ...) NOT-FOR-US: Fluid Dynamics -CVE-2002-1034 +CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbi ...) NOT-FOR-US: iRunBook -CVE-2002-1033 +CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) NOT-FOR-US: iRunBook -CVE-2002-1032 +CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows r ...) NOT-FOR-US: KeyFocus Web Server -CVE-2002-1029 +CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote attacke ...) NOT-FOR-US: Worldspam for Windows -CVE-2002-1028 +CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song Request ...) NOT-FOR-US: Oddsock Winamp plugin -CVE-2002-1027 +CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error scrip ...) NOT-FOR-US: Macromedia Sitespring -CVE-2002-1026 +CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2. ...) NOT-FOR-US: Macromedia Sitespring -CVE-2002-1023 +CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: BadBlue -CVE-2002-1022 +CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, whic ...) NOT-FOR-US: BadBlue -CVE-2002-1021 +CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) NOT-FOR-US: BadBlue -CVE-2002-1020 +CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote attac ...) NOT-FOR-US: Adobe -CVE-2002-1019 +CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote attac ...) NOT-FOR-US: Adobe -CVE-2002-1018 +CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) NOT-FOR-US: Adobe -CVE-2002-1017 +CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other s ...) NOT-FOR-US: Adobe -CVE-2002-1016 +CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, prin ...) NOT-FOR-US: Adobe -CVE-2002-1012 +CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) Ma ...) NOT-FOR-US: Tivoli -CVE-2002-1011 +CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) En ...) NOT-FOR-US: Tivoli -CVE-2002-1010 +CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) NOT-FOR-US: Domino -CVE-2002-1009 +CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as include ...) NOT-FOR-US: PowerBASIC -CVE-2002-1008 +CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as incl ...) NOT-FOR-US: PowerBASIC -CVE-2002-1007 +CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote atta ...) NOT-FOR-US: Blackboard -CVE-2002-1005 +CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to caus ...) NOT-FOR-US: ArGoSoft -CVE-2002-1003 +CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote attacker ...) NOT-FOR-US: MyWebServer -CVE-2002-1001 +CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) NOT-FOR-US: AnalogX Proxy -CVE-2002-0999 +CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) NOT-FOR-US: CARE -CVE-2002-0998 +CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) NOT-FOR-US: CARE -CVE-2002-0997 +CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) NOT-FOR-US: Novell -CVE-2002-0996 +CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) NOT-FOR-US: Novell -CVE-2002-0994 +CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote a ...) NOT-FOR-US: SunPci II VNC -CVE-2002-0993 +CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) NOT-FOR-US: HP -CVE-2002-0992 +CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced o ...) NOT-FOR-US: HP -CVE-2002-0991 +CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01 ...) NOT-FOR-US: HP -CVE-2002-0983 +CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) {DSA-157} - irssi-text 0.8.5-2 -CVE-2002-0982 +CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, allow ...) NOT-FOR-US: Microsoft -CVE-2002-0980 +CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an e ...) NOT-FOR-US: Microsoft -CVE-2002-0979 +CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet Expl ...) NOT-FOR-US: Microsoft -CVE-2002-0978 +CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allow ...) NOT-FOR-US: Microsoft -CVE-2002-0977 +CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX contr ...) NOT-FOR-US: Microsoft -CVE-2002-0976 +CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read arbitr ...) NOT-FOR-US: Microsoft -CVE-2002-0975 +CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xwe ...) NOT-FOR-US: Microsoft -CVE-2002-0973 +CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 REL ...) NOT-FOR-US: FreeBSD -CVE-2002-0972 +CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial o ...) {DSA-165} - postgresql 7.2.2-1 -CVE-2002-0971 +CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ex ...) NOT-FOR-US: Microsoft Windows specific -CVE-2002-0966 +CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) NOT-FOR-US: 4D web server -CVE-2002-0963 +CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earli ...) NOT-FOR-US: GeekLog -CVE-2002-0962 +CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allo ...) NOT-FOR-US: GeekLog -CVE-2002-0961 +CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote att ...) NOT-FOR-US: Voxel Dot Net CBMS -CVE-2002-0960 +CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0. ...) NOT-FOR-US: Voxel Dot Net CBMS -CVE-2002-0959 +CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote a ...) NOT-FOR-US: Splatt Forum -CVE-2002-0957 +CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) NOT-FOR-US: BlackICE Agent -CVE-2002-0956 +CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system stand ...) NOT-FOR-US: BlackICE Agent -CVE-2002-0955 +CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulleti ...) NOT-FOR-US: YaBB -CVE-2002-0954 +CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) NOT-FOR-US: Cisco -CVE-2002-0951 +CVE-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remot ...) NOT-FOR-US: Ruslan -CVE-2002-0950 +CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) NOT-FOR-US: TransWARE Active! -CVE-2002-0949 +CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain privi ...) NOT-FOR-US: Telindus ADSL router -CVE-2002-0948 +CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) NOT-FOR-US: MakeBook -CVE-2002-0944 +CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 throug ...) NOT-FOR-US: DeepMetrix LiveStats -CVE-2002-0943 +CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root wit ...) NOT-FOR-US: MetaCart -CVE-2002-0942 +CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) NOT-FOR-US: Lugiment Log Explorer -CVE-2002-0940 +CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) NOT-FOR-US: nCipher MSCAPI -CVE-2002-0939 +CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator C ...) NOT-FOR-US: nCipher MSCAPI -CVE-2002-0937 +CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to c ...) NOT-FOR-US: JRun -CVE-2002-0936 +CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) - tomcat 3.2.3-1 -CVE-2002-0934 +CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) NOT-FOR-US: Jon Hedley AlienForm2 -CVE-2002-0933 +CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) NOT-FOR-US: Datalex PLC BooktIt Consumer -CVE-2002-0932 +CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) NOT-FOR-US: MyHelpDesk -CVE-2002-0931 +CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possi ...) NOT-FOR-US: MyHelpDesk -CVE-2002-0930 +CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 S ...) NOT-FOR-US: Netware -CVE-2002-0929 +CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote a ...) NOT-FOR-US: Netware -CVE-2002-0928 +CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) NOT-FOR-US: pirch -CVE-2002-0926 +CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica 1 ...) NOT-FOR-US: webMathematica -CVE-2002-0925 +CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote attacke ...) NOT-FOR-US: mmftpd not in Debian anymore -CVE-2002-0924 +CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0923 +CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read arb ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0922 +CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database fi ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0921 +CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0920 +CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted password ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0919 +CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to modi ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0918 +CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the p ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0917 +CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web docu ...) NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0915 +CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to rea ...) NOT-FOR-US: Xandros specific tool -CVE-2002-0913 +CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) NOT-FOR-US: Slurp NNTP -CVE-2002-0912 +CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other opera ...) NOTE: DSA-129 -CVE-2002-0910 +CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers t ...) NOTE: netstd -CVE-2002-0909 +CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) NOT-FOR-US: mnews -CVE-2002-0908 +CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS Devi ...) NOT-FOR-US: Cisco -CVE-2002-0907 +CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 al ...) NOT-FOR-US: SHOUTcast -CVE-2002-0905 +CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) NOT-FOR-US: Informix -CVE-2002-0903 +CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small nu ...) NOT-FOR-US: wbboard -CVE-2002-0902 +CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remo ...) - phpbb2 2.0.6c-1 -CVE-2002-0901 +CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) - amanda 2.4.0b6-1 -CVE-2002-0899 +CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to by ...) NOT-FOR-US: Falcon -CVE-2002-0896 +CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) - swatch 3.0.4-1 -CVE-2002-0894 +CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a de ...) NOT-FOR-US: NewAtlanta ServletExec -CVE-2002-0893 +CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) NOT-FOR-US: NewAtlanta ServletExec -CVE-2002-0888 +CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, a ...) NOT-FOR-US: 3com -CVE-2002-0886 +CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote att ...) NOT-FOR-US: Cisco -CVE-2002-0885 +CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and pos ...) NOT-FOR-US: Solaris -CVE-2002-0884 +CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on Sol ...) NOT-FOR-US: Solaris -CVE-2002-0883 +CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1 ...) NOT-FOR-US: Compaq -CVE-2002-0882 +CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 a ...) NOT-FOR-US: Cisco -CVE-2002-0881 +CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default admini ...) NOT-FOR-US: Cisco -CVE-2002-0880 +CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attacke ...) NOT-FOR-US: Cisco -CVE-2002-0879 +CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to rea ...) NOT-FOR-US: CFXImage -CVE-2002-0878 +CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software i ...) NOT-FOR-US: LogiSense -CVE-2002-0877 +CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 a ...) NOT-FOR-US: Shambala -CVE-2002-0876 +CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Shambala -CVE-2002-0874 +CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ru ...) {DSA-150} - interchange 4.8.6-1 -CVE-2002-0870 +CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series a ...) NOT-FOR-US: Cisco -CVE-2002-0869 +CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for Microso ...) NOT-FOR-US: IIS CVE-2002-0868 RESERVED -CVE-2002-0863 +CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and R ...) NOT-FOR-US: Windows -CVE-2002-0862 +CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) NOT-FOR-US: Microsoft -CVE-2002-0861 +CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote atta ...) NOT-FOR-US: Microsoft -CVE-2002-0858 +CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a def ...) NOT-FOR-US: Oracle -CVE-2002-0857 +CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility (lsnr ...) NOT-FOR-US: Oracle -CVE-2002-0855 +CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows rem ...) {DSA-147} - mailman 2.0.12-1 -CVE-2002-0854 +CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) NOT-FOR-US: SuSE specific -CVE-2002-0852 +CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 a ...) NOT-FOR-US: Cisco -CVE-2002-0849 +CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with wor ...) NOT-FOR-US: iSCSI -CVE-2002-0843 +CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) i ...) {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 CVE-2002-0841 REJECTED -CVE-2002-0839 +CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x befor ...) {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 -CVE-2002-0838 +CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier ...) {DSA-182 DSA-179 DSA-176} - kdegraphics 4:2.2.2-6.9 - gnome-gv 1.99.7-9 - gv 1:3.5.8-27 -CVE-2002-0837 +CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remo ...) - wordtrans 1.1pre9 -CVE-2002-0834 +CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier a ...) {DSA-162} - ethereal 0.9.6-1 -CVE-2002-0833 +CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ot ...) NOT-FOR-US: Eudora -CVE-2002-0832 +CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cook ...) NOT-FOR-US: Internet Explorer CVE-2002-0828 REJECTED -CVE-2002-0827 +CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows loc ...) NOT-FOR-US: UnixWare -CVE-2002-0825 +CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 a ...) - libnss-ldap 199-1 -CVE-2002-0822 +CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial o ...) - ethereal 0.9.4-1woody1 -CVE-2002-0821 +CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) - ethereal 0.9.4-1woody1 -CVE-2002-0820 +CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) NOT-FOR-US: FreeBSD -CVE-2002-0819 +CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, allo ...) - arts <not-affected> (artscontrol not suid root) -CVE-2002-0815 +CVE-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netsc ...) - mozilla 2:1.0.0-1 -CVE-2002-0812 +CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) NOT-FOR-US: Compaq hardware -CVE-2002-0811 +CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) NOTE: bugzilla 2.16.0-2.1 -CVE-2002-0807 +CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, a ...) NOTE: bugzilla 2.16.0-2.1 -CVE-2002-0803 +CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote at ...) NOTE: bugzilla 2.16.0-2.1 -CVE-2002-0800 +CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of director ...) NOT-FOR-US: BadBlue -CVE-2002-0799 +CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) NOT-FOR-US: YoungZoft -CVE-2002-0798 +CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local user ...) NOT-FOR-US: HP -CVE-2002-0797 +CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris 5. ...) NOT-FOR-US: Solaris -CVE-2002-0796 +CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for Sol ...) NOT-FOR-US: Solaris -CVE-2002-0793 +CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) NOT-FOR-US: QNX -CVE-2002-0792 +CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) 11 ...) NOT-FOR-US: Cisco -CVE-2002-0791 +CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) NOT-FOR-US: Novell -CVE-2002-0787 +CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) NOT-FOR-US: iCon -CVE-2002-0786 +CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory Serv ...) NOT-FOR-US: Critical Path inJoin Directory Server -CVE-2002-0784 +CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b allo ...) NOT-FOR-US: Lidik web server -CVE-2002-0783 +CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Opera -CVE-2002-0782 +CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled all ...) NOT-FOR-US: Novell -CVE-2002-0781 +CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) NOT-FOR-US: Novell -CVE-2002-0780 +CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attack ...) NOT-FOR-US: Novell -CVE-2002-0779 +CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote atta ...) NOT-FOR-US: Novell -CVE-2002-0775 +CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view arbit ...) NOT-FOR-US: Hosting Controller -CVE-2002-0774 +CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default p ...) NOT-FOR-US: Hosting Controller -CVE-2002-0773 +CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) NOT-FOR-US: Hosting Controller -CVE-2002-0772 +CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting Contro ...) NOT-FOR-US: Hosting Controller -CVE-2002-0771 +CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 al ...) - viewcvs 0.9.2-5 -CVE-2002-0770 +CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain se ...) NOT-FOR-US: Historic Quake2 issue -CVE-2002-0769 +CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog Tel ...) NOT-FOR-US: Cisco -CVE-2002-0767 +CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file desc ...) NOT-FOR-US: simpleinit -CVE-2002-0764 +CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: Phorum -CVE-2002-0763 +CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on HP-U ...) NOT-FOR-US: HP -CVE-2002-0757 +CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled al ...) - webmin 0.980-1 - usermin 0.910-1 -CVE-2002-0756 +CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) - webmin 0.980-1 - usermin 0.910-1 -CVE-2002-0753 +CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to exec ...) NOT-FOR-US: Talentsoft -CVE-2002-0752 +CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) NOT-FOR-US: CGIscript.net -CVE-2002-0751 +CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use csMa ...) NOT-FOR-US: CGIscript.net -CVE-2002-0750 +CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read arb ...) NOT-FOR-US: CGIscript.net -CVE-2002-0749 +CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute arbitrar ...) NOT-FOR-US: CGIscript.net -CVE-2002-0747 +CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) NOT-FOR-US: AIX -CVE-2002-0746 +CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure li ...) NOT-FOR-US: AIX -CVE-2002-0745 +CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) NOT-FOR-US: AIX -CVE-2002-0744 +CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long argument ...) NOT-FOR-US: AIX -CVE-2002-0743 +CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long arg ...) NOT-FOR-US: AIX -CVE-2002-0742 +CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) NOT-FOR-US: AIX -CVE-2002-0740 +CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed setui ...) - slrn 0.9.6.2-9 -CVE-2002-0739 +CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to i ...) NOT-FOR-US: PostCalendat -CVE-2002-0735 +CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) - squid <not-affected> (Historic vulnerability, fixed before Woody was released) -CVE-2002-0732 +CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote at ...) NOT-FOR-US: MyGuestbook -CVE-2002-0731 +CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for vqServ ...) NOT-FOR-US: vqServer -CVE-2002-0730 +CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip Chinery' ...) NOT-FOR-US: guestbook -CVE-2002-0728 +CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before 1.2. ...) {DSA-140} - libpng 1.0.12-4 - libpng3 1.2.1-2 -CVE-2002-0725 +CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local a ...) NOT-FOR-US: windows -CVE-2002-0724 +CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft Wi ...) NOT-FOR-US: windows -CVE-2002-0723 +CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the d ...) NOT-FOR-US: internet explorer -CVE-2002-0721 +CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for e ...) NOT-FOR-US: Microsoft SQL Server -CVE-2002-0717 +CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of servi ...) - php4 4:4.2.2-1 -CVE-2002-0715 +CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy authenticat ...) - squid 2.4.6-2 -CVE-2002-0713 +CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) - squid 2.4.6-2 -CVE-2002-0712 +CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly requir ...) NOT-FOR-US: EASM -CVE-2002-0711 +CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) NOT-FOR-US: HP -CVE-2002-0709 +CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for SurfContro ...) NOT-FOR-US: no_package -CVE-2002-0708 +CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for SurfCo ...) NOT-FOR-US: no_package -CVE-2002-0707 +CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows rem ...) NOT-FOR-US: no_package -CVE-2002-0706 +CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout We ...) NOT-FOR-US: no_package -CVE-2002-0705 +CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) NOT-FOR-US: no_package -CVE-2002-0702 +CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) - dhcp3 3.0+3.0.1rc9-1 -CVE-2002-0699 +CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) NOT-FOR-US: windows -CVE-2002-0693 +CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Micro ...) NOT-FOR-US: windows -CVE-2002-0690 +CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator (e ...) NOT-FOR-US: McAfee CVE-2002-0689 RESERVED -CVE-2002-0686 +CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) 4 ...) NOT-FOR-US: no_package -CVE-2002-0684 +CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of netwo ...) - glibc 2.2.5-8 -CVE-2002-0683 +CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote attacke ...) NOT-FOR-US: no_package -CVE-2002-0681 +CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows re ...) NOT-FOR-US: no_package -CVE-2002-0680 +CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows rem ...) NOT-FOR-US: no_package -CVE-2002-0677 +CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to o ...) NOT-FOR-US: no_package -CVE-2002-0675 +CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...) NOT-FOR-US: no_package -CVE-2002-0670 +CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...) NOT-FOR-US: no_package -CVE-2002-0669 +CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...) NOT-FOR-US: no_package -CVE-2002-0667 +CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ha ...) NOT-FOR-US: no_package -CVE-2002-0666 +CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not prop ...) {DSA-201} - freeswan 1.99-1 -CVE-2002-0664 +CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) NOT-FOR-US: ZMerge -CVE-2002-0661 +CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Wind ...) - apache2 2.0.40 -CVE-2002-0660 +CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody ...) {DSA-140} - libpng 1.0.12-4 - libpng3 1.2.1-2 -CVE-2002-0659 +CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...) {DSA-136} - openssl 0.9.6e-1 -CVE-2002-0657 +CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ena ...) {DSA-136} - openssl 0.9.6e-1 -CVE-2002-0656 +CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...) {DSA-136} - openssl 0.9.6e-1 -CVE-2002-0655 +CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not prop ...) {DSA-136} - openssl 0.9.6e-1 -CVE-2002-1412 +CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly rem ...) {DSA-138} - gallery 1.3-3 -CVE-2002-1574 +CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before 2.4.2 ...) NOTE: fixed after 2.6/2.4.20 kernel -CVE-2002-1560 +CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass authenticatio ...) NOT-FOR-US: gbook not in Debian -CVE-2002-1552 +CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...) NOT-FOR-US: novell -CVE-2002-1550 +CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary fi ...) NOT-FOR-US: AIX -CVE-2002-1549 +CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...) NOT-FOR-US: lhttpd not in Debian -CVE-2002-1548 +CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ma ...) NOT-FOR-US: AIX -CVE-2002-1547 +CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...) NOT-FOR-US: Netscreen -CVE-2002-1543 +CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...) NOT-FOR-US: NetBSD -CVE-2002-1541 +CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...) NOT-FOR-US: BadBlue not in Debian -CVE-2002-1540 +CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x befor ...) NOT-FOR-US: norton -CVE-2002-1538 +CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote authenti ...) NOT-FOR-US: acusend not in Debian -CVE-2002-1537 +CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administra ...) - phpbb2 2.0.6c-1 NOTE: according to http://www.securityfocus.com/archive/1/297419 NOTE: phpBB versions above 2.0.0 are not vulnerable. -CVE-2002-1534 +CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary file ...) NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian -CVE-2002-1532 +CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: surfcontrol -CVE-2002-1531 +CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: surfcontrol -CVE-2002-1530 +CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: surfcontrol -CVE-2002-1529 +CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the admin ...) NOT-FOR-US: surfcontrol -CVE-2002-1528 +CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the s ...) NOT-FOR-US: mondosearch -CVE-2002-1524 +CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) all ...) NOT-FOR-US: winamp -CVE-2002-1521 +CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...) NOT-FOR-US: webserver 4D -CVE-2002-1520 +CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and R ...) NOT-FOR-US: WatchGuard -CVE-2002-1519 +CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard Firebo ...) NOT-FOR-US: WatchGuard -CVE-2002-1518 +CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions whi ...) NOT-FOR-US: IRIX -CVE-2002-1517 +CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ac ...) NOT-FOR-US: IRIX -CVE-2002-1516 +CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows loc ...) NOT-FOR-US: IRIX -CVE-2002-1514 +CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite file ...) NOT-FOR-US: interbase -CVE-2002-1513 +CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 a ...) NOT-FOR-US: OpenVMS -CVE-2002-1511 +CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() functi ...) - vnc 3.3.3r2-21 -CVE-2002-1510 +CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary att ...) - xfree86 4.1.0-7 -CVE-2002-1509 +CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...) NOT-FOR-US: redhat and mandrake only -CVE-2002-1505 +CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board (wB ...) NOT-FOR-US: WoltLab Burning Board not in Debian -CVE-2002-1502 +CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...) NOT-FOR-US: xbreaky not in Debian -CVE-2002-1501 +CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) befor ...) NOT-FOR-US: Enterasys -CVE-2002-1497 +CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...) NOT-FOR-US: Null HTTP Server not in Debian -CVE-2002-1496 +CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allow ...) NOT-FOR-US: Null HTTP Server not in Debian -CVE-2002-1494 +CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows r ...) NOT-FOR-US: Aestiva -CVE-2002-1493 +CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook a ...) NOT-FOR-US: Lycos -CVE-2002-1491 +CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most rece ...) NOT-FOR-US: Cisco -CVE-2002-1490 +CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of se ...) NOT-FOR-US: NetBSD -CVE-2002-1479 +CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext i ...) - cacti 0.6.8-1 -CVE-2002-1478 +CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...) {DSA-164} - cacti 0.6.8a-2 -CVE-2002-1477 +CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti adm ...) {DSA-164} - cacti 0.6.8a-2 -CVE-2002-1476 +CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...) NOT-FOR-US: NetBSD -CVE-2002-1472 +CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...) - xfree86 4.2.1-1 (bug #280872) -CVE-2002-1471 +CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ve ...) - evolution 1.2.0-1 (bug #280883) -CVE-2002-1469 +CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...) - scponly 3.8-1 NOTE: according to http://web.archive.org/web/20150425070754/http://sublimation.org/scponly/ (scponly home page) NOTE: only versions of scponly older than scponly-2.4 are affected -CVE-2002-1468 +CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ar ...) NOT-FOR-US: AIX -CVE-2002-1463 +CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...) NOT-FOR-US: symantec -CVE-2002-1448 +CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...) NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products -CVE-2002-1447 +CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before 3. ...) NOT-FOR-US: Cisco -CVE-2002-1446 +CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric v ...) NOT-FOR-US: nCipher PKCS#11 library -CVE-2002-1443 +CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to monit ...) NOT-FOR-US: Google toolbar -CVE-2002-1438 +CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 all ...) NOT-FOR-US: Perl on Novell -CVE-2002-1437 +CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...) NOT-FOR-US: Perl on Novell -CVE-2002-1436 +CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 all ...) NOT-FOR-US: Perl on Novell -CVE-2002-1435 +CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0 ...) NOT-FOR-US: Achievo not in Debian -CVE-2002-1430 +CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read a ...) NOT-FOR-US: Sympoll not in Debian -CVE-2002-1425 +CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...) {DSA-141} - mpack 1.5-9 -CVE-2002-1424 +CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote atta ...) - mpack 1.5-9 -CVE-2002-1420 +CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...) NOT-FOR-US: OpenBSD -CVE-2002-1419 +CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes th ...) NOT-FOR-US: IRIX on Origin -CVE-2002-1418 +CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting Serve ...) NOT-FOR-US: Novell NetBasic Scripting Server -CVE-2002-1417 +CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...) NOT-FOR-US: Novell NetBasic Scripting Server -CVE-2002-1414 +CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges vi ...) - qmailadmin 1.0.6-1 -CVE-2002-1413 +CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, al ...) NOT-FOR-US: RCONAG6 for Novell Netware SP2 -CVE-2002-1407 +CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...) NOT-FOR-US: TinySSL not in Debian -CVE-2002-1405 +CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote a ...) {DSA-210} - lynx 2.8.4.1b-4 - lynx-ssl 1:2.8.4.1b-3.1 CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla] - bugzilla 2.16.2-1 -CVE-2002-1403 +CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to exe ...) {DSA-219} - dhcpcd 1:1.3.22pl2-2 NOTE: Debian sarge uses dhcp >= 2.0 -CVE-2002-1396 +CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...) - php4 4:4.3.2+rc3-1 NOTE: according to http://www.securityfocus.com/bid/6488 NOTE: woody is not vulnerable -CVE-2002-1394 +CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet a ...) {DSA-225} - tomcat4 4.1.16-1 -CVE-2002-1392 +CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...) - mgetty 1.1.30-1 NOTE: woody version seems to be vulnerable see bug #199351 -CVE-2002-1391 +CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...) - mgetty 1.1.30-1 NOTE: woody version seems to be vulnerable see bug #199351 -CVE-2002-1390 +CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...) {DSA-223} - geneweb 4.09-1 -CVE-2002-1389 +CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to g ...) {DSA-217} - typespeed 0.4.2-2 -CVE-2002-1388 +CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allo ...) {DSA-221} - mhonarc 2.5.14-1 -CVE-2002-1385 +CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users t ...) - openwebmail 1.90-1 -CVE-2002-1384 +CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...) {DSA-232 DSA-226 DSA-222} - xpdf-i 2.01-2 - xpdf 2.01-2 - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1382 +CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to exe ...) - flashplugin-nonfree 6.0.69-1 -CVE-2002-1381 +CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...) - exim4 4.11-0.0.1 - exim 3.36-14 -CVE-2002-1380 +CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service (cr ...) {DSA-336} - kernel-source-2.2.25 2.2.25-2 -CVE-2002-1377 +CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to exec ...) - vim 6.1.263-1 NOTE: woody seems to be still vulnerable NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003 @@ -3165,1254 +3165,1254 @@ CVE-2002-1377 NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this. NOTE: No response from maintainer, I have mailed security team. NOTE: Martin Schulze don't consider this as an issue for updating woody. -CVE-2002-1375 +CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4. ...) {DSA-212} - mysql <removed> -CVE-2002-1374 +CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x befor ...) {DSA-212} - mysql <removed> -CVE-2002-1373 +CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3 ...) {DSA-212} - mysql <removed> -CVE-2002-1372 +CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not prop ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1371 +CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 throu ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1369 +CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 doe ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1367 +CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1366 +CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1365 +CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not acc ...) {DSA-216} - fetchmail 6.2.0-1 -CVE-2002-1364 +CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...) {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1363 +CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...) {DSA-213} - libpng 1.0.12-7 - libpng3 1.2.5-8 -CVE-2002-1362 +CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of se ...) {DSA-211} - micq 0.4.9.4-1 -CVE-2002-1361 +CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Har ...) NOT-FOR-US: sun -CVE-2002-1350 +CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...) {DSA-206} - tcpdump 3.7.2-1 NOTE: The fix from 3.6.2-2.2 was not upload to unstable. CVE-2002-XXXX [Multiple buffer overflows in gtetrinet] - gtetrinet 0.4.4-1 -CVE-2002-1349 +CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 all ...) NOT-FOR-US: PC-cillin -CVE-2002-1348 +CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attri ...) {DSA-251 DSA-250 DSA-249} - w3m 0.3.2.2-1 - w3mmee 0.3.p24.17-3 -CVE-2002-1337 +CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...) {DSA-257} - sendmail 8.13.0.PreAlpha4-0 - sendmail-wine <removed> NOTE: problem in sendmail 8.12, sarge uses 8.13 -CVE-2002-1336 +CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...) - tightvnc 1.2.6-1 -CVE-2002-1327 +CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...) NOT-FOR-US: windows -CVE-2002-1325 +CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remot ...) NOT-FOR-US: windows -CVE-2002-1323 +CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may al ...) {DSA-208} - perl 5.8.0-14 -CVE-2002-1320 +CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ser ...) NOT-FOR-US: pine not in Debian -CVE-2002-1319 +CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 sy ...) NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable) -CVE-2002-1318 +CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers t ...) {DSA-200} - samba 2.2.7 -CVE-2002-1317 +CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...) NOT-FOR-US: solaris -CVE-2002-1313 +CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...) {DSA-198} - nullmailer 1.00RC5-17 -CVE-2002-1311 +CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...) {DSA-197} - courier 0.40.0-1 -CVE-2002-1308 +CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote attac ...) - mozilla 2:1.2-1 NOTE: woody is vulnerable see #237422 -CVE-2002-1307 +CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...) {DSA-199} - mhonarc 2.5.13-1 -CVE-2002-1296 +CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris d ...) NOT-FOR-US: Solaris -CVE-2002-1284 +CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the pas ...) - kdeutils 4:3.2.1-1 -CVE-2002-1278 +CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...) NOTE: Linuxconf not in testing/unstable -CVE-2002-1277 +CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...) {DSA-190} - wmaker 0.80.1-4 -CVE-2002-1272 +CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a bac ...) NOT-FOR-US: Alcatel -CVE-2002-1271 +CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ea ...) {DSA-386} - libmailtools-perl 1.51 (bug #168381) -CVE-2002-1270 +CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...) NOT-FOR-US: Mac OS X -CVE-2002-1268 +CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted IS ...) NOT-FOR-US: Mac OS X -CVE-2002-1267 +CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service b ...) NOT-FOR-US: Mac OS X -CVE-2002-1266 +CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a di ...) NOT-FOR-US: Mac OS X -CVE-2002-1265 +CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not pr ...) NOTE: don't know which version of glibc fix this NOTE: I've mailed maintainers. -CVE-2002-1264 +CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 da ...) NOT-FOR-US: oracle -CVE-2002-1260 +CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machin ...) NOT-FOR-US: Microsoft JVM -CVE-2002-1257 +CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allo ...) NOT-FOR-US: Microsoft JVM -CVE-2002-1256 +CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...) NOT-FOR-US: Microsoft Windows -CVE-2002-1255 +CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Microsoft Outlook -CVE-2002-1253 +CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via comma ...) NOT-FOR-US: Abuse 2.00 not in Debian -CVE-2002-1252 +CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...) NOT-FOR-US: PeopleSoft -CVE-2002-1251 +CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...) {DSA-186} - log2mail 0.2.6-1 -CVE-2002-1250 +CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain r ...) NOT-FOR-US: Abuse 2.00 not in Debian -CVE-2002-1248 +CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other vers ...) NOT-FOR-US: Xeneo Web Server -CVE-2002-1245 +CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ex ...) {DSA-189} - luxman 0.41-19 -CVE-2002-1244 +CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...) NOT-FOR-US: Pablo FTP Server -CVE-2002-1242 +CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authe ...) NOT-FOR-US: PHP-Nuke not in Debian -CVE-2002-1239 +CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...) NOT-FOR-US: QNX -CVE-2002-1236 +CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast Cable/D ...) NOT-FOR-US: Linksys -CVE-2002-1232 +CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS p ...) {DSA-180} - nis 3.9-6.2 -CVE-2002-1231 +CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a d ...) NOT-FOR-US: SCO -CVE-2002-1230 +CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2 ...) NOT-FOR-US: Windows NT -CVE-2002-1227 +CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) pass ...) {DSA-177} - pam 0.76-6 -CVE-2002-1224 +CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0 ...) - kdenetwork 4:3.1.0-1 -CVE-2002-1223 +CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView i ...) - kdegraphics 4:3.1.0-1 -CVE-2002-1222 +CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst switche ...) NOT-FOR-US: CISCO -CVE-2002-1221 +CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of se ...) {DSA-196} - bind 1:8.3.3-3 - bind9 <not-affected> -CVE-2002-1220 +CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...) {DSA-196} - bind 1:8.3.3-3 - bind9 <not-affected> -CVE-2002-1219 +CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...) {DSA-196} - bind 1:8.3.3-3 - bind9 <not-affected> -CVE-2002-1214 +CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 20 ...) NOT-FOR-US: Microsoft -CVE-2002-1211 +CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute arbitrar ...) NOT-FOR-US: Prometheus not in Debian -CVE-2002-1200 +CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when u ...) {DSA-175} - syslog-ng 1.5.21-1 -CVE-2002-1199 +CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary fi ...) NOT-FOR-US: ypxfrd not in Debian -CVE-2002-1198 +CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes fro ...) - bugzilla 2.16.1-1 NOTE: woody seems to be vulnerable, bug #282500 -CVE-2002-1197 +CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...) - bugzilla 2.16.1-1 NOTE: woody seems to be vulnerable, bug #282501 -CVE-2002-1196 +CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2 ...) {DSA-173} - bugzilla 2.16.0-2.1 -CVE-2002-1195 +CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ht:/ ...) {DSA-169} - htcheck 1:1.1-1.2 -CVE-2002-1193 +CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite f ...) {DSA-172} - tkmail <removed> -CVE-2002-1189 +CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block in ...) NOT-FOR-US: CISCO -CVE-2002-1188 +CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...) NOT-FOR-US: Microsoft -CVE-2002-1187 +CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 thr ...) NOT-FOR-US: Microsoft -CVE-2002-1186 +CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...) NOT-FOR-US: Microsoft -CVE-2002-1185 +CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain par ...) NOT-FOR-US: Microsoft -CVE-2002-1184 +CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default permissio ...) NOT-FOR-US: Microsoft -CVE-2002-1183 +CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Bas ...) NOT-FOR-US: Microsoft -CVE-2002-1182 +CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: Microsoft -CVE-2002-1180 +CVE-2002-1180 (A typographical error in the script source access permissions for Inte ...) NOT-FOR-US: Microsoft -CVE-2002-1179 +CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...) NOT-FOR-US: Microsoft -CVE-2002-1178 +CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ser ...) - jetty 4.1.0 -CVE-2002-1170 +CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon i ...) - net-snmp 5.0.6 -CVE-2002-1169 +CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1. ...) NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server -CVE-2002-1160 +CVE-2002-1160 (The default configuration of the pam_xauth module forwards MIT-Magic-C ...) NOT-FOR-US: pam_xauth -CVE-2002-1159 +CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which allow ...) {DSA-224} - canna 3.6p1-1 -CVE-2002-1158 +CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and earlie ...) {DSA-224} - canna 3.6p1-1 -CVE-2002-1157 +CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...) {DSA-181} - libapache-mod-ssl 2.8.9-2.3 -CVE-2002-1156 +CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...) - apache2 2.0.43 -CVE-2002-1154 +CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the PROG ...) - analog 2:5.23 -CVE-2002-1153 +CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: IBM Websphere -CVE-2002-1152 +CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secur ...) - kdebase 3.03 -CVE-2002-1151 +CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...) {DSA-167} - kdelibs 4:2.2.2-14 -CVE-2002-1148 +CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in T ...) {DSA-170} - tomcat4 4.1.12-1 -CVE-2002-1147 +CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch firmwar ...) NOT-FOR-US: HP Procurve 4000M Switch firmware -CVE-2002-1146 +CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...) NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc) NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind) - glibc 2.3 - bind 1:8.3.3 -CVE-2002-1142 +CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...) NOT-FOR-US: Microsoft -CVE-2002-1141 +CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...) NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP -CVE-2002-1140 +CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...) NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP -CVE-2002-1139 +CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack ...) NOT-FOR-US: Microsoft -CVE-2002-1138 +CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MS ...) NOT-FOR-US: Microsoft -CVE-2002-1137 +CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles us ...) NOT-FOR-US: Microsoft -CVE-2002-1135 +CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, all ...) NOT-FOR-US: phpWebSite -CVE-2002-1132 +CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine th ...) {DSA-191} - squirrelmail 1:1.2.8-1.1 -CVE-2002-1126 +CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape a ...) - mozilla 2:1.2 -CVE-2002-1123 +CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL Serve ...) NOT-FOR-US: Microsoft -CVE-2002-1122 +CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2. ...) NOT-FOR-US: Microsoft -CVE-2002-1119 +CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary f ...) {DSA-159} - python1.5 1.5.2-24 - python2.1 2.1.3-6a - python2.2 2.2.1-8 - python2.3 <not-affected> -CVE-2002-1118 +CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...) NOT-FOR-US: Oracle -CVE-2002-1117 +CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymo ...) NOT-FOR-US: Veritas Backup Exec -CVE-2002-1116 +CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ear ...) {DSA-161} - mantis 0.17.5-2 -CVE-2002-1113 +CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...) {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1112 +CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs with ...) {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1111 +CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify th ...) {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1109 +CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows us ...) NOTE: old amavis shell script -CVE-2002-1108 +CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco -CVE-2002-1107 +CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco -CVE-2002-1106 +CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco -CVE-2002-1105 +CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco -CVE-2002-1104 +CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x befo ...) NOT-FOR-US: Cisco -CVE-2002-1102 +CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...) NOT-FOR-US: Cisco -CVE-2002-1099 +CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOT-FOR-US: Cisco -CVE-2002-1098 +CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTP ...) NOT-FOR-US: Cisco -CVE-2002-1097 +CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restri ...) NOT-FOR-US: Cisco -CVE-2002-1096 +CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restri ...) NOT-FOR-US: Cisco -CVE-2002-1095 +CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...) NOT-FOR-US: Cisco -CVE-2002-1093 +CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...) NOT-FOR-US: Cisco -CVE-2002-1092 +CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when conf ...) NOT-FOR-US: Cisco -CVE-2002-1091 +CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...) - mozilla 2:1.0.2 -CVE-2002-1088 +CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...) NOT-FOR-US: Novell GroupWise -CVE-2002-1081 +CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote at ...) NOT-FOR-US: Abyss Web Server -CVE-2002-1079 +CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows rem ...) NOT-FOR-US: Abyss Web Server -CVE-2002-1076 +CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...) NOT-FOR-US: Ipswitch IMail -CVE-2002-1060 +CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerl ...) NOT-FOR-US: CacheFlow CacheOS -CVE-2002-1059 +CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...) NOT-FOR-US: Van Dyke SecureCRT SSH client -CVE-2002-1057 +CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows re ...) NOT-FOR-US: SmartMax MailMax POP3 daemon -CVE-2002-1056 +CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...) NOT-FOR-US: Microsoft -CVE-2002-1054 +CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...) NOT-FOR-US: Pablo FTP server -CVE-2002-1053 +CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server be ...) NOT-FOR-US: W3C Jigsaw Proxy Server -CVE-2002-1051 +CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG tracero ...) {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1050 +CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attacke ...) {DSA-148} - hylafax 4.1.2-2.1 -CVE-2002-1049 +CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows re ...) {DSA-148} - hylafax 4.1.2-2.1 -CVE-2002-1046 +CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebo ...) NOT-FOR-US: Watchguard Firebox firmware -CVE-2002-1039 +CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before 2 ...) - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/20020706 -CVE-2002-1035 +CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Omnicron OmniHTTPd -CVE-2002-1031 +CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list directo ...) NOT-FOR-US: KeyFocus (KF) web server -CVE-2002-1030 +CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...) NOT-FOR-US: BEA WebLogic Server and Express -CVE-2002-1025 +CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code v ...) NOT-FOR-US: JRun -CVE-2002-1024 +CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attack ...) NOT-FOR-US: Cisco -CVE-2002-1015 +CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10. ...) NOT-FOR-US: Real -CVE-2002-1014 +CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...) NOT-FOR-US: Real -CVE-2002-1013 +CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 t ...) NOT-FOR-US: Inktomi -CVE-2002-1006 +CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to Spee ...) NOT-FOR-US: Betsie -CVE-2002-1004 +CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...) NOT-FOR-US: ArGoSoft Mail Server -CVE-2002-1002 +CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attac ...) NOT-FOR-US: Novell -CVE-2002-1000 +CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attack ...) NOT-FOR-US: AnalogX SimpleServer:Shout -CVE-2002-0995 +CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges vi ...) NOT-FOR-US: PHPAuction -CVE-2002-0990 +CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 th ...) NOT-FOR-US: Symantec -CVE-2002-0989 +CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 al ...) {DSA-158} - gaim 1:0.59.1-2 -CVE-2002-0988 +CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1. ...) NOT-FOR-US: Xsco -CVE-2002-0987 +CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop pri ...) NOT-FOR-US: Xsco -CVE-2002-0986 +CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ch ...) {DSA-168} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 -CVE-2002-0985 +CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to 4 ...) {DSA-168} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 -CVE-2002-0984 +CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x befo ...) {DSA-156} - epic4-script-light 1:2.7.30p5-2 -CVE-2002-0981 +CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0. ...) NOT-FOR-US: ndcfg -CVE-2002-0974 +CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to dele ...) NOT-FOR-US: Help and Support Center for Windows XP -CVE-2002-0970 +CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ver ...) {DSA-155} - kdelibs 4:2.2.2-14 -CVE-2002-0969 +CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...) NOTE: mysql problem only affects Windows -CVE-2002-0968 +CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows re ...) NOT-FOR-US: AnalogX SimpleServer:WWW -CVE-2002-0967 +CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote att ...) NOT-FOR-US: eDonkey -CVE-2002-0965 +CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on Windo ...) NOT-FOR-US: Oracle -CVE-2002-0964 +CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...) NOT-FOR-US: Half Life -CVE-2002-0958 +CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2. ...) NOT-FOR-US: PHP Reactor -CVE-2002-0953 +CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen a ...) NOT-FOR-US: PHP Address -CVE-2002-0952 +CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 a ...) NOT-FOR-US: Cisco -CVE-2002-0947 +CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8 ...) NOT-FOR-US: Oracle -CVE-2002-0946 +CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...) NOT-FOR-US: SeaNox Devwex -CVE-2002-0945 +CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a de ...) NOT-FOR-US: SeaNox Devwex -CVE-2002-0941 +CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4. ...) NOT-FOR-US: Java on Windows -CVE-2002-0938 +CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remot ...) NOT-FOR-US: Cisco -CVE-2002-0935 +CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, al ...) - tomcat4 4.1.9-1 -CVE-2002-0916 +CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ms ...) - squid 2.4.7 -CVE-2002-0914 +CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...) - courier 0.46 -CVE-2002-0911 +CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator passwo ...) NOT-FOR-US: Caldera Volution Manager -CVE-2002-0906 +CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a cu ...) - sendmail 8.12.5 -CVE-2002-0904 +CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers t ...) - kismet 2.2.2-1 -CVE-2002-0900 +CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows r ...) NOT-FOR-US: pks -CVE-2002-0898 +CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary fil ...) NOT-FOR-US: Opera -CVE-2002-0897 +CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...) NOT-FOR-US: LocalWEB2000 -CVE-2002-0895 +CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attacke ...) NOT-FOR-US: MatuFtpServer -CVE-2002-0892 +CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows r ...) NOT-FOR-US: NewAtlanta ServletExec ISAPI -CVE-2002-0891 +CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ce ...) NOT-FOR-US: NetScreen ScreenOS -CVE-2002-0889 +CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local use ...) - qpopper 4.0.5-1 -CVE-2002-0887 +CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...) NOT-FOR-US: scoadmin -CVE-2002-0875 +CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivile ...) {DSA-154} - fam 2.6.8-1 -CVE-2002-0873 +CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the v ...) {DSA-152} - l2tpd 0.68-1 -CVE-2002-0872 +CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which allo ...) {DSA-152} - l2tpd 0.68-1 -CVE-2002-0871 +CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services th ...) {DSA-151} - xinetd 1:2.3.7-1 -CVE-2002-0867 +CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allo ...) NOT-FOR-US: Microsoft -CVE-2002-0866 +CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...) NOT-FOR-US: Microsoft -CVE-2002-0865 +CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in Micr ...) NOT-FOR-US: Microsoft -CVE-2002-0864 +CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP all ...) NOT-FOR-US: Microsoft -CVE-2002-0860 +CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office W ...) NOT-FOR-US: Microsoft -CVE-2002-0859 +CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on Mi ...) NOT-FOR-US: Microsoft -CVE-2002-0856 +CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote a ...) NOT-FOR-US: Oracle -CVE-2002-0853 +CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows re ...) NOT-FOR-US: Cisco -CVE-2002-0851 +CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) daem ...) - isdnutils 1:3.2 -CVE-2002-0850 +CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...) NOT-FOR-US: PGP corporate desktop -CVE-2002-0848 +CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, a ...) NOT-FOR-US: Cisco -CVE-2002-0847 +CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...) {DSA-145} - tinyproxy 1.4.3-3 -CVE-2002-0846 +CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...) - flashplugin-nonfree 6.0.47 -CVE-2002-0845 +CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows rem ...) NOT-FOR-US: Sun ONE -CVE-2002-0844 +CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD b ...) - cvs 1:1.11.2 -CVE-2002-0842 +CVE-2002-0842 (Format string vulnerability in certain third party modifications to mo ...) NOTE: mod_dav for apache not vulnerable according to NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html -CVE-2002-0840 +CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...) {DSA-195 DSA-188 DSA-187} - apache2 2.0.43-1 - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 -CVE-2002-0836 +CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the sy ...) {DSA-207} - tetex-bin 1.0.7+20021025-4 -CVE-2002-0835 +CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...) NOT-FOR-US: RedHat/Intel PXE daemon NOTE: this is not the one in Debian -CVE-2002-0831 +CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local us ...) NOT-FOR-US: FreeBSD -CVE-2002-0830 +CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, Net ...) NOT-FOR-US: BSD/NFS -CVE-2002-0829 +CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6 ...) NOT-FOR-US: FreeBSD -CVE-2002-0826 +CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...) NOT-FOR-US: WS FTP server -CVE-2002-0824 +CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary fil ...) NOT-FOR-US: BSD/pppd -CVE-2002-0823 +CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute arb ...) NOT-FOR-US: Windows -CVE-2002-0818 +CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...) {DSA-144} - wwwoffle 2.7d-1 -CVE-2002-0817 +CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to g ...) {DSA-139} - super 3.18.0-3 -CVE-2002-0816 +CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain roo ...) NOT-FOR-US: HP Tru64 -CVE-2002-0814 +CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...) NOT-FOR-US: VMware -CVE-2002-0813 +CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...) NOT-FOR-US: Cisco -CVE-2002-0810 +CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error me ...) - bugzilla 2.16.0 -CVE-2002-0809 +CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properl ...) - bugzilla 2.16.0 -CVE-2002-0808 +CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...) - bugzilla 2.16.0 -CVE-2002-0806 +CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authentic ...) - bugzilla 2.16.0 -CVE-2002-0805 +CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...) - bugzilla 2.16.0 -CVE-2002-0804 +CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...) - bugzilla 2.16.0 -CVE-2002-0802 +CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding cons ...) - postgresql 7.2 -CVE-2002-0801 +CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...) NOT-FOR-US: Macromedia / Windows -CVE-2002-0795 +CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local us ...) NOT-FOR-US: FreeBSD -CVE-2002-0794 +CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...) NOT-FOR-US: FreeBSD -CVE-2002-0790 +CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...) NOT-FOR-US: AIX -CVE-2002-0789 +CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...) - mnogosearch 3.1.19-3 -CVE-2002-0788 +CVE-2002-0788 (An interaction between PGP 7.0.3 with the "wipe deleted files" option, ...) NOT-FOR-US: windows -CVE-2002-0785 +CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...) NOT-FOR-US: AOL AIM -CVE-2002-0778 +CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and Cont ...) NOT-FOR-US: CISCO -CVE-2002-0777 +CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlie ...) NOT-FOR-US: Ipswitch not in Debian -CVE-2002-0776 +CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...) NOT-FOR-US: Hosting Controller 2002 -CVE-2002-0768 +CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and po ...) - lukemftp 1.5-7 -CVE-2002-0766 +CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of servic ...) NOT-FOR-US: OpenBSD -CVE-2002-0765 +CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...) - openssh 1:3.3p1-0.0woody1 -CVE-2002-0762 +CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the /etc/pass ...) NOT-FOR-US: SUSE specific -CVE-2002-0761 +CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1 ...) NOT-FOR-US: FreeBSD and OpenLinux -CVE-2002-0760 +CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenL ...) NOT-FOR-US: FreeBSD and OpenLinux -CVE-2002-0759 +CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1 ...) NOT-FOR-US: FreeBSD and OpenLinux -CVE-2002-0758 +CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote a ...) NOT-FOR-US: SUSE specific -CVE-2002-0755 +CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...) NOT-FOR-US: FreeBSD -CVE-2002-0754 +CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...) NOT-FOR-US: FreeBSD -CVE-2002-0748 +CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...) NOT-FOR-US: Labview -CVE-2002-0741 +CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU c ...) NOT-FOR-US: psyBNC -CVE-2002-0738 +CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from arc ...) {DSA-163} - mhonarc 2.5.11-1 -CVE-2002-0737 +CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...) NOT-FOR-US: Sambar web server -CVE-2002-0736 +CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...) NOT-FOR-US: Microsoft -CVE-2002-0734 +CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly loa ...) NOT-FOR-US: B2 -CVE-2002-0733 +CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows r ...) - thttpd 2.21 -CVE-2002-0729 +CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...) NOT-FOR-US: Microsoft -CVE-2002-0727 +CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and 