diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
| commit | b52483e988b611ffa7ff016030b0a61101f28219 (patch) | |
| tree | 440ead7c2c2cb0bf02ecc5929bee37f271401d72 /data/CVE/2002.list | |
| parent | 48e42f485f4e01f92211c58abc88e5304d6a9667 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2002.list')
| -rw-r--r-- | data/CVE/2002.list | 4704 |
1 files changed, 2352 insertions, 2352 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 3d28749420..6af08a4d2c 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,8 +1,8 @@ CVE-2002-2447 RESERVED -CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of ...) +CVE-2002-2446 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password ...) +CVE-2002-2445 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2483 - linux-2.6 2.4.20 @@ -11,7 +11,7 @@ CVE-2002-2444 [snoopy: Security hole in exec cURL] - libphp-snoopy <not-affected> (affected version never was in the repo) NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2 NOTE: http://sourceforge.net/p/snoopy/bugs/13/ -CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...) +CVE-2002-2443 {DSA-2701-1} - krb5 1.10.1+dfsg-6 (bug #708267) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 @@ -44,648 +44,648 @@ CVE-2002-2439 CVE-2002-2438 RESERVED NOT-FOR-US: ancient linux 2.4 issue -CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, ...) +CVE-2002-2437 - iceweasel 4.0-1 (unimportant) -CVE-2002-2436 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox ...) +CVE-2002-2436 - iceweasel 4.0-1 (unimportant) -CVE-2002-2435 (The Cascading Style Sheets (CSS) implementation in Microsoft Internet ...) +CVE-2002-2435 NOT-FOR-US: Internet Explorer -CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...) +CVE-2002-2434 NOT-FOR-US: Novell NetWare -CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...) +CVE-2002-2433 NOT-FOR-US: Novell NetWare -CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...) +CVE-2002-2432 NOT-FOR-US: Novell NetWare -CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows ...) +CVE-2002-2431 NOT-FOR-US: GoAhead WebServer -CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a ...) +CVE-2002-2430 NOT-FOR-US: GoAhead WebServer -CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...) +CVE-2002-2429 NOT-FOR-US: GoAhead WebServer -CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...) +CVE-2002-2428 NOT-FOR-US: GoAhead WebServer -CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote ...) +CVE-2002-2427 NOT-FOR-US: GoAhead WebServer -CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...) +CVE-2002-2426 NOT-FOR-US: predating security tracker -CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute ...) +CVE-2002-2425 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 ...) +CVE-2002-2424 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 ...) +CVE-2002-2423 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management ...) +CVE-2002-2422 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service ...) +CVE-2002-2421 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ...) +CVE-2002-2420 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote ...) +CVE-2002-2419 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) ...) +CVE-2002-2418 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is ...) +CVE-2002-2417 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows ...) +CVE-2002-2416 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote ...) +CVE-2002-2415 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not ...) +CVE-2002-2414 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...) +CVE-2002-2413 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1) ...) +CVE-2002-2412 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...) +CVE-2002-2411 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive ...) +CVE-2002-2410 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...) +CVE-2002-2409 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ...) +CVE-2002-2408 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) ...) +CVE-2002-2407 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 ...) +CVE-2002-2406 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth ...) +CVE-2002-2405 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote ...) +CVE-2002-2404 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows ...) +CVE-2002-2403 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community ...) +CVE-2002-2402 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...) +CVE-2002-2401 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 ...) +CVE-2002-2400 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail ...) +CVE-2002-2399 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote ...) +CVE-2002-2398 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass ...) +CVE-2002-2397 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed ...) +CVE-2002-2396 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...) +CVE-2002-2395 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote ...) +CVE-2002-2394 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...) +CVE-2002-2393 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file ...) +CVE-2002-2392 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in ...) +CVE-2002-2391 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, ...) +CVE-2002-2390 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document ...) +CVE-2002-2389 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...) +CVE-2002-2388 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows ...) +CVE-2002-2387 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...) +CVE-2002-2386 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...) +CVE-2002-2385 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in ...) +CVE-2002-2384 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...) +CVE-2002-2383 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...) +CVE-2002-2382 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add ...) +CVE-2002-2381 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows ...) +CVE-2002-2380 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2379 (** DISPUTED ** ...) +CVE-2002-2379 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows ...) +CVE-2002-2378 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 ...) +CVE-2002-2377 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...) +CVE-2002-2376 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and ...) +CVE-2002-2375 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...) +CVE-2002-2374 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility ...) +CVE-2002-2373 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before ...) +CVE-2002-2372 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause ...) +CVE-2002-2371 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...) +CVE-2002-2370 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password ...) +CVE-2002-2369 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow ...) +CVE-2002-2368 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows ...) +CVE-2002-2367 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 ...) +CVE-2002-2366 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...) +CVE-2002-2365 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...) +CVE-2002-2364 NOT-FOR-US: not processed, predates tracker -CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow ...) +CVE-2002-2363 NOT-FOR-US: not processed, predates tracker -CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in ...) +CVE-2002-2362 NOT-FOR-US: not processed, predates tracker -CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify ...) +CVE-2002-2361 NOT-FOR-US: not processed, predates tracker -CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without ...) +CVE-2002-2360 NOT-FOR-US: not processed, predates tracker -CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...) +CVE-2002-2359 NOT-FOR-US: not processed, predates tracker -CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...) +CVE-2002-2358 NOT-FOR-US: not processed, predates tracker -CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a ...) +CVE-2002-2357 NOT-FOR-US: not processed, predates tracker -CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative ...) +CVE-2002-2356 NOT-FOR-US: not processed, predates tracker -CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to ...) +CVE-2002-2355 NOT-FOR-US: not processed, predates tracker -CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers ...) +CVE-2002-2354 NOT-FOR-US: not processed, predates tracker -CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write ...) +CVE-2002-2353 NOT-FOR-US: not processed, predates tracker -CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...) +CVE-2002-2352 NOT-FOR-US: not processed, predates tracker -CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and ...) +CVE-2002-2351 NOT-FOR-US: not processed, predates tracker -CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in ...) +CVE-2002-2350 NOT-FOR-US: not processed, predates tracker -CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which ...) +CVE-2002-2349 NOT-FOR-US: not processed, predates tracker -CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR ...) +CVE-2002-2348 NOT-FOR-US: not processed, predates tracker -CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page ...) +CVE-2002-2347 NOT-FOR-US: not processed, predates tracker -CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...) +CVE-2002-2346 NOT-FOR-US: not processed, predates tracker -CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator ...) +CVE-2002-2345 NOT-FOR-US: not processed, predates tracker -CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail ...) +CVE-2002-2344 NOT-FOR-US: not processed, predates tracker -CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 ...) +CVE-2002-2343 NOT-FOR-US: not processed, predates tracker -CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ...) +CVE-2002-2342 NOT-FOR-US: not processed, predates tracker -CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in ...) +CVE-2002-2341 NOT-FOR-US: not processed, predates tracker -CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a ...) +CVE-2002-2340 NOT-FOR-US: not processed, predates tracker -CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in ...) +CVE-2002-2339 NOT-FOR-US: not processed, predates tracker -CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape ...) +CVE-2002-2338 NOT-FOR-US: not processed, predates tracker -CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block ...) +CVE-2002-2337 NOT-FOR-US: not processed, predates tracker -CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically ...) +CVE-2002-2336 NOT-FOR-US: not processed, predates tracker -CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web ...) +CVE-2002-2335 NOT-FOR-US: not processed, predates tracker -CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user ...) +CVE-2002-2334 NOT-FOR-US: not processed, predates tracker -CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows ...) +CVE-2002-2333 NOT-FOR-US: not processed, predates tracker -CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a ...) +CVE-2002-2332 NOT-FOR-US: not processed, predates tracker -CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...) +CVE-2002-2331 NOT-FOR-US: not processed, predates tracker -CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 ...) +CVE-2002-2330 NOT-FOR-US: not processed, predates tracker -CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a ...) +CVE-2002-2329 NOT-FOR-US: not processed, predates tracker -CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V ...) +CVE-2002-2328 NOT-FOR-US: not processed, predates tracker -CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...) +CVE-2002-2327 NOT-FOR-US: not processed, predates tracker -CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 ...) +CVE-2002-2326 NOT-FOR-US: not processed, predates tracker -CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated ...) +CVE-2002-2325 NOT-FOR-US: not processed, predates tracker -CVE-2002-2324 (The "System Restore" directory and subdirectories, and possibly other ...) +CVE-2002-2324 NOT-FOR-US: not processed, predates tracker -CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access ...) +CVE-2002-2323 NOT-FOR-US: not processed, predates tracker -CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...) +CVE-2002-2322 NOT-FOR-US: not processed, predates tracker -CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ...) +CVE-2002-2321 NOT-FOR-US: not processed, predates tracker -CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email ...) +CVE-2002-2320 NOT-FOR-US: not processed, predates tracker -CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews ...) +CVE-2002-2319 NOT-FOR-US: not processed, predates tracker -CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server ...) +CVE-2002-2318 NOT-FOR-US: not processed, predates tracker -CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in ...) +CVE-2002-2317 NOT-FOR-US: not processed, predates tracker -CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and ...) +CVE-2002-2316 NOT-FOR-US: not processed, predates tracker -CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ...) +CVE-2002-2315 NOT-FOR-US: not processed, predates tracker -CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other ...) +CVE-2002-2314 NOT-FOR-US: not processed, predates tracker -CVE-2002-2313 (Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows ...) +CVE-2002-2313 NOT-FOR-US: not processed, predates tracker -CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents ...) +CVE-2002-2312 NOT-FOR-US: not processed, predates tracker -CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote ...) +CVE-2002-2311 NOT-FOR-US: not processed, predates tracker -CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web ...) +CVE-2002-2310 NOT-FOR-US: not processed, predates tracker -CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ...) +CVE-2002-2309 NOT-FOR-US: not processed, predates tracker -CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial ...) +CVE-2002-2308 NOT-FOR-US: not processed, predates tracker -CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...) +CVE-2002-2307 NOT-FOR-US: not processed, predates tracker -CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...) +CVE-2002-2306 NOT-FOR-US: KaZaA Media Desktop -CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows ...) +CVE-2002-2305 NOT-FOR-US: Immobilier -CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in ...) +CVE-2002-2304 NOT-FOR-US: MyPHPLinks -CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...) +CVE-2002-2303 NOT-FOR-US: ShopFactory -CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify ...) +CVE-2002-2302 NOT-FOR-US: ShopFactory -CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...) +CVE-2002-2301 NOT-FOR-US: Lawson Financials -CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com ...) +CVE-2002-2300 NOT-FOR-US: 3Com NBX ftpd -CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware ...) +CVE-2002-2299 NOT-FOR-US: Thatware -CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3 ...) +CVE-2002-2298 NOT-FOR-US: Thatware -CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware ...) +CVE-2002-2297 NOT-FOR-US: Thatware -CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another ...) +CVE-2002-2296 NOT-FOR-US: YABB -CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 ...) +CVE-2002-2295 NOT-FOR-US: Pico Server -CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, ...) +CVE-2002-2294 NOT-FOR-US: Symantec Raptor -CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...) +CVE-2002-2293 NOT-FOR-US: Webshots Desktop screensaver -CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon ...) +CVE-2002-2292 NOT-FOR-US: Remote Console Applet in Halycon -CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ...) +CVE-2002-2291 NOT-FOR-US: Calisto Internet Talker -CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...) +CVE-2002-2290 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows ...) +CVE-2002-2289 NOT-FOR-US: BadBlue -CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the ...) +CVE-2002-2288 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB ...) +CVE-2002-2287 NOT-FOR-US: phpBB Advanced Quick Reply Hack -CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote ...) +CVE-2002-2286 NOT-FOR-US: apt-www-proxy -CVE-2002-2285 (eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may ...) +CVE-2002-2285 NOT-FOR-US: eTrust -CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to ...) +CVE-2002-2284 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not ...) +CVE-2002-2283 NOT-FOR-US: Microsoft Windows XP -CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, ...) +CVE-2002-2282 NOT-FOR-US: McAfee VirusScan -CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator ...) +CVE-2002-2281 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP ...) +CVE-2002-2280 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...) +CVE-2002-2279 NOT-FOR-US: aldap -CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in ...) +CVE-2002-2278 NOT-FOR-US: PortailPHP -CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...) +CVE-2002-2277 NOT-FOR-US: PortailPHP -CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the ...) +CVE-2002-2276 NOT-FOR-US: PHP Board -CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the ...) +CVE-2002-2275 NOT-FOR-US: Fortres -CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the ...) +CVE-2002-2274 NOT-FOR-US: akfingerd -CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...) +CVE-2002-2273 NOT-FOR-US: Webster HTTP Server -CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 ...) +CVE-2002-2272 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client ...) +CVE-2002-2271 NOT-FOR-US: BigFun -CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and ...) +CVE-2002-2270 NOT-FOR-US: HP-UX -CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...) +CVE-2002-2269 NOT-FOR-US: Webster HTTP Server -CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to ...) +CVE-2002-2268 NOT-FOR-US: Webster HTTP Server -CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite ...) +CVE-2002-2267 - bogofilter 0.9.0.5 -CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or ...) +CVE-2002-2266 NOT-FOR-US: NetScreen -CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of Open ...) +CVE-2002-2265 NOT-FOR-US: Open Source Internet Solutions -CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...) +CVE-2002-2264 NOT-FOR-US: Internet Group Management Protocol -CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 ...) +CVE-2002-2263 NOT-FOR-US: HP-UX Visualize Conference -CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...) +CVE-2002-2262 NOT-FOR-US: HP-UX xntpd -CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass ...) +CVE-2002-2261 - sendmail 8.12.7 -CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in ...) +CVE-2002-2260 {DSA-218} - bugzilla 2.14.2-1 -CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in ...) +CVE-2002-2259 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...) +CVE-2002-2258 NOT-FOR-US: Moby NetSuite -CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...) +CVE-2002-2257 NOT-FOR-US: libcgi NOTE: this is another libcgi than the one we ship -CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...) +CVE-2002-2256 NOT-FOR-US: pWins -CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...) +CVE-2002-2255 - phpbb2 2.0.13-6sarge3 NOTE: might be fixed in prior versions -CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...) +CVE-2002-2254 - linux-2.6 <not-affected> (Fixed before initial upload into the archive, during 2.4) -CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...) +CVE-2002-2253 - libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded) -CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...) +CVE-2002-2252 NOT-FOR-US: Thatware -CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...) +CVE-2002-2251 NOT-FOR-US: Marcos Luiz Onisto -CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...) +CVE-2002-2250 NOT-FOR-US: Sybase -CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...) +CVE-2002-2249 NOT-FOR-US: News Evolution -CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...) +CVE-2002-2248 NOT-FOR-US: Netscape -CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...) +CVE-2002-2247 NOT-FOR-US: Mambo NOTE: mambo is in experimental -CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...) +CVE-2002-2246 NOT-FOR-US: VisNetic Website -CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...) +CVE-2002-2245 NOT-FOR-US: NetBSD ftpd -CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...) +CVE-2002-2244 NOT-FOR-US: Akfingerd -CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...) +CVE-2002-2243 NOT-FOR-US: Akfingerd -CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...) +CVE-2002-2242 NOT-FOR-US: Apple Package Manager of KisMAC -CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...) +CVE-2002-2241 NOT-FOR-US: Deerfield VisNetic WebSite -CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...) +CVE-2002-2240 NOT-FOR-US: MyServer -CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...) +CVE-2002-2239 NOT-FOR-US: Cisco -CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...) +CVE-2002-2238 NOT-FOR-US: Kunani ODBC FTP Server -CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...) +CVE-2002-2237 NOT-FOR-US: tftp32 TFTP -CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...) +CVE-2002-2236 NOT-FOR-US: apt-www-proxy -CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...) +CVE-2002-2235 NOT-FOR-US: vBulletin -CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...) +CVE-2002-2234 NOT-FOR-US: NetScreen ScreenOS -CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...) +CVE-2002-2233 NOT-FOR-US: Enceladus Server Suite -CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...) +CVE-2002-2232 NOT-FOR-US: Enceladus Server Suite -CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...) +CVE-2002-2231 NOT-FOR-US: Ikonboard -CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...) +CVE-2002-2230 NOT-FOR-US: Ikonboard -CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...) +CVE-2002-2229 NOT-FOR-US: WebReflex -CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...) +CVE-2002-2228 - mailscanner 4.22.5-1 -CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers ...) +CVE-2002-2227 - ssldump 0.9b3-1 (low) -CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...) +CVE-2002-2226 NOT-FOR-US: Tftpd32 -CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...) +CVE-2002-2225 NOT-FOR-US: SafeNet VPN -CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...) +CVE-2002-2224 NOT-FOR-US: PGPFreeware -CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...) +CVE-2002-2223 NOT-FOR-US: NetScreen-Remote -CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) +CVE-2002-2222 NOT-FOR-US: FreeBSD -CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...) +CVE-2002-2221 - chetcpasswd <removed> (medium) -CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when ...) +CVE-2002-2220 - chetcpasswd <removed> (medium) -CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...) +CVE-2002-2219 - chetcpasswd <removed> (low) -CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in ...) +CVE-2002-2218 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) +CVE-2002-2217 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...) +CVE-2002-2216 NOT-FOR-US: 04WebServer -CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...) +CVE-2002-2215 - php4 4:4.3.2+rc3-1 -CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...) +CVE-2002-2214 - php4 4:4.3.2+rc3-1 -CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...) +CVE-2002-2213 NOT-FOR-US: Infoblox DNS One -CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...) +CVE-2002-2212 NOT-FOR-US: Fujitsu UXP/V -CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...) +CVE-2002-2211 - bind <removed> (unimportant) - bind9 <not-affected> (does not send parallel queries) NOTE: Disabling recursion does not close all attack vectors. NOTE: Browser reflection attacks will still work. NOTE: Bind 8 design limitations that are only addressed in bind 9 are not NOTE: treated a security issues, DNS admins need to be aware what they are using -CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...) +CVE-2002-2210 - openoffice.org 1.0.2 -CVE-2002-2209 (Unspecified "security vulnerability" in Baby FTP Server versions ...) +CVE-2002-2209 NOT-FOR-US: Baby FTP Server -CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...) +CVE-2002-2208 NOT-FOR-US: IOS -CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...) +CVE-2002-2207 - ssldump 0.9b3 -CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...) +CVE-2002-2206 NOT-FOR-US: Norton AntiVirus -CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...) +CVE-2002-2205 NOT-FOR-US: webresolve -CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...) +CVE-2002-2204 NOTE: verified with rpm 4.4.1, but this can hardly affect debian at NOTE: all since it requires rpm be configured to trust some key, NOTE: which in debian requires a manual and non-documented NOTE: initialization of the rpm database which is not configured in NOTE: the package -CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) +CVE-2002-2203 NOT-FOR-US: Solaris -CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...) +CVE-2002-2202 NOT-FOR-US: Outlook Express -CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...) +CVE-2002-2201 - webmin 1.000 (high) -CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...) +CVE-2002-2200 NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM) -CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...) +CVE-2002-2199 NOTE: freebsd misconfiguration -CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...) +CVE-2002-2198 - zmailer 2.99.56-1 (high) NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian. -CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...) +CVE-2002-2197 NOT-FOR-US: Solaris -CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the ...) +CVE-2002-2196 - samba 2.2.5 (high) -CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...) +CVE-2002-2195 NOT-FOR-US: Winamp CVE-2002-2194 REJECTED -CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...) +CVE-2002-2193 NOT-FOR-US: Mojo Mail -CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...) +CVE-2002-2192 NOT-FOR-US: Perception LiteServe -CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...) +CVE-2002-2191 NOT-FOR-US: (Lotus Domino -CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...) +CVE-2002-2190 NOT-FOR-US: ArtsCore Studios CuteCast Forum -CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...) +CVE-2002-2189 NOT-FOR-US: ActiveXperts Software ActiveWebserver -CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...) +CVE-2002-2188 NOT-FOR-US: OpenBSD kernel -CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, ...) +CVE-2002-2187 NOT-FOR-US: Macromedia JRun -CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...) +CVE-2002-2186 NOT-FOR-US: Macromedia JRun -CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...) +CVE-2002-2185 NOTE: fixed in IRIX.. -CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) +CVE-2002-2184 NOT-FOR-US: DigiChat -CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) +CVE-2002-2183 NOT-FOR-US: phpShare -CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...) +CVE-2002-2182 NOT-FOR-US: MSN666 -CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...) +CVE-2002-2181 NOT-FOR-US: SonicWall -CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...) +CVE-2002-2180 NOT-FOR-US: OpenBSD kernel -CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...) +CVE-2002-2179 NOT-FOR-US: ClearPath MCP -CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...) +CVE-2002-2178 NOT-FOR-US: phpWebSite -CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...) +CVE-2002-2177 NOT-FOR-US: BEA -CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...) +CVE-2002-2176 NOT-FOR-US: Gender MOD -CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...) +CVE-2002-2175 NOT-FOR-US: phpSquidPass -CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...) +CVE-2002-2174 NOT-FOR-US: 602Pro LAN SUITE -CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...) +CVE-2002-2173 NOT-FOR-US: Cerulean Trillian -CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...) +CVE-2002-2172 NOT-FOR-US: Informed Designer, Informed Filler -CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...) +CVE-2002-2171 NOT-FOR-US: acWEB -CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...) +CVE-2002-2170 NOT-FOR-US: BadBlue Enterprise Edition -CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...) +CVE-2002-2169 NOT-FOR-US: AIM -CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...) +CVE-2002-2168 NOT-FOR-US: 123tkShop -CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...) +CVE-2002-2167 NOT-FOR-US: 123tkShop -CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...) +CVE-2002-2166 NOT-FOR-US: FuseTalk -CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...) +CVE-2002-2165 NOT-FOR-US: IMHO Webmail for Roxen -CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...) +CVE-2002-2164 NOT-FOR-US: MSIE -CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...) +CVE-2002-2163 NOT-FOR-US: KvPoll -CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...) +CVE-2002-2162 NOT-FOR-US: Cerulean Trillian -CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) +CVE-2002-2161 NOT-FOR-US: Kerio Personal Firewall CVE-2002-2160 REJECTED -CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...) +CVE-2002-2159 NOT-FOR-US: Linksys hardware -CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...) +CVE-2002-2158 NOT-FOR-US: zenTrack CVE-2002-2157 REJECTED -CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...) +CVE-2002-2156 NOT-FOR-US: Cerulean Trillian -CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...) +CVE-2002-2155 NOT-FOR-US: Cerulean Trillian -CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...) +CVE-2002-2154 NOT-FOR-US: Monkey HTTP Daemon -CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...) +CVE-2002-2153 NOT-FOR-US: Oracle Application Server -CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...) +CVE-2002-2152 NOT-FOR-US: Software602 CVE-2002-2151 REJECTED -CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...) +CVE-2002-2150 NOTE: SYN floods etc generally filed as issues in linux specifically NOTE: if it is affected -CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...) +CVE-2002-2149 NOT-FOR-US: Lucent Access Point -CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...) +CVE-2002-2148 NOT-FOR-US: Lucent MAX Router CVE-2002-2147 REJECTED -CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...) +CVE-2002-2146 NOT-FOR-US: Savant Web Server -CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...) +CVE-2002-2145 NOT-FOR-US: Savant Web Server -CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...) +CVE-2002-2144 NOT-FOR-US: BearShare -CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...) +CVE-2002-2143 NOT-FOR-US: MySimple News -CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...) +CVE-2002-2142 NOT-FOR-US: BEA -CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...) +CVE-2002-2141 NOT-FOR-US: BEA -CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...) +CVE-2002-2140 NOT-FOR-US: Cisco -CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...) +CVE-2002-2139 NOT-FOR-US: Cisco -CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...) +CVE-2002-2138 NOT-FOR-US: HP Advanced Server -CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...) +CVE-2002-2137 NOT-FOR-US: GlobalSunTech Wireless Access Points CVE-2002-2136 REJECTED CVE-2002-2135 REJECTED -CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...) +CVE-2002-2134 NOT-FOR-US: PEEL -CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...) +CVE-2002-2133 NOT-FOR-US: Telindus 1100 ASDL router -CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...) +CVE-2002-2132 NOT-FOR-US: Windows -CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...) +CVE-2002-2131 NOT-FOR-US: Perl-HTTPd -CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...) +CVE-2002-2130 - gallery 1.3.3 (high) -CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...) +CVE-2002-2129 NOT-FOR-US: w-Agora -CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...) +CVE-2002-2128 NOT-FOR-US: w-Agora -CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...) +CVE-2002-2127 NOT-FOR-US: Integrity Protection Driver (IPD) -CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) +CVE-2002-2126 NOT-FOR-US: Integrity Protection Driver (IPD) -CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) +CVE-2002-2125 NOT-FOR-US: MSIE -CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) +CVE-2002-2124 NOT-FOR-US: nylon CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - libnss-ldap 199-1 (bug #169793) @@ -693,353 +693,353 @@ CVE-2002-XXXX [sanitizer bypassal through quoted file names] - sanitizer 1.76-1 (bug #149799; medium) [sarge] - sanitizer <not-affected> (Sarge version already fixed) NOTE: This was fixed earlier in fact, but it's unknown when -CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...) +CVE-2002-2123 - gallery 1.3.3 -CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...) +CVE-2002-2122 NOT-FOR-US: Pointsec -CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...) +CVE-2002-2121 NOT-FOR-US: SurfControl -CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...) +CVE-2002-2120 NOT-FOR-US: QNX -CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) +CVE-2002-2119 NOT-FOR-US: Novell eDirectory -CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...) +CVE-2002-2118 NOT-FOR-US: Blue World Lasso Web Data Engine -CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...) +CVE-2002-2117 NOT-FOR-US: Microsoft -CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...) +CVE-2002-2116 NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers -CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...) +CVE-2002-2115 NOT-FOR-US: Hyper NIKKI System (HNS) Lite -CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...) +CVE-2002-2114 - netjuke 1.0b7 -CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...) +CVE-2002-2113 NOT-FOR-US: HTMLsearch -CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...) +CVE-2002-2112 NOT-FOR-US: RCA Digital Cable Modem -CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...) +CVE-2002-2111 NOT-FOR-US: Fwmon -CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...) +CVE-2002-2110 NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E -CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...) +CVE-2002-2109 NOTE: debian's nms-formmail is a reimplementation of old formmail -CVE-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony ...) +CVE-2002-2108 NOT-FOR-US: Sony VAIO -CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...) +CVE-2002-2107 NOT-FOR-US: OpenKeyServer -CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...) +CVE-2002-2106 NOT-FOR-US: WikkiTikkiTavi -CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...) +CVE-2002-2105 NOT-FOR-US: Microsoft -CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...) +CVE-2002-2104 NOT-FOR-US: Ganglia PHP RRD Web Client NOTE: not ganglia-monitor -CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...) +CVE-2002-2103 - apache 1.3.24 (low) -CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...) +CVE-2002-2102 - jzlib 0.0.7 (low) -CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...) +CVE-2002-2101 NOT-FOR-US: Microsoft -CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...) +CVE-2002-2100 NOT-FOR-US: Microsoft -CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...) +CVE-2002-2099 - ddd <not-affected> (ddd is not setuid/gid so not exploitable) -CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...) +CVE-2002-2098 NOT-FOR-US: Axspawn-pam -CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...) +CVE-2002-2097 - maradns 0.9.01 (low) -CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...) +CVE-2002-2096 NOT-FOR-US: Netware -CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...) +CVE-2002-2095 NOT-FOR-US: Joe Testa hellbent 01 webserver -CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...) +CVE-2002-2094 NOT-FOR-US: Joe Testa hellbent 01 webserver -CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...) +CVE-2002-2093 NOT-FOR-US: SGI IRIX -CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...) +CVE-2002-2092 NOT-FOR-US: OpenBSD/NetBSD/FreeBSD -CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...) +CVE-2002-2091 NOT-FOR-US: decfingerd -CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) +CVE-2002-2090 NOT-FOR-US: aucho Technology Resin server -CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...) +CVE-2002-2089 NOT-FOR-US: Solaris -CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) +CVE-2002-2088 NOT-FOR-US: clump/os -CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) +CVE-2002-2087 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...) +CVE-2002-2086 NOT-FOR-US: magicHTML -CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...) +CVE-2002-2085 NOT-FOR-US: WWWeBBB forum -CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...) +CVE-2002-2084 NOT-FOR-US: Portix -CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...) +CVE-2002-2083 NOT-FOR-US: Novell Netware -CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...) +CVE-2002-2082 NOT-FOR-US: FTGate -CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...) +CVE-2002-2081 NOT-FOR-US: Microsoft -CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...) +CVE-2002-2080 NOT-FOR-US: FTGate -CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...) +CVE-2002-2079 - kernel-patch-openmosix <removed> (bug #319621; low) -CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...) +CVE-2002-2078 NOT-FOR-US: FTGate -CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...) +CVE-2002-2077 NOT-FOR-US: Microsoft -CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...) +CVE-2002-2076 NOT-FOR-US: Lil' HTTP server -CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...) +CVE-2002-2075 NOT-FOR-US: ICQ -CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...) +CVE-2002-2074 NOT-FOR-US: Mailidx -CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...) +CVE-2002-2073 NOT-FOR-US: Microsoft -CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...) +CVE-2002-2072 NOT-FOR-US: Sun Java -CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...) +CVE-2002-2071 NOT-FOR-US: Tru64 -CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...) +CVE-2002-2070 NOT-FOR-US: SecureClean -CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...) +CVE-2002-2069 NOT-FOR-US: Proprietary PGP -CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...) +CVE-2002-2068 NOT-FOR-US: Eraser -CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...) +CVE-2002-2067 NOT-FOR-US: Eraser -CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...) +CVE-2002-2066 NOT-FOR-US: BCWipe -CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...) +CVE-2002-2065 NOT-FOR-US: WebCalender -CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...) +CVE-2002-2064 NOT-FOR-US: PhpWebGallery -CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...) +CVE-2002-2063 NOT-FOR-US: AtGuard -CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...) +CVE-2002-2062 NOT-FOR-US: Microsoft -CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...) +CVE-2002-2061 NOTE: fixed in upstream 1.0.1 NOTE: see http://web.archive.org/web/20090628044831/http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html - mozilla 2:1.1-1 (low) -CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...) +CVE-2002-2060 - links2 <not-affected> (Fixed before upload into archiv; 2.0pre5) -CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) +CVE-2002-2059 NOT-FOR-US: Intel motherboards -CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...) +CVE-2002-2058 NOT-FOR-US: TeeKai -CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...) +CVE-2002-2057 NOT-FOR-US: TeeKai -CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...) +CVE-2002-2056 NOT-FOR-US: TeeKai -CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...) +CVE-2002-2055 NOT-FOR-US: TeeKai -CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...) +CVE-2002-2054 NOT-FOR-US: TeeKai -CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...) +CVE-2002-2053 NOT-FOR-US: Cisco -CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) +CVE-2002-2052 NOT-FOR-US: Cisco -CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) +CVE-2002-2051 - modlogan 0.7.12-1 (low) -CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) +CVE-2002-2050 - modlogan 0.7.12-1 (low) -CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...) +CVE-2002-2049 NOTE: one day upstream webserver compromise -CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...) +CVE-2002-2048 NOT-FOR-US: PFinger -CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...) +CVE-2002-2047 - sketch 0.6.13-1 (low) -CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) +CVE-2002-2046 NOT-FOR-US: X-News -CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...) +CVE-2002-2045 NOT-FOR-US: x-stat -CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...) +CVE-2002-2044 NOT-FOR-US: x-stat -CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...) +CVE-2002-2043 NOTE: old patch -CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...) +CVE-2002-2042 NOT-FOR-US: QNX -CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...) +CVE-2002-2041 NOT-FOR-US: QNX -CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...) +CVE-2002-2040 NOT-FOR-US: QNX -CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...) +CVE-2002-2039 NOT-FOR-US: QNX -CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...) +CVE-2002-2038 NOT-FOR-US: NGPT NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html NOTE: NPTL does not have this problem. -CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...) +CVE-2002-2037 NOT-FOR-US: Cisco -CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...) +CVE-2002-2036 NOT-FOR-US: Sun -CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...) +CVE-2002-2035 NOT-FOR-US: RealityScape -CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...) +CVE-2002-2034 NOT-FOR-US: Email Sanitizer -CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...) +CVE-2002-2033 NOT-FOR-US: FAQManager -CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...) +CVE-2002-2032 NOT-FOR-US: PHPNuke -CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...) +CVE-2002-2031 NOT-FOR-US: Microsoft -CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...) +CVE-2002-2030 NOT-FOR-US: Microsoft -CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...) +CVE-2002-2029 NOT-FOR-US: PHP, Mircrosoft -CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...) +CVE-2002-2028 NOT-FOR-US: Microsoft -CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...) +CVE-2002-2027 NOT-FOR-US: DOOW -CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...) +CVE-2002-2026 NOT-FOR-US: BrowseFTP -CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) +CVE-2002-2025 NOT-FOR-US: Lotus Domino -CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...) +CVE-2002-2024 - imp 3:2.2.6-5 (high) -CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) +CVE-2002-2023 NOT-FOR-US: We use the OTHER beep program :P -CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...) +CVE-2002-2022 NOTE: only affects old-stable -CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...) +CVE-2002-2021 NOT-FOR-US: wbboard -CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...) +CVE-2002-2020 NOT-FOR-US: Netgear hardware -CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...) +CVE-2002-2019 NOT-FOR-US: osCommerce -CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...) +CVE-2002-2018 NOT-FOR-US: SAS/Base -CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...) +CVE-2002-2017 NOT-FOR-US: SAS/Base -CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...) +CVE-2002-2016 - user-mode-linux 2.4.17-9 (high) -CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...) +CVE-2002-2015 NOT-FOR-US: PostNuke -CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) +CVE-2002-2014 NOT-FOR-US: Lotus Domino -CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...) +CVE-2002-2013 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...) +CVE-2002-2012 NOT-FOR-US: Apache -CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...) +CVE-2002-2011 NOT-FOR-US: faqomatic -CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...) +CVE-2002-2010 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...) +CVE-2002-2009 NOT-FOR-US: Tomcat -CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) +CVE-2002-2008 NOT-FOR-US: Tomcat -CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...) +CVE-2002-2007 NOT-FOR-US: Tomcat -CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...) +CVE-2002-2006 NOT-FOR-US: Tomcat -CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...) +CVE-2002-2005 NOT-FOR-US: Sun -CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...) +CVE-2002-2004 NOT-FOR-US: Compaq -CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...) +CVE-2002-2003 NOT-FOR-US: Compaq -CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...) +CVE-2002-2002 NOT-FOR-US: Compaq -CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...) +CVE-2002-2001 NOT-FOR-US: jmcce -CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...) +CVE-2002-2000 NOT-FOR-US: OpenVMS -CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...) +CVE-2002-1999 NOT-FOR-US: VVOS -CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...) +CVE-2002-1998 NOT-FOR-US: UnixWare -CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...) +CVE-2002-1997 NOT-FOR-US: ZoneAlarm -CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...) +CVE-2002-1996 NOT-FOR-US: Postnuke -CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...) +CVE-2002-1995 NOT-FOR-US: Postnuke -CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...) +CVE-2002-1994 NOT-FOR-US: Windows -CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...) +CVE-2002-1993 NOT-FOR-US: WebBBS -CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...) +CVE-2002-1992 NOT-FOR-US: Windows -CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...) +CVE-2002-1991 NOT-FOR-US: osCommerce -CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...) +CVE-2002-1990 NOT-FOR-US: Resin -CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) +CVE-2002-1989 NOT-FOR-US: Resin -CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...) +CVE-2002-1988 NOT-FOR-US: Resin -CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...) +CVE-2002-1987 NOT-FOR-US: Resin -CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) +CVE-2002-1986 NOT-FOR-US: Perception LiteServe -CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) +CVE-2002-1985 NOT-FOR-US: iSMTP -CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) +CVE-2002-1984 NOT-FOR-US: Microsoft -CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) +CVE-2002-1983 NOT-FOR-US: QNX -CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) +CVE-2002-1982 NOTE: verified current version is not vulnerable to exploit -CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) +CVE-2002-1981 NOT-FOR-US: Microsoft -CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) +CVE-2002-1980 NOT-FOR-US: Solaris -CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) +CVE-2002-1979 NOT-FOR-US: Watchguard SOHO -CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass ...) +CVE-2002-1978 NOT-FOR-US: IPFilter -CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) +CVE-2002-1977 NOT-FOR-US: Proprietary PGP -CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...) +CVE-2002-1976 - net-tools <unfixed> (unimportant) NOTE: This seems