20 ...) NOT-FOR-US: Microsoft -CVE-2002-0726 +CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...) NOT-FOR-US: Microsoft -CVE-2002-0722 +CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft -CVE-2002-0720 +CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...) NOT-FOR-US: Microsoft -CVE-2002-0719 +CVE-2002-0719 (SQL injection vulnerability in the function that services for Microsof ...) NOT-FOR-US: Microsoft -CVE-2002-0718 +CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) 20 ...) NOT-FOR-US: Microsoft -CVE-2002-0716 +CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5. ...) NOT-FOR-US: SCO OpenServer -CVE-2002-0714 +CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresse ...) - squid 2.4.6 -CVE-2002-0710 +CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier all ...) NOT-FOR-US: sendform.cgi -CVE-2002-0704 +CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ("iptab ...) NOTE: kernel netfilter bug, not in user space NOTE: this is fixed in kernel 2.4.20 - kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant) -CVE-2002-0703 +CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...) - perl 5.8.0-7 (bug #282527) -CVE-2002-0701 +CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process wi ...) NOT-FOR-US: BSD -CVE-2002-0700 +CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...) NOT-FOR-US: Microsoft -CVE-2002-0698 +CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchang ...) NOT-FOR-US: Microsoft -CVE-2002-0697 +CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...) NOT-FOR-US: Microsoft -CVE-2002-0696 +CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files wit ...) NOT-FOR-US: Microsoft -CVE-2002-0695 +CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Mi ...) NOT-FOR-US: Microsoft -CVE-2002-0694 +CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Mil ...) NOT-FOR-US: Microsoft -CVE-2002-0692 +CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft Fron ...) NOT-FOR-US: Microsoft -CVE-2002-0691 +CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ex ...) NOT-FOR-US: Microsoft -CVE-2002-0688 +CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...) {DSA-490} - zope 2.6.0-0.1 -CVE-2002-0687 +CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 al ...) - zope 2.5.1b2 -CVE-2002-0685 +CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for P ...) NOT-FOR-US: PGP Outlook Encryption Plug-In -CVE-2002-0682 +CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remot ...) - tomcat 4.0.4 -CVE-2002-0679 +CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC datab ...) NOT-FOR-US: CDE -CVE-2002-0678 +CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to overwr ...) NOT-FOR-US: CDE ToolTalk -CVE-2002-0676 +CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when downl ...) NOT-FOR-US: MacOS -CVE-2002-0674 +CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0673 +CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP pho ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0672 +CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 al ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0671 +CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0668 +CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0665 +CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to bypas ...) NOT-FOR-US: Microsoft -CVE-2002-0663 +CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Fi ...) NOT-FOR-US: Norton -CVE-2002-0662 +CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users t ...) {DSA-160} - scrollkeeper 0.3.11-2 -CVE-2002-0658 +CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to g ...) {DSA-137} - mm 1.1.3-7 -CVE-2002-0653 +CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ca ...) {DSA-135} - libapache-mod-ssl 2.8.9-2 -CVE-2002-0651 +CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and libb ...) - glibc 2.2.5-8 -CVE-2002-0650 +CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote a ...) NOT-FOR-US: microsoft -CVE-2002-0648 +CVE-2002-0648 (The legacy <script> data-island capability for XML in Microsoft ...) NOT-FOR-US: microsoft -CVE-2002-0647 +CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...) NOT-FOR-US: microsoft -CVE-2002-0642 +CVE-2002-0642 (The registry key containing the SQL Server service account information ...) NOT-FOR-US: microsoft -CVE-2002-0640 +CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...) - openssh 1:3.4 (high) -CVE-2002-0639 +CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote at ...) - openssh 1:3.4 (high) -CVE-2002-0638 +CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0631 +CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 thr ...) NOT-FOR-US: SGI -CVE-2002-0630 +CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Polycom -CVE-2002-0627 +CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote atta ...) NOT-FOR-US: Polycom -CVE-2002-0623 +CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Serve ...) NOT-FOR-US: Microsoft -CVE-2002-0622 +CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft Commer ...) NOT-FOR-US: Microsoft -CVE-2002-0621 +CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer u ...) NOT-FOR-US: Microsoft -CVE-2002-0619 +CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...) NOT-FOR-US: Microsoft -CVE-2002-0618 +CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Microsoft -CVE-2002-0617 +CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Microsoft -CVE-2002-0616 +CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Microsoft -CVE-2002-0615 +CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player 7. ...) NOT-FOR-US: Microsoft -CVE-2002-0613 +CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attacke ...) NOT-FOR-US: DNSTools -CVE-2002-0605 +CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,2 ...) NOT-FOR-US: Flash -CVE-2002-0601 +CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...) NOT-FOR-US: ISS -CVE-2002-0599 +CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentica ...) NOT-FOR-US: Blahz -CVE-2002-0598 +CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner grabb ...) NOT-FOR-US: Foundstone -CVE-2002-0597 +CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ca ...) NOT-FOR-US: Microsoft -CVE-2002-0594 +CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0576 +CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...) NOT-FOR-US: ColdFusion -CVE-2002-0575 +CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Ke ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0574 +CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to caus ...) NOT-FOR-US: FreeBSD -CVE-2002-0573 +CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solari ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0571 +CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access r ...) NOT-FOR-US: Oracle -CVE-2002-0569 +CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...) NOT-FOR-US: Oracle -CVE-2002-0567 +CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...) NOT-FOR-US: Oracle -CVE-2002-0553 +CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows r ...) NOT-FOR-US: SunShop -CVE-2002-0546 +CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...) NOT-FOR-US: Winamp -CVE-2002-0545 +CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...) NOT-FOR-US: Cisco -CVE-2002-0543 +CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server (abyssw ...) NOT-FOR-US: Aprelium -CVE-2002-0542 +CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0539 +CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...) NOT-FOR-US: Demarc -CVE-2002-0538 +CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrite ...) NOT-FOR-US: Symantec -CVE-2002-0536 +CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gp ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0532 +CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...) NOT-FOR-US: EMU -CVE-2002-0531 +CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...) NOT-FOR-US: EMU -CVE-2002-0516 +CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0513 +CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies o ...) NOT-FOR-US: popper_mod -CVE-2002-0512 +CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LI ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0511 +CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in Calde ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0506 +CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0505 +CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework authenti ...) NOT-FOR-US: Cisco -CVE-2002-0501 +CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ser ...) NOT-FOR-US: Posadis -CVE-2002-0497 +CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0495 +CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ex ...) NOT-FOR-US: csSearch -CVE-2002-0494 +CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 al ...) NOT-FOR-US: WebSight -CVE-2002-0493 +CVE-2002-0493 (Apache Tomcat may be started without proper security settings if error ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0490 +CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...) NOT-FOR-US: Instant Web Mail -CVE-2002-0488 +CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote att ...) NOT-FOR-US: Linux Directory Penguin -CVE-2002-0484 +CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base directo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0473 +CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0464 +CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and earl ...) NOT-FOR-US: Hosting Controller -CVE-2002-0463 +CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...) NOT-FOR-US: ARSC -CVE-2002-0462 +CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Modul ...) NOT-FOR-US: Big Sam -CVE-2002-0454 +CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0451 +CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attacker ...) NOT-FOR-US: PHProjekt -CVE-2002-0445 +CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to obt ...) NOT-FOR-US: PHP FirstPost -CVE-2002-0444 +CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial versio ...) NOT-FOR-US: Windows -CVE-2002-0443 +CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that pr ...) NOT-FOR-US: Windows -CVE-2002-0442 +CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0441 +CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...) NOT-FOR-US: PHP Imglist -CVE-2002-0437 +CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attacke ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0435 +CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) directo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0431 +CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU consump ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0429 +CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.2.20 <removed> -CVE-2002-0425 +CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive inf ...) NOT-FOR-US: mIRC -CVE-2002-0424 +CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, exec ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0423 +CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0414 +CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, an ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0412 +CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0406 +CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...) NOT-FOR-US: SPHERE -CVE-2002-0404 +CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0403 +CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0402 +CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0401 +CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0400 +CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0398 +CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...) NOT-FOR-US: Red-M -CVE-2002-0397 +CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, a ...) NOT-FOR-US: Red-M -CVE-2002-0396 +CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...) NOT-FOR-US: Red-M -CVE-2002-0395 +CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be dis ...) NOT-FOR-US: Red-M -CVE-2002-0394 +CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, w ...) NOT-FOR-US: Red-M -CVE-2002-0392 +CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remot ...) - apache2 2.0.37 -CVE-2002-0391 +CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating sy ...) {DSA-333 DSA-149 DSA-146 DSA-143 DSA-142} - acm 5.0-10 - glibc 2.2.5-13 - dietlibc 0.20-0cvs20020808 - krb5 1.2.5-2 - openafs 1.2.6-1 -CVE-2002-0389 +CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable fil ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0387 +CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module f ...) NOT-FOR-US: Sun -CVE-2002-0384 +CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0382 +CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0381 +CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0380 +CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers t ...) {DSA-255} - tcpdump 3.7.1-1.2 -CVE-2002-0379 +CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ima ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0377 +CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and group-wri ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0376 +CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...) NOT-FOR-US: Apple -CVE-2002-0374 +CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap P ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0373 +CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows M ...) NOT-FOR-US: Microsoft -CVE-2002-0372 +CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player f ...) NOT-FOR-US: Microsoft -CVE-2002-0369 +CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to c ...) NOT-FOR-US: Microsoft -CVE-2002-0368 +CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers t ...) NOT-FOR-US: Microsoft -CVE-2002-0367 +CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not p ...) NOT-FOR-US: Microsoft -CVE-2002-0366 +CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows N ...) NOT-FOR-US: Microsoft -CVE-2002-0364 +CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...) NOT-FOR-US: Microsoft -CVE-2002-0363 +CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0362 +CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows re ...) NOT-FOR-US: AOL -CVE-2002-0359 +CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allo ...) NOT-FOR-US: IRIX -CVE-2002-0358 +CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows loca ...) NOT-FOR-US: MediaMail -CVE-2002-0357 +CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0356 +CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0355 +CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...) NOT-FOR-US: SGI -CVE-2002-0339 +CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enab ...) NOT-FOR-US: Cisco -CVE-2002-0330 +CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin B ...) NOT-FOR-US: OpenBB -CVE-2002-0329 +CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ear ...) NOT-FOR-US: Snitz -CVE-2002-0318 +CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0313 +CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...) NOT-FOR-US: Essentia -CVE-2002-0309 +CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the fi ...) NOT-FOR-US: Symantec -CVE-2002-0302 +CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops l ...) NOT-FOR-US: Symantec -CVE-2002-0300 +CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0299 +CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code v ...) NOT-FOR-US: CatchUp -CVE-2002-0292 +CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in S ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0290 +CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...) NOT-FOR-US: WebNews -CVE-2002-0287 +CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, w ...) NOT-FOR-US: pforum -CVE-2002-0276 +CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, w ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0275 +CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to by ...) NOT-FOR-US: Falcon -CVE-2002-0274 +CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a b ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0267 +CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before 0.3 ...) NOT-FOR-US: SIPS -CVE-2002-0265 +CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...) NOT-FOR-US: Sawmill -CVE-2002-0251 +CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0250 +CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through J3210 ...) NOT-FOR-US: HP -CVE-2002-0246 +CVE-2002-0246 (Format string vulnerability in the message catalog library functions i ...) NOT-FOR-US: UnixWare -CVE-2002-0241 +CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...) NOT-FOR-US: Cisco -CVE-2002-0237 +CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Age ...) NOT-FOR-US: ISS -CVE-2002-0226 +CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...) NOT-FOR-US: DCForum -CVE-2002-0213 +CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ar ...) NOT-FOR-US: Xinet -CVE-2002-0211 +CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...) NOT-FOR-US: Tarantella -CVE-2002-0209 +CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (S ...) NOT-FOR-US: Nortel -CVE-2002-0207 +CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows rem ...) NOT-FOR-US: Real Networks -CVE-2002-0197 +CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted ...) NOT-FOR-US: psyBNC -CVE-2002-0196 +CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the se ...) NOT-FOR-US: ACD -CVE-2002-0193 +CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to exe ...) NOT-FOR-US: Microsoft -CVE-2002-0191 +CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft -CVE-2002-0190 +CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft -CVE-2002-0188 +CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to exe ...) NOT-FOR-US: Microsoft -CVE-2002-0187 +CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of Microsof ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0186 +CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...) NOT-FOR-US: Microsoft -CVE-2002-0185 +CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly import ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0184 +CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0181 +CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HO ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0179 +CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0178 +CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0176 +CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly hand ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0175 +CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection again ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0174 +CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrar ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0173 +CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Softw ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0172 +CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecu ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0171 +CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0170 +CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for objec ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0169 +CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0168 +CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0167 +CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0166 +CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0163 +CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0160 +CVE-2002-0160 (The administration function in Cisco Secure Access Control Server (ACS ...) NOT-FOR-US: Cisco -CVE-2002-0159 +CVE-2002-0159 (Format string vulnerability in the administration function in Cisco Se ...) NOT-FOR-US: Cisco -CVE-2002-0158 +CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0157 +CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary f ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0155 +CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...) NOT-FOR-US: Microsoft -CVE-2002-0153 +CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...) NOT-FOR-US: Microsoft -CVE-2002-0152 +CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...) NOT-FOR-US: Microsoft -CVE-2002-0151 +CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows op ...) NOT-FOR-US: Microsoft -CVE-2002-0150 +CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) NOT-FOR-US: Microsoft -CVE-2002-0149 +CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 an ...) NOT-FOR-US: Microsoft -CVE-2002-0148 +CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server (IIS ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0147 +CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet Informa ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0146 +CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the maxim ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0143 +CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0139 +CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect t ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0128 +CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0123 +CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, an ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0121 +CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0120 +CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup fil ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0117 +CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0115 +CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, whi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0111 +CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0107 +CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0098 +CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! Stand ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0097 +CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0096 +CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments rec ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0095 +CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0094 +CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0092 +CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, whic ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0090 +CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0083 +CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0082 +CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0081 +CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0080 +CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups b ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0079 +CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0078 +CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...) NOT-FOR-US: Microsoft -CVE-2002-0076 +CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote attacke ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0075 +CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server (II ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0074 +CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for In ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0073 +CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...) NOT-FOR-US: Microsoft -CVE-2002-0072 +CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0071 +CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR scr ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0070 +CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...) NOT-FOR-US: Microsoft -CVE-2002-0069 +CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0068 +CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0067 +CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even whe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0066 +CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that do ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0065 +CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host p ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0064 +CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions fo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0063 +CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow at ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0062 +CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0061 +CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0060 +CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for L ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0059 +CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0057 +CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...) NOT-FOR-US: Microsoft -CVE-2002-0055 +CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and E ...) NOT-FOR-US: Microsoft -CVE-2002-0054 +CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Conne ...) NOT-FOR-US: Microsoft -CVE-2002-0052 +CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...) NOT-FOR-US: Microsoft -CVE-2002-0051 +CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new grou ...) NOT-FOR-US: Microsoft -CVE-2002-0050 +CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Serve ...) NOT-FOR-US: Microsoft -CVE-2002-0049 +CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives "Everyone" group ...) NOT-FOR-US: Microsoft -CVE-2002-0047 +CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a den ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0046 +CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0045 +CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0044 +CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitra ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0043 +CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment bef ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0042 +CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0040 +CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0038 +CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name servi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0036 +CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0033 +CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0032 +CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to exe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0028 +CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0027 +CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...) NOT-FOR-US: Microsoft -CVE-2002-0026 +CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restri ...) NOT-FOR-US: Microsoft -CVE-2002-0025 +CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Conte ...) NOT-FOR-US: Microsoft -CVE-2002-0024 +CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an att ...) NOT-FOR-US: Microsoft -CVE-2002-0023 +CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ar ...) NOT-FOR-US: Microsoft -CVE-2002-0022 +CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in mshtml.d ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0021 +CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...) NOT-FOR-US: Microsoft -CVE-2002-0020 +CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allow ...) NOT-FOR-US: Microsoft -CVE-2002-0018 +CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that recei ...) NOT-FOR-US: Microsoft -CVE-2002-0017 +CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0014 +CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0011 +CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0009 +CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0007 +CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0006 +CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0005 +CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0004 +CVE-2002-0004 (Heap corruption vulnerability in the "at" program allows local users t ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0003 +CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0002 +CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0654 +CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote a ...) - apache2 2.0.40 -CVE-2002-0652 +CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute a ...) NOT-FOR-US: IRIX -CVE-2002-0649 +CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL ...) NOT-FOR-US: Microsoft CVE-2002-0646 REJECTED -CVE-2002-0645 +CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL Ser ...) NOT-FOR-US: Microsoft -CVE-2002-0644 +CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for M ...) NOT-FOR-US: Microsoft -CVE-2002-0643 +CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsof ...) NOT-FOR-US: Microsoft -CVE-2002-0641 +CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) NOT-FOR-US: Microsoft -CVE-2002-0637 +CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) NOT-FOR-US: InterScan CVE-2002-0636 RESERVED @@ -4422,606 +4422,606 @@ CVE-2002-0634 REJECTED CVE-2002-0633 REJECTED -CVE-2002-0632 +CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier al ...) NOT-FOR-US: SGI -CVE-2002-0629 +CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Polycom -CVE-2002-0628 +CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not restr ...) NOT-FOR-US: Polycom -CVE-2002-0626 +CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the a ...) NOT-FOR-US: Polycom -CVE-2002-0624 +CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL S ...) NOT-FOR-US: Microsoft -CVE-2002-0620 +CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server 20 ...) NOT-FOR-US: Microsoft -CVE-2002-0614 +CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the w ...) NOT-FOR-US: PHP-Survey -CVE-2002-0612 +CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: FileSeek -CVE-2002-0611 +CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote attack ...) NOT-FOR-US: FileSeek -CVE-2002-0610 +CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properl ...) NOT-FOR-US: HP -CVE-2002-0609 +CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) NOT-FOR-US: HP -CVE-2002-0608 +CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to e ...) NOT-FOR-US: Matu -CVE-2002-0607 +CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows rem ...) NOT-FOR-US: Snitz -CVE-2002-0606 +CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) NOT-FOR-US: 3Cdaemon -CVE-2002-0604 +CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cau ...) NOT-FOR-US: Snapgear -CVE-2002-0603 +CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denia ...) NOT-FOR-US: Snapgear -CVE-2002-0602 +CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cau ...) NOT-FOR-US: Snapgear -CVE-2002-0600 +CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote m ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0596 +CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine t ...) NOT-FOR-US: WebTrends -CVE-2002-0595 +CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reportin ...) NOT-FOR-US: WebTrends -CVE-2002-0593 +CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0592 +CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files tha ...) NOT-FOR-US: AOL -CVE-2002-0591 +CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 b ...) NOT-FOR-US: AOL -CVE-2002-0590 +CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows r ...) NOT-FOR-US: IncrediBB -CVE-2002-0589 +CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) NOT-FOR-US: PVote -CVE-2002-0588 +CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted operations ...) NOT-FOR-US: PVote -CVE-2002-0587 +CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0586 +CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external data ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0585 +CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT pa ...) NOT-FOR-US: HP-UX -CVE-2002-0584 +CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) NOT-FOR-US: WorkforceROI -CVE-2002-0583 +CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric c ...) NOT-FOR-US: WorkforceROI -CVE-2002-0582 +CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a wor ...) NOT-FOR-US: WorkforceROI -CVE-2002-0581 +CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQ ...) NOT-FOR-US: WorkforceROI -CVE-2002-0580 +CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) NOT-FOR-US: WorkforceROI -CVE-2002-0579 +CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as a ...) NOT-FOR-US: WorkforceROI -CVE-2002-0578 +CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) NOT-FOR-US: 4D WebServer -CVE-2002-0577 +CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users t ...) NOT-FOR-US: HP-UX -CVE-2002-0572 +CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating system ...) NOT-FOR-US: FreeBSD -CVE-2002-0570 +CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0568 +CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) NOT-FOR-US: Oracle -CVE-2002-0566 +CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Oracle -CVE-2002-0565 +CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with wo ...) NOT-FOR-US: Oracle -CVE-2002-0564 +CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Oracle -CVE-2002-0563 +CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x allo ...) NOT-FOR-US: Oracle -CVE-2002-0562 +CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x runn ...) NOT-FOR-US: Oracle -CVE-2002-0561 +CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration int ...) NOT-FOR-US: Oracle -CVE-2002-0560 +CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Oracle -CVE-2002-0559 +CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application S ...) NOT-FOR-US: Oracle -CVE-2002-0558 +CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ear ...) NOT-FOR-US: TYPSoft -CVE-2002-0557 +CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the pass ...) NOT-FOR-US: OpenBSD -CVE-2002-0556 +CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) NOT-FOR-US: Quik-Serv -CVE-2002-0555 +CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an applic ...) NOT-FOR-US: IBM -CVE-2002-0554 +CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers t ...) NOT-FOR-US: IBM -CVE-2002-0552 +CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) NOT-FOR-US: Melange -CVE-2002-0551 +CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows rem ...) NOT-FOR-US: Dynamic Guestbook -CVE-2002-0550 +CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary cod ...) NOT-FOR-US: Dynamic Guestbook -CVE-2002-0549 +CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) NOT-FOR-US: Anthill -CVE-2002-0548 +CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) NOT-FOR-US: Anthill -CVE-2002-0547 +CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) NOT-FOR-US: Winamp -CVE-2002-0544 +CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administra ...) NOT-FOR-US: Aprelium -CVE-2002-0541 +CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Ag ...) NOT-FOR-US: Tivoli -CVE-2002-0540 +CVE-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) NOT-FOR-US: Nortel -CVE-2002-0537 +CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores password ...) NOT-FOR-US: SWS -CVE-2002-0535 +CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier al ...) NOT-FOR-US: PostBoard -CVE-2002-0534 +CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cau ...) NOT-FOR-US: PostBoard -CVE-2002-0533 +CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0530 +CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows r ...) NOT-FOR-US: Novell -CVE-2002-0529 +CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the hp_imaging_conn ...) NOT-FOR-US: HP/Apple -CVE-2002-0528 +CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP rest ...) NOT-FOR-US: Watchguard -CVE-2002-0527 +CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to caus ...) NOT-FOR-US: Watchguard -CVE-2002-0526 +CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, rel ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0525 +CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0524 +CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the abso ...) NOT-FOR-US: ASP-Nuke -CVE-2002-0523 +CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) NOT-FOR-US: ASP-Nuke -CVE-2002-0522 +CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass authenticat ...) NOT-FOR-US: ASP-Nuke -CVE-2002-0521 +CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) NOT-FOR-US: ASP-Nuke -CVE-2002-0520 +CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke R ...) NOT-FOR-US: ASP-Nuke -CVE-2002-0518 +CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeB ...) NOT-FOR-US: FreeBSD -CVE-2002-0517 +CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, Un ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0515 +CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0514 +CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) NOT-FOR-US: OpenBSD -CVE-2002-0510 +CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP Identificat ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0509 +CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allo ...) NOT-FOR-US: Oracle -CVE-2002-0508 +CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) NOT-FOR-US: wwwisis -CVE-2002-0507 +CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA Sec ...) NOT-FOR-US: Microsoft -CVE-2002-0504 +CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier doe ...) NOT-FOR-US: Citrix -CVE-2002-0503 +CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) NOT-FOR-US: Citrix -CVE-2002-0502 +CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications witho ...) NOT-FOR-US: Citrix -CVE-2002-0500 +CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) NOT-FOR-US: Microsoft -CVE-2002-0499 +CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0498 +CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 5 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0496 +CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0492 +CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0491 +CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the adm ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0489 +CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0487 +CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "se ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0486 +CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication info ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0485 +CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content filt ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0483 +CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to dete ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0482 +CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ver ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0481 +CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0480 +CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is co ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0479 +CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM200 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0478 +CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0477 +CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0476 +CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0475 +CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0474 +CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0472 +CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak auth ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0471 +CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code v ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0470 +CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and execut ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0469 +CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0468 +CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 200204 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0467 +CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0466 +CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0465 +CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting Contr ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0461 +CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a de ...) NOT-FOR-US: Microsoft -CVE-2002-0460 +CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a d ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0459 +CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0458 +CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0457 +CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0456 +CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0455 +CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0453 +CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0452 +CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0450 +CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0449 +CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0448 +CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to cau ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0447 +CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and e ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0446 +CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0440 +CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0439 +CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0438 +CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0436 +CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0434 +CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to exec ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0433 +CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an H ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0432 +CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/ ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0430 +CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration in ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0428 +CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows client ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0427 +CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0426 +CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router be ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0422 +CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to det ...) NOT-FOR-US: Microsoft -CVE-2002-0421 +CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) NOT-FOR-US: Microsoft -CVE-2002-0420 +CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, wh ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0419 +CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to obtai ...) NOT-FOR-US: Microsoft -CVE-2002-0418 +CVE-2002-0418 (Directory traversal vulnerability in the com.endymion.sake.servlet.mai ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0417 +CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0416 +CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0415 +CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0413 +CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0411 +CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0410 +CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0409 +CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as e ...) NOT-FOR-US: Microsoft -CVE-2002-0408 +CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configure ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0407 +CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0405 +CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0399 +CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0393 +CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0390 RESERVED -CVE-2002-0388 +CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow re ...) {DSA-147} - mailman 2.0.12-1 -CVE-2002-0386 +CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i Appli ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0385 +CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain se ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0383 RESERVED -CVE-2002-0378 +CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0375 +CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0371 +CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 t ...) NOT-FOR-US: Microsoft -CVE-2002-0370 +CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0365 RESERVED CVE-2002-0361 RESERVED -CVE-2002-0360 +CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0354 +CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0353 +CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0352 +CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0351 +CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x befor ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0350 +CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0349 +CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, wil ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0348 +CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0347 +CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0346 +CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0345 +CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0344 +CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernam ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0343 +CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including pass ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0342 +CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0341 +CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, al ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0340 +CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0338 +CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0337 +CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0336 +CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0335 +CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0334 +CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local us ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0333 +CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0332 +CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0331 +CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio Pr ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0328 +CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote at ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0327 +CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ro ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0326 +CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0325 +CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0324 +CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled allo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0323 +CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0322 +CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could al ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0321 +CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by m ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0320 +CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cau ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0319 +CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0317 +CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0316 +CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0315 +CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus al ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0314 +CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0312 +CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0311 +CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows l ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0310 +CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0308 +CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass authentic ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0307 +CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ( ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0306 +CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0305 +CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the S ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0304 +CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0303 +CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0301 +CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0298 +CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a deni ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0297 +CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0296 +CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to over ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0295 +CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, w ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0294 +CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid privileg ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0293 +CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain roo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0291 +CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0289 +CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0288 +CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0286 +CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0285 +CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0284 +CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0283 +CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0282 +CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0281 +CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0280 +CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0279 +CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for setr ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0278 +CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and earl ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0277 +CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to execut ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0273 +CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote auth ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0272 +CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly remo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0271 +CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0270 +CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0269 +CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document e ...) NOT-FOR-US: Microsoft -CVE-2002-0268 +CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0266 +CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the fu ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0264 +CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive accoun ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0263 +CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0262 +CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web se ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0261 +CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0260 +CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0259 +CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0258 +CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0257 +CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction De ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0256 +CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0255 +CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require authe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0254 +CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0253 +CVE-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ph ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0252 +CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0249 +CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0248 +CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files vi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0247 +CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ga ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0245 +CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0244 +CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0243 +CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0242 +CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier allo ...) NOT-FOR-US: Microsoft -CVE-2002-0240 +CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0239 +CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to exe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0238 +CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0236 +CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0235 +CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0234 +CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0233 +CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0232 +CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher (MRT ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0231 +CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to exe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0230 +CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0229 +CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0228 +CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) NOT-FOR-US: Microsoft -CVE-2002-0227 +CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0225 +CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) NOT-FOR-US: Cisco -CVE-2002-0224 +CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) NOT-FOR-US: Microsoft -CVE-2002-0223 +CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 th ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0222 +CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0221 +CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0220 +CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ar ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0219 +CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0218 +CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0217 +CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message Syst ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0216 +CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensit ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0215 +CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0214 +CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0212 +CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different e ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0210 +CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0208 +CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0206 +CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0205 +CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Cor ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0204 +CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0203 +CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0202 +CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure perm ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0201 +CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0200 +CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0199 +CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0198 +CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in oth ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0195 RESERVED @@ -5029,140 +5029,140 @@ CVE-2002-0194 RESERVED CVE-2002-0192 REJECTED -CVE-2002-0189 +CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows rem ...) NOT-FOR-US: Microsoft CVE-2002-0182 RESERVED -CVE-2002-0180 +CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse D ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0177 +CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0165 +CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0164 +CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux (XFree ...) {DSA-380} - xfree86 4.2.1-11 -CVE-2002-0162 +CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0161 RESERVED -CVE-2002-0154 +CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL Serve ...) NOT-FOR-US: Microsoft -CVE-2002-0145 +CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0144 +CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows remo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0142 +CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0141 +CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0140 +CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicio ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0138 +CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0137 +CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0136 +CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) NOT-FOR-US: Microsoft -CVE-2002-0135 +CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0134 +CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require authenticatio ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0133 +CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0132 +CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0131 +CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0130 +CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0129 +CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users t ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0127 +CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0126 +CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0125 +CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to execut ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0124 +CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0122 +CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a den ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0119 +CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0118 +CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0116 +CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0114 +CVE-2002-0114 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0113 +CVE-2002-0113 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0112 +CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected fi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0110 +CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication inform ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0109 +CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0108 +CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0106 +CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a den ...) NOT-FOR-US: BEA WebLogic -CVE-2002-0105 +CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating sy ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0104 +CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0103 +CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates executab ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0102 +CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0101 +CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to caus ...) NOT-FOR-US: Microsoft -CVE-2002-0100 +CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentica ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0099 +CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0093 +CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0091 +CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attacke ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0089 +CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local use ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0088 +CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local use ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0087 +CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0086 +CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0085 +CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a d ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0084 +CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0077 +CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked o ...) NOT-FOR-US: Microsoft -CVE-2002-0058 +CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote maliciou ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0056 +CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0053 +CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows N ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0048 +CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0041 +CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and po ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0039 +CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0037 +CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass th ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0035 REJECTED -CVE-2002-0034 +CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windo ...) NOT-FOR-US: Microsoft -CVE-2002-0031 +CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0030 +CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0029 +CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 th ...) {DSA-196} - bind9 <not-affected> - bind 1:8.3.3-3 @@ -5172,13 +5172,13 @@ CVE-2002-0016 RESERVED CVE-2002-0015 RESERVED -CVE-2002-0013 +CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of SN ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0012 +CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0010 +CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0008 +CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user com ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0001 +CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) NOT-FOR-US: Data pre-dating the Security Tracker |