to be a misunderstanding of what the PROMISC flag NOTE: is about. ifconfig reports properly when it is set using NOTE: "ifconfig promisc". -CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) +CVE-2002-1975 NOT-FOR-US: Zaurus hardware -CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) +CVE-2002-1974 NOT-FOR-US: Zaurus hardware -CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) +CVE-2002-1973 NOT-FOR-US: Microsoft -CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) +CVE-2002-1972 NOT-FOR-US: pp_powerSwitch -CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) +CVE-2002-1971 NOT-FOR-US: Sourcecraft Networking Utils -CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) +CVE-2002-1970 NOT-FOR-US: SnortCenter -CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) +CVE-2002-1969 NOT-FOR-US: Magic Notebook -CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) +CVE-2002-1968 NOT-FOR-US: Com21 hardware -CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) +CVE-2002-1967 NOT-FOR-US: XiRCON -CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) +CVE-2002-1966 NOT-FOR-US: My Postcards Platinum -CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) +CVE-2002-1965 NOT-FOR-US: Imatix Xitami -CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) +CVE-2002-1964 NOT-FOR-US: phpEventCalender -CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) +CVE-2002-1963 NOTE: No kernels in Sarge or sid affected -CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) +CVE-2002-1962 NOT-FOR-US: SurfinGate -CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) +CVE-2002-1961 NOT-FOR-US: SurfinGate -CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) +CVE-2002-1960 NOT-FOR-US: Cybozu Share -CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...) +CVE-2002-1959 NOTE: Nagios was packaged for Debian after these vulnerable versions have been released -CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...) +CVE-2002-1958 NOT-FOR-US: kmMail -CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...) +CVE-2002-1957 - pen <not-affected> (pen was introduced after this old vulnerability) -CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) +CVE-2002-1956 - rox 1.3.0-1 -CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) +CVE-2002-1955 NOT-FOR-US: Iomega hardware issue -CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) +CVE-2002-1954 NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a NOTE: php function that displays the PHP logo and version information. In the bug NOTE: log the developers seem unwilling to fix this, as it only affects a debug @@ -1047,1009 +1047,1009 @@ CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function NOTE: can not reproduce in any versions of php4 in the archive. - php4 <not-affected> (bug #349260; low) - php5 5.1.1-1 (bug #336654; low) -CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) +CVE-2002-1953 NOT-FOR-US: AIM -CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) +CVE-2002-1952 NOT-FOR-US: phpRank -CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) +CVE-2002-1951 NOT-FOR-US: GoAhead WebServer -CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) +CVE-2002-1950 NOT-FOR-US: phpRank -CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) +CVE-2002-1949 NOT-FOR-US: Iomega NAS -CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) +CVE-2002-1948 - gringotts <not-affected> (fixed before Gringotts was in Debian) -CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) +CVE-2002-1947 - webmin 1.000-2 -CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) +CVE-2002-1946 NOT-FOR-US: VNSL -CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) +CVE-2002-1945 NOT-FOR-US: SmailMail -CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) +CVE-2002-1944 NOT-FOR-US: Motorola Surfboard -CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) +CVE-2002-1943 NOT-FOR-US: SafeTP -CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) +CVE-2002-1942 NOT-FOR-US: Imatix -CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) +CVE-2002-1941 NOT-FOR-US: RadioBird -CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) +CVE-2002-1940 NOT-FOR-US: LCC-Win32 -CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) +CVE-2002-1939 NOT-FOR-US: FlashFXP -CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) +CVE-2002-1938 NOT-FOR-US: Virgil CGI Scanner -CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) +CVE-2002-1937 NOT-FOR-US: Symantex Appliance -CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) +CVE-2002-1936 NOT-FOR-US: UTStarcom -CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) +CVE-2002-1935 NOT-FOR-US: Pingtel Xpressa -CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) +CVE-2002-1934 NOT-FOR-US: Pingtel Xpressa -CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) +CVE-2002-1933 NOT-FOR-US: Microsoft -CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) +CVE-2002-1932 NOT-FOR-US: Microsoft -CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) +CVE-2002-1931 NOT-FOR-US: PHP Arena -CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) +CVE-2002-1930 NOT-FOR-US: AN HTTPd -CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) +CVE-2002-1929 NOT-FOR-US: PHP Arena -CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) +CVE-2002-1928 NOT-FOR-US: 602Pro LAN SUITE -CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) +CVE-2002-1927 NOT-FOR-US: Aquonics File Manager -CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) +CVE-2002-1926 NOT-FOR-US: Aquonics File Manager -CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) +CVE-2002-1925 NOT-FOR-US: Tiny Personal Firewall -CVE-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) +CVE-2002-1924 NOT-FOR-US: Powerchute -CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) +CVE-2002-1923 - mysql <not-affected> (Windows specific) -CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) +CVE-2002-1922 NOT-FOR-US: vBulletin -CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) +CVE-2002-1921 - mysql <not-affected> (Windows specific) -CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) +CVE-2002-1920 NOT-FOR-US: FtpXQ -CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) +CVE-2002-1919 NOT-FOR-US: VS-ASP -CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) +CVE-2002-1918 NOT-FOR-US: Microsoft ADO -CVE-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) +CVE-2002-1917 NOT-FOR-US: Geeklog -CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) +CVE-2002-1916 NOT-FOR-US: Pirch -CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) +CVE-2002-1915 NOT-FOR-US: tip -CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) +CVE-2002-1914 - dump 0.4b31-1 -CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) +CVE-2002-1913 NOT-FOR-US: myPHPNuke -CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) +CVE-2002-1912 NOT-FOR-US: SkyStream -CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) +CVE-2002-1911 NOT-FOR-US: ZoneAlarm -CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) +CVE-2002-1910 NOT-FOR-US: Ingenium Learning Management System -CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) +CVE-2002-1909 NOT-FOR-US: Ingenium Learning Management System -CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) +CVE-2002-1908 NOT-FOR-US: Microsoft IIS -CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) +CVE-2002-1907 NOT-FOR-US: TelCondex -CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) +CVE-2002-1906 NOT-FOR-US: ViaVideo -CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) +CVE-2002-1905 NOT-FOR-US: ViaVideo -CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) +CVE-2002-1904 NOT-FOR-US: ghttpd -CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) +CVE-2002-1903 - pine 4.62-1 (low) - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) NOTE: checked listed version, and it didn't have the problem NOTE: pine is non-free (alpine is free) -CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) +CVE-2002-1902 NOT-FOR-US: CGIForum -CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) +CVE-2002-1901 NOT-FOR-US: BBGallery -CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) +CVE-2002-1900 NOT-FOR-US: Pinboard -CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) +CVE-2002-1899 NOT-FOR-US: IceWarp Web Mail -CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) +CVE-2002-1898 NOT-FOR-US: Mac OS X -CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a ...) +CVE-2002-1897 NOT-FOR-US: MyWebserver -CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) +CVE-2002-1896 - alsaplayer 0.99.72-1 -CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) +CVE-2002-1895 - tomcat4 <not-affected> (Windows-specific Tomcat problems) -CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) +CVE-2002-1894 - phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295) -CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) +CVE-2002-1893 NOT-FOR-US: ArGoSoft Mail Server -CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) +CVE-2002-1892 NOT-FOR-US: Netgear hardware -CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...) +CVE-2002-1891 NOT-FOR-US: IRCIT -CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...) +CVE-2002-1890 NOT-FOR-US: RedHat specific -CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) +CVE-2002-1889 NOT-FOR-US: Logsurfer -CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...) +CVE-2002-1888 NOT-FOR-US: CommonName Toolbar -CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for ...) +CVE-2002-1887 NOT-FOR-US: phpMyNewsletter -CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...) +CVE-2002-1886 NOT-FOR-US: TightAuction -CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for ...) +CVE-2002-1885 NOT-FOR-US: PPhlogger -CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...) +CVE-2002-1884 NOT-FOR-US: Py-Membres -CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) +CVE-2002-1883 - qt-x11-free 2:3.0.4-1 -CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) +CVE-2002-1882 NOT-FOR-US: Oracle -CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...) +CVE-2002-1881 - flashplugin-nonfree 6.0.61.0-1 -CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...) +CVE-2002-1880 NOT-FOR-US: LokwaBB -CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...) +CVE-2002-1879 NOT-FOR-US: LokwaBB -CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...) +CVE-2002-1878 NOT-FOR-US: w-Agora -CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...) +CVE-2002-1877 NOT-FOR-US: Netgear hardware -CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) +CVE-2002-1876 NOT-FOR-US: Microsoft -CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...) +CVE-2002-1875 NOT-FOR-US: Entercept Agent -CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...) +CVE-2002-1874 NOT-FOR-US: Astrocam -CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...) +CVE-2002-1873 NOT-FOR-US: Microsoft -CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...) +CVE-2002-1872 NOT-FOR-US: Microsoft -CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...) +CVE-2002-1871 NOT-FOR-US: Solaris -CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...) +CVE-2002-1870 NOT-FOR-US: Simple Web Server -CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) +CVE-2002-1869 NOT-FOR-US: Heysoft EventSave -CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) +CVE-2002-1868 NOT-FOR-US: Dispair -CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...) +CVE-2002-1867 NOT-FOR-US: ImageFolio -CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...) +CVE-2002-1866 NOT-FOR-US: Simple Web Server -CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...) +CVE-2002-1865 NOT-FOR-US: Embedded HTTP server -CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...) +CVE-2002-1864 NOT-FOR-US: Simple Web Server -CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...) +CVE-2002-1863 NOT-FOR-US: Iomega NAS -CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...) +CVE-2002-1862 NOT-FOR-US: SmartMail Server -CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...) +CVE-2002-1861 NOT-FOR-US: Sybase ASE -CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...) +CVE-2002-1860 NOT-FOR-US: Pramati -CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) +CVE-2002-1859 NOT-FOR-US: Orion -CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...) +CVE-2002-1858 NOT-FOR-US: Oracle -CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) +CVE-2002-1857 NOT-FOR-US: jo! jo Webserver -CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...) +CVE-2002-1856 NOT-FOR-US: HP Application Server -CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...) +CVE-2002-1855 NOT-FOR-US: Macromedia JRun -CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...) +CVE-2002-1854 NOT-FOR-US: rlaj whois.cgi -CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) +CVE-2002-1853 NOT-FOR-US: MyNewsGroups -CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) +CVE-2002-1852 - monkey 0.9.2-1 NOTE: Vulnerable code verified not be present in any Debian version -CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...) +CVE-2002-1851 NOT-FOR-US: WS_FTP Pro -CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...) +CVE-2002-1850 - apache2 2.0.42-1 -CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...) +CVE-2002-1849 NOT-FOR-US: ParaChat -CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) +CVE-2002-1848 NOT-FOR-US: TightVNC on Windows only -CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) +CVE-2002-1847 NOT-FOR-US: Microsoft Windows Media Player -CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) +CVE-2002-1846 NOT-FOR-US: YaBB -CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...) +CVE-2002-1845 NOT-FOR-US: YaBB -CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...) +CVE-2002-1844 NOT-FOR-US: Microsoft Windows Media Player -CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...) +CVE-2002-1843 NOT-FOR-US: Perlbot -CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) +CVE-2002-1842 NOT-FOR-US: Perlbot -CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...) +CVE-2002-1841 NOT-FOR-US: Nogusta NOLA -CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...) +CVE-2002-1840 NOT-FOR-US: some irssi tarballs contained a backdoor -CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...) +CVE-2002-1839 NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52) -CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...) +CVE-2002-1838 NOT-FOR-US: Charities.cron -CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...) +CVE-2002-1837 NOT-FOR-US: Image Display System -CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) +CVE-2002-1836 NOT-FOR-US: Xerox Docutech -CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) +CVE-2002-1835 NOT-FOR-US: Xerox Docutech -CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) +CVE-2002-1834 NOT-FOR-US: Xerox Docutech -CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) +CVE-2002-1833 NOT-FOR-US: Xerox Docutech -CVE-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in ...) +CVE-2002-1832 NOT-FOR-US: Firestorm IDS -CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...) +CVE-2002-1831 NOT-FOR-US: Microsoft MSN Messenger Service -CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...) +CVE-2002-1830 NOT-FOR-US: Open Bulletin Board -CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...) +CVE-2002-1829 NOT-FOR-US: Open Bulletin Board -CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...) +CVE-2002-1828 NOT-FOR-US: Savant Webserver -CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) +CVE-2002-1827 - sendmail 8.12-4 -CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) +CVE-2002-1826 - kernel-patch-2.4-grsecurity 1.9.6-1 -CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) +CVE-2002-1825 NOT-FOR-US: WASD -CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) +CVE-2002-1824 NOT-FOR-US: MSIE -CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...) +CVE-2002-1823 NOT-FOR-US: Zeroo -CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...) +CVE-2002-1822 NOT-FOR-US: IBM HTTP Server on AS/400 -CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...) +CVE-2002-1821 NOT-FOR-US: Ultimate PHP Board -CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...) +CVE-2002-1820 NOT-FOR-US: Ultimate PHP Board -CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...) +CVE-2002-1819 NOT-FOR-US: TinyHTTPD -CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...) +CVE-2002-1818 NOT-FOR-US: httpbench -CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...) +CVE-2002-1817 NOT-FOR-US: Veritas -CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...) +CVE-2002-1816 NOT-FOR-US: ATPhttpd -CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...) +CVE-2002-1815 NOT-FOR-US: Aquonics -CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...) +CVE-2002-1814 - bonobo <not-affected> (efstool not suid on Debian) -CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...) +CVE-2002-1813 NOT-FOR-US: AIM -CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...) +CVE-2002-1812 NOT-FOR-US: gdam123 -CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...) +CVE-2002-1811 NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point -CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) +CVE-2002-1810 NOT-FOR-US: D-Link DWL-900AP+ Access Point -CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...) +CVE-2002-1809 NOT-FOR-US: MySQL windows binary -CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...) +CVE-2002-1808 NOT-FOR-US: Meunity -CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...) +CVE-2002-1807 NOT-FOR-US: phpWebSite -CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) +CVE-2002-1806 NOT-FOR-US: Drupal -CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) +CVE-2002-1805 - dacode <removed> (bug #322605; low) [sarge] - dacode <no-dsa> (Minor issue; attacker would need to bypass moderator review/approval) NOTE: Sarge is affected (has same version as testing/unstable) -CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...) +CVE-2002-1804 NOT-FOR-US: NPDS -CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) +CVE-2002-1803 NOT-FOR-US: PHP-Nuke -CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...) +CVE-2002-1802 NOT-FOR-US: Xoops -CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...) +CVE-2002-1801 NOT-FOR-US: ImageFolio -CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...) +CVE-2002-1800 NOT-FOR-US: phpRank -CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) +CVE-2002-1799 NOT-FOR-US: phpRank -CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) ...) +CVE-2002-1798 NOT-FOR-US: MidiCart -CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...) +CVE-2002-1797 NOT-FOR-US: ChaiVM -CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...) +CVE-2002-1796 NOT-FOR-US: ChaiVM -CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...) +CVE-2002-1795 NOT-FOR-US: Microsoft -CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) +CVE-2002-1794 NOT-FOR-US: HP ldapux-pamauthz -CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) +CVE-2002-1793 NOT-FOR-US: HP Virtualvault OS -CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) +CVE-2002-1792 NOT-FOR-US: Fake Identd -CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...) +CVE-2002-1791 NOT-FOR-US: SGI IRIX -CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) +CVE-2002-1790 NOT-FOR-US: microsoft -CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...) +CVE-2002-1789 - newsx 1.4pl6.0-2 -CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...) +CVE-2002-1788 - nn 6.6.4-1 -CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) +CVE-2002-1787 NOT-FOR-US: SGI IRIX -CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) +CVE-2002-1786 NOT-FOR-US: SGI IRIX -CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) +CVE-2002-1785 NOT-FOR-US: Zeus Administration Server -CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...) +CVE-2002-1784 NOT-FOR-US: HP Tru64 -CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...) +CVE-2002-1783 - php4 4:4.3.10-15 -CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...) +CVE-2002-1782 - uw-imap 7:2002ddebian1-2 (bug #315499; unimportant) NOTE: This only applies to very exotic setups. It's also documented in the FAQ NOTE: and if someone has such a setup she will have to recompile the package with NOTE: the security features enabled. -CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) +CVE-2002-1781 NOT-FOR-US: DeleGate -CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) +CVE-2002-1780 NOT-FOR-US: BPM Studio Pro -CVE-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...) +CVE-2002-1779 NOT-FOR-US: Norton -CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...) +CVE-2002-1778 NOT-FOR-US: Norton -CVE-2002-1777 (** DISPUTED ** ...) +CVE-2002-1777 NOT-FOR-US: Symantec -CVE-2002-1776 (** DISPUTED ** ...) +CVE-2002-1776 NOT-FOR-US: Symantec -CVE-2002-1775 (** DISPUTED ** ...) +CVE-2002-1775 NOT-FOR-US: Symantec -CVE-2002-1774 (** DISPUTED ** ...) +CVE-2002-1774 NOT-FOR-US: Symantec -CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...) +CVE-2002-1773 NOT-FOR-US: ICQ for MacOS X -CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...) +CVE-2002-1772 NOT-FOR-US: Novell Netware -CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...) +CVE-2002-1771 NOT-FOR-US: FormMail -CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) +CVE-2002-1770 NOT-FOR-US: Eudora -CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) +CVE-2002-1769 NOT-FOR-US: Microsoft -CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) +CVE-2002-1768 NOT-FOR-US: Cisco -CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) +CVE-2002-1767 NOT-FOR-US: Oracle -CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) +CVE-2002-1766 NOT-FOR-US: Netscape NOTE: didn't check mozilla -CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) +CVE-2002-1765 - evolution 1.0.5 -CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...) +CVE-2002-1764 NOT-FOR-US: acrobat -CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...) +CVE-2002-1763 NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver -CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) +CVE-2002-1762 NOT-FOR-US: Microsoft -CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) +CVE-2002-1761 NOT-FOR-US: PHProjekt -CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) +CVE-2002-1760 NOT-FOR-US: PHProjekt -CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ...) +CVE-2002-1759 NOT-FOR-US: PHProjekt -CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) +CVE-2002-1758 NOT-FOR-US: PHProjekt -CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...) +CVE-2002-1757 NOT-FOR-US: PHProjekt -CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...) +CVE-2002-1756 NOT-FOR-US: ACDSee -CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) +CVE-2002-1755 - tinc 1.0pre5 -CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...) +CVE-2002-1754 NOT-FOR-US: Novell NetWare -CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) +CVE-2002-1753 NOT-FOR-US: csNews -CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...) +CVE-2002-1752 NOT-FOR-US: csChat-R-Box -CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...) +CVE-2002-1751 NOT-FOR-US: csLiveSupport -CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...) +CVE-2002-1750 NOT-FOR-US: csGuestbook -CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...) +CVE-2002-1749 NOT-FOR-US: Windows 2000 Terminal Services -CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) +CVE-2002-1748 - slash 2.2.3 -CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...) +CVE-2002-1747 - vtun 2.5b2 -CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...) +CVE-2002-1746 - vtun 2.5b2 -CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...) +CVE-2002-1745 NOT-FOR-US: Microsoft -CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) +CVE-2002-1744 NOT-FOR-US: Microsoft -CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) +CVE-2002-1743 NOT-FOR-US: AOL ICQ -CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) +CVE-2002-1742 - soap-lite 0.55 -CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...) +CVE-2002-1741 NOT-FOR-US: WorldClient -CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...) +CVE-2002-1740 NOT-FOR-US: WorldClient -CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...) +CVE-2002-1739 NOT-FOR-US: Alt-N Technologies Mdaemon -CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...) +CVE-2002-1738 NOT-FOR-US: Alt-N Technologies Mdaemon -CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...) +CVE-2002-1737 NOT-FOR-US: Astaro Security Linux -CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) +CVE-2002-1736 NOT-FOR-US: CGINews -CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...) +CVE-2002-1735 NOT-FOR-US: dlogin -CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...) +CVE-2002-1734 NOT-FOR-US: NewsPro -CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...) +CVE-2002-1733 NOT-FOR-US: Prospero MessageBoards -CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) +CVE-2002-1732 NOT-FOR-US: Actinic Catalog -CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) +CVE-2002-1731 NOT-FOR-US: IBM AS/400 -CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) +CVE-2002-1730 NOT-FOR-US: ASPjar Guestbook -CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) +CVE-2002-1729 NOT-FOR-US: ASPjar Guestbook -CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) +CVE-2002-1728 NOT-FOR-US: askSam Web Publisher -CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...) +CVE-2002-1727 NOT-FOR-US: askSam Web Publisher -CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...) +CVE-2002-1726 NOT-FOR-US: PhotoDB -CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) +CVE-2002-1725 NOT-FOR-US: PHPImageView -CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...) +CVE-2002-1724 NOT-FOR-US: PHPImageView -CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) +CVE-2002-1723 NOT-FOR-US: Powerboards -CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) +CVE-2002-1722 NOT-FOR-US: microsoft -CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...) +CVE-2002-1721 - altermime <not-affected> (fixed before the first Debian upload) -CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...) +CVE-2002-1720 NOT-FOR-US: Spooky Login -CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...) +CVE-2002-1719 NOT-FOR-US: Bavo -CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...) +CVE-2002-1718 NOT-FOR-US: microsoft -CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...) +CVE-2002-1717 NOT-FOR-US: microsoft -CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...) +CVE-2002-1716 NOT-FOR-US: microsoft -CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...) +CVE-2002-1715 - openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.") -CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) +CVE-2002-1714 NOT-FOR-US: microsoft -CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) +CVE-2002-1713 NOT-FOR-US: msec -CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) +CVE-2002-1712 NOT-FOR-US: microsoft -CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) +CVE-2002-1711 NOT-FOR-US: BasiliX -CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) +CVE-2002-1710 NOT-FOR-US: BasiliX -CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) +CVE-2002-1709 NOT-FOR-US: BasiliX -CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) +CVE-2002-1708 NOT-FOR-US: BasiliX -CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) +CVE-2002-1707 - phpbb2 2.0.6c-1 -CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) +CVE-2002-1706 NOT-FOR-US: Cisco -CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) +CVE-2002-1705 NOT-FOR-US: microsoft -CVE-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) +CVE-2002-1704 NOT-FOR-US: Zeroboard -CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...) +CVE-2002-1703 NOT-FOR-US: NetAuction -CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...) +CVE-2002-1702 NOT-FOR-US: DeltaScripts PHP Classifieds -CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...) +CVE-2002-1700 NOT-FOR-US: ColdFusion -CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) +CVE-2002-1699 NOT-FOR-US: ASP Client Check -CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) +CVE-2002-1698 NOT-FOR-US: Microsoft -CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) +CVE-2002-1697 - vtun 2.6-1 -CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) +CVE-2002-1696 NOT-FOR-US: Microsoft Outlook plugin -CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) +CVE-2002-1695 NOT-FOR-US: Norton -CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) +CVE-2002-1694 NOT-FOR-US: Microsoft -CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) +CVE-2002-1692 NOT-FOR-US: Microsoft -CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) +CVE-2002-1691 NOT-FOR-US: Alcatel hardware issue -CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) +CVE-2002-1690 NOT-FOR-US: AIX -CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) +CVE-2002-1689 NOT-FOR-US: AIX -CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) +CVE-2002-1688 NOT-FOR-US: Microsoft -CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) +CVE-2002-1687 NOT-FOR-US: AIX -CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) +CVE-2002-1686 NOT-FOR-US: AIX -CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) +CVE-2002-1685 NOT-FOR-US: BadBlue Enterprise Edition -CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) +CVE-2002-1684 NOT-FOR-US: Deerfield D2Gfx -CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) +CVE-2002-1683 NOT-FOR-US: BadBlue Personal Edition -CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) +CVE-2002-1682 NOT-FOR-US: NewsReactor -CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) +CVE-2002-1681 - slash <not-affected> (Only present in intermediate CVS version, not released in Debian) -CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) +CVE-2002-1680 NOT-FOR-US: COWS -CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) +CVE-2002-1679 NOT-FOR-US: vBulletin -CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) +CVE-2002-1678 NOT-FOR-US: vBulletin -CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) +CVE-2002-1677 NOT-FOR-US: mrtgconfig -CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) +CVE-2002-1676 NOT-FOR-US: BindView NetInventory -CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) +CVE-2002-1675 NOT-FOR-US: Unreal IRCd -CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) +CVE-2002-1674 - kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel) -CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) +CVE-2002-1673 - webmin 0.93 (medium) -CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) +CVE-2002-1672 - webmin <not-affected> (packaging flaw of an unknown RPM based distro) NOTE: Permissions of Debian's webmin package look sane and FHS compliant -CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) +CVE-2002-1671 NOT-FOR-US: Microsoft -CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) +CVE-2002-1670 NOT-FOR-US: Microsoft -CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) +CVE-2002-1669 NOT-FOR-US: FreeBSD -CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) +CVE-2002-1668 NOT-FOR-US: HP-UX -CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) +CVE-2002-1667 - kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel) -CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) +CVE-2002-1666 NOT-FOR-US: Oracle -CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) +CVE-2002-1665 NOT-FOR-US: Yahoo Messenger -CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) +CVE-2002-1664 NOT-FOR-US: Yahoo Messenger -CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...) +CVE-2002-1663 NOT-FOR-US: Monkey -CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) +CVE-2002-1662 NOT-FOR-US: Mambo -CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to ...) +CVE-2002-1660 NOT-FOR-US: vBulletin -CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...) +CVE-2002-1659 NOT-FOR-US: PortalApp -CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...) +CVE-2002-1661 - leafnode <not-affected> (Leafnode2 development branch) -CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...) +CVE-2002-1658 - apache 1.3.31-1 -CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) +CVE-2002-1657 - postgresql <unfixed> (unimportant) NOTE: This is not a real world problem; it's only applicable in rare circurstances NOTE: like someone analysing stolen user database information and even then the gain NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. -CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...) +CVE-2002-1656 NOT-FOR-US: X-News -CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...) +CVE-2002-1655 NOT-FOR-US: Netscape Enterprise Server -CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...) +CVE-2002-1654 NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server -CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...) +CVE-2002-1653 - cryptcat 20031202-2 NOTE: don't know when it was fixed, verified above version is ok -CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...) +CVE-2002-1652 - cgiemail 1.6-14 -CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) +CVE-2002-1651 NOT-FOR-US: Verity Search97 -CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...) +CVE-2002-1650 - squirrelmail 1:1.2.3 -CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...) +CVE-2002-1649 - squirrelmail 1:1.2.3 -CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) +CVE-2002-1648 - squirrelmail 1:1.2.3 -CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) +CVE-2002-1647 - slash 2.2.6-8 (bug #160579; low) [sarge] - slash <no-dsa> (Minor security implications) -CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) +CVE-2002-1646 NOT-FOR-US: commercial ssh -CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...) +CVE-2002-1645 NOT-FOR-US: commercial ssh -CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...) +CVE-2002-1644 NOT-FOR-US: commercial ssh -CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...) +CVE-2002-1643 NOT-FOR-US: RealNetworks Helix Universal Server -CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...) +CVE-2002-1642 - postgresql 7.2.3 -CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...) +CVE-2002-1641 NOT-FOR-US: Oracle -CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...) +CVE-2002-1640 NOT-FOR-US: Oracle -CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) +CVE-2002-1639 NOT-FOR-US: Oracle CVE-2002-1638 REJECTED -CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...) +CVE-2002-1637 NOT-FOR-US: Oracle -CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) +CVE-2002-1636 NOT-FOR-US: Oracle -CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...) +CVE-2002-1635 NOT-FOR-US: Oracle -CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...) +CVE-2002-1634 NOT-FOR-US: NetWare -CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) +CVE-2002-1633 NOT-FOR-US: QNX -CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...) +CVE-2002-1632 NOT-FOR-US: Oracle -CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) +CVE-2002-1631 NOT-FOR-US: Oracle -CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...) +CVE-2002-1630 NOT-FOR-US: Oracle -CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) +CVE-2002-1629 NOT-FOR-US: Multi-Tech ProxyServer -CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...) +CVE-2002-1628 NOT-FOR-US: Mike Spice Mike's Vote CGI -CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) +CVE-2002-1627 NOT-FOR-US: Mike Spice Quiz CGI -CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) +CVE-2002-1626 NOT-FOR-US: Mike Spice My Calendar -CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) +CVE-2002-1625 - flashplugin-nonfree 6.0.61.0-1 -CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...) +CVE-2002-1624 NOT-FOR-US: Lotus Domino -CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...) +CVE-2002-1623 NOT-FOR-US: General protocol flaw, cannot be fixed -CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...) +CVE-2002-1622 NOT-FOR-US: AIX -CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) +CVE-2002-1621 NOT-FOR-US: AIX -CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...) +CVE-2002-1620 NOT-FOR-US: AIX -CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...) +CVE-2002-1619 NOT-FOR-US: AIX -CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...) +CVE-2002-1618 NOT-FOR-US: HP-UX -CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...) +CVE-2002-1617 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1616 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1615 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...) +CVE-2002-1614 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) +CVE-2002-1613 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1612 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1611 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) +CVE-2002-1610 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1609 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) +CVE-2002-1608 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1607 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) +CVE-2002-1606 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) +CVE-2002-1605 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...) +CVE-2002-1604 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) +CVE-2002-1603 NOT-FOR-US: GoAhead Web Server -CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) +CVE-2002-1602 - screen <not-affected> (HAVE_BRAILLE not set in binary build) -CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...) +CVE-2002-1601 NOT-FOR-US: Adobe PhotoDeluxe -CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...) +CVE-2002-1600 NOT-FOR-US: Mike Spice's My Classifieds -CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) +CVE-2002-1599 - dansguardian 2.4.5-1 -CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...) +CVE-2002-1598 NOT-FOR-US: Computer Associates MLink -CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) +CVE-2002-1597 NOT-FOR-US: Cisco -CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) +CVE-2002-1596 NOT-FOR-US: Cisco -CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...) +CVE-2002-1595 NOT-FOR-US: Cisco -CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...) +CVE-2002-1594 - shadow <not-affected> (Debian's pwck and grpck do not overflow and are not suid) -CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...) +CVE-2002-1593 - apache2 2.0.42 -CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...) +CVE-2002-1592 - apache2 2.0.36 -CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) +CVE-2002-1591 NOT-FOR-US: AIM in MSIE -CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...) +CVE-2002-1590 NOT-FOR-US: Solaris -CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...) +CVE-2002-1589 NOT-FOR-US: Solaris -CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) +CVE-2002-1588 NOT-FOR-US: Mailtool for OpenWindows -CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...) +CVE-2002-1587 NOT-FOR-US: Solaris -CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...) +CVE-2002-1586 NOT-FOR-US: Solaris -CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...) +CVE-2002-1585 NOT-FOR-US: Solaris -CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...) +CVE-2002-1584 NOT-FOR-US: Solaris -CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...) +CVE-2002-1583 NOT-FOR-US: IBM DB2 -CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...) +CVE-2002-1582 [woody] - mailreader <not-affected> (Affects only 2.3.30-2.3.32) - mailreader 2.3.33 -CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...) +CVE-2002-1581 {DSA-534} - mailreader 2.3.29-9 -CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...) +CVE-2002-1580 {DSA-215} - cyrus-imapd 1.5.19-9.10 -CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...) +CVE-2002-1579 NOT-FOR-US: SAP -CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) +CVE-2002-1578 NOT-FOR-US: SAP -CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...) +CVE-2002-1577 NOT-FOR-US: SAP -CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...) +CVE-2002-1576 NOT-FOR-US: SAP -CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...) +CVE-2002-1575 {DSA-437} - cgiemail 1.6-20 -CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver ...) +CVE-2002-1573 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ...) +CVE-2002-1572 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...) +CVE-2002-1571 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...) +CVE-2002-1570 - ucd-snmp 4.2.3-2 -CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...) +CVE-2002-1569 - gv 1:3.5.8-27 -CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) +CVE-2002-1568 - openssl 0.9.6g-1 -CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) +CVE-2002-1567 NOTE: tomcat4 cross-site scripting vuln -CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) +CVE-2002-1566 - netris 0.52-1 -CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) +CVE-2002-1565 - wget 1.8.2-8 -CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...) +CVE-2002-1564 NOT-FOR-US: microsoft -CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...) +CVE-2002-1563 - stunnel4 4.04-1 - stunnel 2:3.24-1 -CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...) +CVE-2002-1562 {DSA-396} - thttpd 2.23beta1-2.3 (bug #216677) -CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...) +CVE-2002-1561 NOT-FOR-US: microsoft -CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...) +CVE-2002-1559 NOT-FOR-US: ion-p -CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) +CVE-2002-1558 NOT-FOR-US: cisco -CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) +CVE-2002-1557 NOT-FOR-US: cisco -CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) +CVE-2002-1556 NOT-FOR-US: cisco -CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...) +CVE-2002-1555 NOT-FOR-US: cisco -CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...) +CVE-2002-1554 NOT-FOR-US: cisco -CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...) +CVE-2002-1553 NOT-FOR-US: cisco -CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) +CVE-2002-1551 NOT-FOR-US: AIX -CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...) +CVE-2002-1546 NOT-FOR-US: Webweaver -CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...) +CVE-2002-1545 NOT-FOR-US: Coolsoft -CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...) +CVE-2002-1544 NOT-FOR-US: Coolsoft -CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...) +CVE-2002-1542 NOT-FOR-US: SolarWinds -CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) +CVE-2002-1539 NOT-FOR-US: MDaemon -CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...) +CVE-2002-1536 NOT-FOR-US: Molly -CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...) +CVE-2002-1535 NOT-FOR-US: Symantec -CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...) +CVE-2002-1533 - jetty <not-affected> (Fixed before upload into archive; 4.1 series) -CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...) +CVE-2002-1527 NOT-FOR-US: EMU Webmail -CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...) +CVE-2002-1526 NOT-FOR-US: EMU Webmail -CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...) +CVE-2002-1525 NOT-FOR-US: Sun -CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...) +CVE-2002-1523 NOT-FOR-US: Miniserver -CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...) +CVE-2002-1522 NOT-FOR-US: PowerFTP -CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) +CVE-2002-1515 NOT-FOR-US: Coolforum -CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) +CVE-2002-1512 NOT-FOR-US: BRU -CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...) +CVE-2002-1508 {DSA-227} - openldap2 2.0.27-3 -CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...) +CVE-2002-1507 NOT-FOR-US: Unreal -CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...) +CVE-2002-1506 - linuxconf <removed> -CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) +CVE-2002-1504 NOT-FOR-US: webserver-4everyone -CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) +CVE-2002-1503 NOT-FOR-US: AFD not in debian -CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...) +CVE-2002-1500 NOT-FOR-US: NetBSD -CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...) +CVE-2002-1499 NOT-FOR-US: FactoSystem -CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...) +CVE-2002-1498 NOT-FOR-US: SWServer -CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...) +CVE-2002-1495 NOT-FOR-US: Jawmail -CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) +CVE-2002-1492 NOT-FOR-US: Cisco -CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) +CVE-2002-1489 NOT-FOR-US: PlanetDNS -CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) +CVE-2002-1488 NOT-FOR-US: Cerulean Trillian -CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) +CVE-2002-1487 NOT-FOR-US: Cerulean Trillian -CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...) +CVE-2002-1486 NOT-FOR-US: Cerulean Trillian -CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) +CVE-2002-1485 NOT-FOR-US: Cerulean Trillian -CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...) +CVE-2002-1484 NOT-FOR-US: db4web -CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) +CVE-2002-1483 NOT-FOR-US: db4web -CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...) +CVE-2002-1482 NOT-FOR-US: phpGB not in Debian -CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...) +CVE-2002-1481 NOT-FOR-US: phpGB not in Debian -CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...) +CVE-2002-1480 NOT-FOR-US: phpGB not in Debian -CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...) +CVE-2002-1475 NOT-FOR-US: HPUX -CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...) +CVE-2002-1474 NOT-FOR-US: HPUX -CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...) +CVE-2002-1473 NOT-FOR-US: HPUX -CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) +CVE-2002-1470 NOT-FOR-US: Shoutcase -CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...) +CVE-2002-1467 - flashplugin-nonfree 6.0.61.0-1 -CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) +CVE-2002-1466 NOT-FOR-US: Cafelog -CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...) +CVE-2002-1465 NOT-FOR-US: Cafelog -CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...) +CVE-2002-1464 NOT-FOR-US: Cafelog -CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...) +CVE-2002-1462 NOT-FOR-US: Organic PHP -CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...) +CVE-2002-1461 NOT-FOR-US: Webshop Manager -CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...) +CVE-2002-1460 NOT-FOR-US: L-Forum not in Debian -CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) +CVE-2002-1459 NOT-FOR-US: L-Forum not in Debian -CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) +CVE-2002-1458 NOT-FOR-US: L-Forum not in Debian -CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...) +CVE-2002-1457 NOT-FOR-US: L-Forum not in Debian -CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...) +CVE-2002-1456 NOT-FOR-US: mIRC -CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) +CVE-2002-1455 NOT-FOR-US: OmniHTTPD -CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...) +CVE-2002-1454 NOT-FOR-US: MyWebServer -CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...) +CVE-2002-1453 NOT-FOR-US: MyWebServer -CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) +CVE-2002-1452 NOT-FOR-US: MyWebServer -CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) +CVE-2002-1451 NOT-FOR-US: Blazix not in Debian -CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...) +CVE-2002-1450 NOT-FOR-US: IBM UniVerse -CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...) +CVE-2002-1449 NOT-FOR-US: eUpload not in Debian -CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...) +CVE-2002-1445 NOT-FOR-US: CERN HTTPD not in Debian -CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...) +CVE-2002-1444 NOT-FOR-US: Google Toolbar -CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) +CVE-2002-1442 NOT-FOR-US: Google Toolbar -CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...) +CVE-2002-1441 NOT-FOR-US: Tomahawk -CVE-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) +CVE-2002-1440 NOT-FOR-US: Gateway -CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...) +CVE-2002-1439 NOT-FOR-US: HPUX -CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...) +CVE-2002-1434 NOT-FOR-US: Kerio -CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...) +CVE-2002-1433 NOT-FOR-US: Kerio -CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) +CVE-2002-1432 NOT-FOR-US: MidiCart -CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) +CVE-2002-1431 NOT-FOR-US: Belkin -CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) +CVE-2002-1429 NOT-FOR-US: ShoutBox -CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...) +CVE-2002-1428 NOT-FOR-US: dotproject -CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) +CVE-2002-1427 NOT-FOR-US: Easy Homepage Creator -CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...) +CVE-2002-1426 NOT-FOR-US: HP -CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) +CVE-2002-1423 - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) -CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) +CVE-2002-1422 - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) -CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) +CVE-2002-1421 - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) -CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...) +CVE-2002-1416 NOT-FOR-US: Webeasymail -CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...) +CVE-2002-1415 NOT-FOR-US: Webeasymail -CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) +CVE-2002-1411 NOT-FOR-US: Duma -CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...) +CVE-2002-1410 NOT-FOR-US: East Guestbook -CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...) +CVE-2002-1409 NOT-FOR-US: HPUX -CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...) +CVE-2002-1408 NOT-FOR-US: HP Openview -CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...) +CVE-2002-1406 NOT-FOR-US: HPUX CVE-2002-1404 REJECTED -CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...) +CVE-2002-1402 {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) +CVE-2002-1401 {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...) +CVE-2002-1400 {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...) +CVE-2002-1399 - postgresql 7.2.2-2 -CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) +CVE-2002-1398 {DSA-165} - postgresql 7.2.2-2 -CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...) +CVE-2002-1397 - postgresql 7.2.2-2 -CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...) +CVE-2002-1395 {DSA-202} - im 1:141-20 -CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...) +CVE-2002-1393 {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} - kdemultimedia 4:3.0.5a - kdebase 4:3.0.5a @@ -2061,80 +2061,80 @@ CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do no - kdenetwork 4:3.0.5a - kdegraphics 4:3.0.5a - kdeadmin 4:3.0.5a -CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) +CVE-2002-1387 {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...) +CVE-2002-1386 {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...) +CVE-2002-1383 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...) +CVE-2002-1379 {DSA-227} - openldap2 2.0.27-3 -CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) +CVE-2002-1378 {DSA-227} - openldap2 2.0.27-3 -CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...) +CVE-2002-1376 {DSA-212} - mysql <removed> CVE-2002-1370 REJECTED -CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) +CVE-2002-1368 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) +CVE-2002-1360 - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) +CVE-2002-1359 - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...) +CVE-2002-1358 - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...) +CVE-2002-1357 - openssh <not-affected> (OpenSSH not vulnerable) -CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...) +CVE-2002-1356 - ethereal 0.9.8-1 -CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) +CVE-2002-1355 - ethereal 0.9.8-1 -CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) +CVE-2002-1354 NOT-FOR-US: TYPSoft FTP Server -CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...) +CVE-2002-1353 NOT-FOR-US: LocalWEB2000 HTTP server -CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...) +CVE-2002-1352 NOT-FOR-US: CartMan -CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) +CVE-2002-1351 NOT-FOR-US: Melange Chat System -CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...) +CVE-2002-1347 - cyrus-sasl2 2.1.10-1 CVE-2002-1346 RESERVED -CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) +CVE-2002-1345 NOTE: multiple ftp client issues -CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) +CVE-2002-1344 {DSA-209} - wget 1.8.2-8 CVE-2002-1343 RESERVED -CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...) +CVE-2002-1342 {DSA-203} - smb2www 980804-17 -CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...) +CVE-2002-1341 {DSA-220} - squirrelmail 1:1.3.2-2 -CVE-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...) +CVE-2002-1340 NOT-FOR-US: Office Web Components -CVE-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...) +CVE-2002-1339 NOT-FOR-US: Office Web Components -CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) +CVE-2002-1338 NOT-FOR-US: Office Web Components -CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) +CVE-2002-1335 {DSA-251 DSA-250 DSA-249} - w3m 0.3.2.2-1 - w3mmee 0.3.p24.17-3 - w3m-ssl <removed> -CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) +CVE-2002-1334 NOT-FOR-US: BizDesign CVE-2002-1333 RESERVED @@ -2152,23 +2152,23 @@ CVE-2002-1326 RESERVED CVE-2002-1324 RESERVED -CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...) +CVE-2002-1322 NOT-FOR-US: ClearCase -CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...) +CVE-2002-1321 NOT-FOR-US: Realplayer -CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) +CVE-2002-1316 NOT-FOR-US: iPlanet -CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...) +CVE-2002-1315 NOT-FOR-US: iPlanet CVE-2002-1314 RESERVED -CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...) +CVE-2002-1312 NOT-FOR-US: Linksys -CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) +CVE-2002-1310 NOT-FOR-US: Macromedia -CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) +CVE-2002-1309 NOT-FOR-US: Macromedia -CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...) +CVE-2002-1306 {DSA-214} - kdenetwork 4:2.2.2-14.20 CVE-2002-1305 @@ -2189,68 +2189,68 @@ CVE-2002-1298 REJECTED CVE-2002-1297 REJECTED -CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1295 NOT-FOR-US: Microsoft -CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) +CVE-2002-1294 NOT-FOR-US: Microsoft -CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1293 NOT-FOR-US: Microsoft -CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) +CVE-2002-1292 NOT-FOR-US: Microsoft -CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1291 NOT-FOR-US: Microsoft -CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1290 NOT-FOR-US: Microsoft -CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1289 NOT-FOR-US: Microsoft -CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1288 NOT-FOR-US: Microsoft -CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...) +CVE-2002-1287 NOT-FOR-US: Microsoft -CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...) +CVE-2002-1286 NOT-FOR-US: Microsoft -CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...) +CVE-2002-1285 NOT-FOR-US: SuSE-specific lprfilter package -CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) +CVE-2002-1283 NOT-FOR-US: Novell iManager (eMFrame) -CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) +CVE-2002-1282 {DSA-204} - kdelibs 4:3.1.0-1 -CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) +CVE-2002-1281 {DSA-204} - kdelibs 4:3.1.0-1 -CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...) +CVE-2002-1280 NOT-FOR-US: RealSecure Event Collector -CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) +CVE-2002-1279 {DSA-194} - masqmail 0.2.15-1 -CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...) +CVE-2002-1276 {DSA-191} - squirrelmail 1:1.2.8-1.1 -CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...) +CVE-2002-1275 {DSA-192} - html2ps 1.0b3-2 CVE-2002-1274 RESERVED CVE-2002-1273 RESERVED -CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...) +CVE-2002-1269 NOT-FOR-US: MacOS CVE-2002-1263 REJECTED -CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...) +CVE-2002-1262 NOT-FOR-US: Microsoft CVE-2002-1261 REJECTED CVE-2002-1259 REJECTED -CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...) +CVE-2002-1258 NOT-FOR-US: Microsoft -CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...) +CVE-2002-1254 NOT-FOR-US: Microsoft CVE-2002-1249 RESERVED -CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...) +CVE-2002-1247 {DSA-193} - kdenetwork 4:2.2.2-14.3 CVE-2002-1246 @@ -2261,47 +2261,47 @@ CVE-2002-1241 RESERVED CVE-2002-1240 RESERVED -CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...) +CVE-2002-1238 NOT-FOR-US: Peter Sandvik's Simple Web Server CVE-2002-1237 RESERVED -CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...) +CVE-2002-1235 {DSA-185 DSA-184 DSA-183} - heimdal 0.4e-22 - krb4 1.1-11-8 - krb5 1.2.6-2 CVE-2002-1234 REJECTED -CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...) +CVE-2002-1233 {DSA-195 DSA-188 DSA-187} - apache-perl 1.3.26-1.1-1.27-3-1 - apache 1.3.27-1 -CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...) +CVE-2002-1229 NOT-FOR-US: Avaya Cajun switches -CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) +CVE-2002-1228 NOT-FOR-US: Solaris -CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...) +CVE-2002-1226 {DSA-178} - heimdal 0.4e-21 -CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) +CVE-2002-1225 {DSA-178} - heimdal 0.4e-21 CVE-2002-1218 RESERVED -CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) +CVE-2002-1217 NOT-FOR-US: Microsoft -CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...) +CVE-2002-1216 - tar 1.13.25 -CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) +CVE-2002-1215 {DSA-174} - heartbeat 0.4.9.2-1 -CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...) +CVE-2002-1213 NOT-FOR-US: RadioBird Software WebServer 4 Everyone -CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...) +CVE-2002-1212 NOT-FOR-US: RadioBird Software WebServer 4 Everyone -CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...) +CVE-2002-1210 NOT-FOR-US: Eudora -CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...) +CVE-2002-1209 NOT-FOR-US: SolarWinds TFTP Server CVE-2002-1208 RESERVED @@ -2311,32 +2311,32 @@ CVE-2002-1206 RESERVED CVE-2002-1205 RESERVED -CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...) +CVE-2002-1204 NOT-FOR-US: Netscape Communicator 4.x -CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...) +CVE-2002-1203 NOT-FOR-US: IBM SecureWay Firewall -CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) +CVE-2002-1202 NOT-FOR-US: HP Tru64 UNIX -CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...) +CVE-2002-1201 NOT-FOR-US: AIX -CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) +CVE-2002-1194 NOT-FOR-US: NetBSD -CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) +CVE-2002-1192 NOT-FOR-US: NetBSD -CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) +CVE-2002-1191 NOT-FOR-US: Sabre Desktop -CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) +CVE-2002-1190 NOT-FOR-US: Cisco -CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2002-1181 NOT-FOR-US: Microsoft IIS -CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) +CVE-2002-1177 NOT-FOR-US: Winamp -CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...) +CVE-2002-1176 NOT-FOR-US: Winamp -CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...) +CVE-2002-1175 {DSA-171} - fetchmail 6.1.0-1 -CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) +CVE-2002-1174 {DSA-171} - fetchmail 6.1.0-1 CVE-2002-1173 @@ -2345,819 +2345,819 @@ CVE-2002-1172 RESERVED CVE-2002-1171 RESERVED -CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) +CVE-2002-1168 NOT-FOR-US: IBM Websphere -CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) +CVE-2002-1167 NOT-FOR-US: IBM Websphere -CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...) +CVE-2002-1166 - wn <removed> -CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...) +CVE-2002-1165 - sendmail 8.12.3-5 CVE-2002-1161 REJECTED -CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...) +CVE-2002-1155 NOTE: kon2. patched, but I don't know when. NOTE: assuming the current unstable/testing version is ok then.. - kon2 0.3.9b-18 -CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...) +CVE-2002-1150 NOT-FOR-US: Microsoft Netmeeting -CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...) +CVE-2002-1149 NOT-FOR-US: Invision Board -CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...) +CVE-2002-1145 NOT-FOR-US: Microsoft SQL CVE-2002-1144 RESERVED -CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...) +CVE-2002-1143 NOT-FOR-US: Microsoft Word & Excel CVE-2002-1136 RESERVED -CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) +CVE-2002-1134 NOT-FOR-US: HP Tru64 -CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...) +CVE-2002-1133 NOT-FOR-US: Dino's Webserver -CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...) +CVE-2002-1131 {DSA-191} - squirrelmail 1:1.2.8-1.1 CVE-2002-1130 RESERVED -CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) +CVE-2002-1129 NOT-FOR-US: HP Tru64 -CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...) +CVE-2002-1128 NOT-FOR-US: HP Tru64 -CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) +CVE-2002-1127 NOT-FOR-US: HP Tru64 -CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...) +CVE-2002-1125 NOT-FOR-US: FreeBSD -CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...) +CVE-2002-1124 {DSA-166} - purity 1-16 -CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) +CVE-2002-1121 NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages. -CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) +CVE-2002-1120 NOT-FOR-US: Savant Web Server -CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) +CVE-2002-1115 {DSA-161} - mantis 0.17.5-2 -CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...) +CVE-2002-1114 {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...) +CVE-2002-1110 {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) +CVE-2002-1103 NOT-FOR-US: Cisco -CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) +CVE-2002-1101 NOT-FOR-US: Cisco -CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) +CVE-2002-1100 NOT-FOR-US: Cisco -CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...) +CVE-2002-1094 NOT-FOR-US: Cisco -CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) +CVE-2002-1090 - libesmtp 0.8.11-1 -CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...) +CVE-2002-1089 NOT-FOR-US: Oracle -CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...) +CVE-2002-1087 NOT-FOR-US: ezContents -CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) +CVE-2002-1086 NOT-FOR-US: ezContents -CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...) +CVE-2002-1085 NOT-FOR-US: ezContents -CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...) +CVE-2002-1084 NOT-FOR-US: ezContents -CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...) +CVE-2002-1083 NOT-FOR-US: ezContents -CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...) +CVE-2002-1082 NOT-FOR-US: ezContents -CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...) +CVE-2002-1080 NOT-FOR-US: Abyss -CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...) +CVE-2002-1078 NOT-FOR-US: Abyss -CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...) +CVE-2002-1077 NOT-FOR-US: IPSwitch -CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) +CVE-2002-1075 NOT-FOR-US: Pegasus -CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...) +CVE-2002-1073 NOT-FOR-US: MERCUR Mailserver -CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...) +CVE-2002-1072 NOT-FOR-US: ZyXEL -CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...) +CVE-2002-1071 NOT-FOR-US: ZyXEL -CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...) +CVE-2002-1070 - phpwiki 1.3.4-1 -CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) +CVE-2002-1069 NOT-FOR-US: D-Link hardware -CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) +CVE-2002-1068 NOT-FOR-US: D-Link hardware -CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...) +CVE-2002-1067 NOT-FOR-US: IC9 Print Server -CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) +CVE-2002-1066 NOT-FOR-US: Jana Server -CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) +CVE-2002-1065 NOT-FOR-US: Jana Server -CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) +CVE-2002-1064 NOT-FOR-US: Jana Server -CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) +CVE-2002-1063 NOT-FOR-US: Jana Server -CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...) +CVE-2002-1062 NOT-FOR-US: Jana Server -CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...) +CVE-2002-1061 NOT-FOR-US: Jana Server -CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...) +CVE-2002-1058 NOT-FOR-US: Cobalt Qube -CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...) +CVE-2002-1055 NOT-FOR-US: Brother hardware -CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) +CVE-2002-1052 NOT-FOR-US: Jigsaw -CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...) +CVE-2002-1048 NOT-FOR-US: HP printers -CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...) +CVE-2002-1047 NOT-FOR-US: Soho Firewall -CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) +CVE-2002-1045 NOT-FOR-US: Ultrafunk Popcorn -CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...) +CVE-2002-1044 NOT-FOR-US: Ultrafunk Popcorn -CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) +CVE-2002-1043 NOT-FOR-US: Ultrafunk Popcorn -CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...) +CVE-2002-1042 NOT-FOR-US: iPlanet -CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...) +CVE-2002-1041 NOT-FOR-US: SMIT -CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...) +CVE-2002-1040 NOT-FOR-US: WebSecure -CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) +CVE-2002-1038 - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.2-1 -CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) +CVE-2002-1037 - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.2-1 -CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...) +CVE-2002-1036 NOT-FOR-US: Fluid Dynamics -CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...) +CVE-2002-1034 NOT-FOR-US: iRunBook -CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) +CVE-2002-1033 NOT-FOR-US: iRunBook -CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...) +CVE-2002-1032 NOT-FOR-US: KeyFocus Web Server -CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...) +CVE-2002-1029 NOT-FOR-US: Worldspam for Windows -CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...) +CVE-2002-1028 NOT-FOR-US: Oddsock Winamp plugin -CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...) +CVE-2002-1027 NOT-FOR-US: Macromedia Sitespring -CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...) +CVE-2002-1026 NOT-FOR-US: Macromedia Sitespring -CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...) +CVE-2002-1023 NOT-FOR-US: BadBlue -CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...) +CVE-2002-1022 NOT-FOR-US: BadBlue -CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) +CVE-2002-1021 NOT-FOR-US: BadBlue -CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...) +CVE-2002-1020 NOT-FOR-US: Adobe -CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...) +CVE-2002-1019 NOT-FOR-US: Adobe -CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) +CVE-2002-1018 NOT-FOR-US: Adobe -CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...) +CVE-2002-1017 NOT-FOR-US: Adobe -CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...) +CVE-2002-1016 NOT-FOR-US: Adobe -CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) +CVE-2002-1012 NOT-FOR-US: Tivoli -CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) +CVE-2002-1011 NOT-FOR-US: Tivoli -CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) +CVE-2002-1010 NOT-FOR-US: Domino -CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...) +CVE-2002-1009 NOT-FOR-US: PowerBASIC -CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...) +CVE-2002-1008 NOT-FOR-US: PowerBASIC -CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...) +CVE-2002-1007 NOT-FOR-US: Blackboard -CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...) +CVE-2002-1005 NOT-FOR-US: ArGoSoft -CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...) +CVE-2002-1003 NOT-FOR-US: MyWebServer -CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) +CVE-2002-1001 NOT-FOR-US: AnalogX Proxy -CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) +CVE-2002-0999 NOT-FOR-US: CARE -CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) +CVE-2002-0998 NOT-FOR-US: CARE -CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) +CVE-2002-0997 NOT-FOR-US: Novell -CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) +CVE-2002-0996 NOT-FOR-US: Novell -CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...) +CVE-2002-0994 NOT-FOR-US: SunPci II VNC -CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) +CVE-2002-0993 NOT-FOR-US: HP -CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...) +CVE-2002-0992 NOT-FOR-US: HP -CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...) +CVE-2002-0991 NOT-FOR-US: HP -CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) +CVE-2002-0983 {DSA-157} - irssi-text 0.8.5-2 -CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...) +CVE-2002-0982 NOT-FOR-US: Microsoft -CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...) +CVE-2002-0980 NOT-FOR-US: Microsoft -CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...) +CVE-2002-0979 NOT-FOR-US: Microsoft -CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...) +CVE-2002-0978 NOT-FOR-US: Microsoft -CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...) +CVE-2002-0977 NOT-FOR-US: Microsoft -CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...) +CVE-2002-0976 NOT-FOR-US: Microsoft -CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...) +CVE-2002-0975 NOT-FOR-US: Microsoft -CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...) +CVE-2002-0973 NOT-FOR-US: FreeBSD -CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...) +CVE-2002-0972 {DSA-165} - postgresql 7.2.2-1 -CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...) +CVE-2002-0971 NOT-FOR-US: Microsoft Windows specific -CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) +CVE-2002-0966 NOT-FOR-US: 4D web server -CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...) +CVE-2002-0963 NOT-FOR-US: GeekLog -CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...) +CVE-2002-0962 NOT-FOR-US: GeekLog -CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...) +CVE-2002-0961 NOT-FOR-US: Voxel Dot Net CBMS -CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...) +CVE-2002-0960 NOT-FOR-US: Voxel Dot Net CBMS -CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...) +CVE-2002-0959 NOT-FOR-US: Splatt Forum -CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) +CVE-2002-0957 NOT-FOR-US: BlackICE Agent -CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...) +CVE-2002-0956 NOT-FOR-US: BlackICE Agent -CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...) +CVE-2002-0955 NOT-FOR-US: YaBB -CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) +CVE-2002-0954 NOT-FOR-US: Cisco -CVE-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...) +CVE-2002-0951 NOT-FOR-US: Ruslan -CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) +CVE-2002-0950 NOT-FOR-US: TransWARE Active! -CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...) +CVE-2002-0949 NOT-FOR-US: Telindus ADSL router -CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) +CVE-2002-0948 NOT-FOR-US: MakeBook -CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...) +CVE-2002-0944 NOT-FOR-US: DeepMetrix LiveStats -CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...) +CVE-2002-0943 NOT-FOR-US: MetaCart -CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) +CVE-2002-0942 NOT-FOR-US: Lugiment Log Explorer -CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) +CVE-2002-0940 NOT-FOR-US: nCipher MSCAPI -CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...) +CVE-2002-0939 NOT-FOR-US: nCipher MSCAPI -CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...) +CVE-2002-0937 NOT-FOR-US: JRun -CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) +CVE-2002-0936 - tomcat 3.2.3-1 -CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) +CVE-2002-0934 NOT-FOR-US: Jon Hedley AlienForm2 -CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) +CVE-2002-0933 NOT-FOR-US: Datalex PLC BooktIt Consumer -CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) +CVE-2002-0932 NOT-FOR-US: MyHelpDesk -CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...) +CVE-2002-0931 NOT-FOR-US: MyHelpDesk -CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...) +CVE-2002-0930 NOT-FOR-US: Netware -CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...) +CVE-2002-0929 NOT-FOR-US: Netware -CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) +CVE-2002-0928 NOT-FOR-US: pirch -CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...) +CVE-2002-0926 NOT-FOR-US: webMathematica -CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...) +CVE-2002-0925 NOT-FOR-US: mmftpd not in Debian anymore -CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) +CVE-2002-0924 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...) +CVE-2002-0923 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...) +CVE-2002-0922 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) +CVE-2002-0921 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...) +CVE-2002-0920 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...) +CVE-2002-0919 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...) +CVE-2002-0918 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...) +CVE-2002-0917 NOT-FOR-US: CGIScript.net not int Debian -CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...) +CVE-2002-0915 NOT-FOR-US: Xandros specific tool -CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) +CVE-2002-0913 NOT-FOR-US: Slurp NNTP -CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...) +CVE-2002-0912 NOTE: DSA-129 -CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...) +CVE-2002-0910 NOTE: netstd -CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) +CVE-2002-0909 NOT-FOR-US: mnews -CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...) +CVE-2002-0908 NOT-FOR-US: Cisco -CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...) +CVE-2002-0907 NOT-FOR-US: SHOUTcast -CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) +CVE-2002-0905 NOT-FOR-US: Informix -CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...) +CVE-2002-0903 NOT-FOR-US: wbboard -CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...) +CVE-2002-0902 - phpbb2 2.0.6c-1 -CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) +CVE-2002-0901 - amanda 2.4.0b6-1 -CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...) +CVE-2002-0899 NOT-FOR-US: Falcon -CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) +CVE-2002-0896 - swatch 3.0.4-1 -CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...) +CVE-2002-0894 NOT-FOR-US: NewAtlanta ServletExec -CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) +CVE-2002-0893 NOT-FOR-US: NewAtlanta ServletExec -CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...) +CVE-2002-0888 NOT-FOR-US: 3com -CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...) +CVE-2002-0886 NOT-FOR-US: Cisco -CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...) +CVE-2002-0885 NOT-FOR-US: Solaris -CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...) +CVE-2002-0884 NOT-FOR-US: Solaris -CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...) +CVE-2002-0883 NOT-FOR-US: Compaq -CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...) +CVE-2002-0882 NOT-FOR-US: Cisco -CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...) +CVE-2002-0881 NOT-FOR-US: Cisco -CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...) +CVE-2002-0880 NOT-FOR-US: Cisco -CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...) +CVE-2002-0879 NOT-FOR-US: CFXImage -CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...) +CVE-2002-0878 NOT-FOR-US: LogiSense -CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...) +CVE-2002-0877 NOT-FOR-US: Shambala -CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) +CVE-2002-0876 NOT-FOR-US: Shambala -CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...) +CVE-2002-0874 {DSA-150} - interchange 4.8.6-1 -CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...) +CVE-2002-0870 NOT-FOR-US: Cisco -CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...) +CVE-2002-0869 NOT-FOR-US: IIS CVE-2002-0868 RESERVED -CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...) +CVE-2002-0863 NOT-FOR-US: Windows -CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) +CVE-2002-0862 NOT-FOR-US: Microsoft -CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...) +CVE-2002-0861 NOT-FOR-US: Microsoft -CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...) +CVE-2002-0858 NOT-FOR-US: Oracle -CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...) +CVE-2002-0857 NOT-FOR-US: Oracle -CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...) +CVE-2002-0855 {DSA-147} - mailman 2.0.12-1 -CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) +CVE-2002-0854 NOT-FOR-US: SuSE specific -CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...) +CVE-2002-0852 NOT-FOR-US: Cisco -CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...) +CVE-2002-0849 NOT-FOR-US: iSCSI -CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...) +CVE-2002-0843 {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 CVE-2002-0841 REJECTED -CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...) +CVE-2002-0839 {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 -CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...) +CVE-2002-0838 {DSA-182 DSA-179 DSA-176} - kdegraphics 4:2.2.2-6.9 - gnome-gv 1.99.7-9 - gv 1:3.5.8-27 -CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...) +CVE-2002-0837 - wordtrans 1.1pre9 -CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...) +CVE-2002-0834 {DSA-162} - ethereal 0.9.6-1 -CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...) +CVE-2002-0833 NOT-FOR-US: Eudora -CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...) +CVE-2002-0832 NOT-FOR-US: Internet Explorer CVE-2002-0828 REJECTED -CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) +CVE-2002-0827 NOT-FOR-US: UnixWare -CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...) +CVE-2002-0825 - libnss-ldap 199-1 -CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...) +CVE-2002-0822 - ethereal 0.9.4-1woody1 -CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) +CVE-2002-0821 - ethereal 0.9.4-1woody1 -CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) +CVE-2002-0820 NOT-FOR-US: FreeBSD -CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...) +CVE-2002-0819 - arts <not-affected> (artscontrol not suid root) -CVE-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...) +CVE-2002-0815 - mozilla 2:1.0.0-1 -CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) +CVE-2002-0812 NOT-FOR-US: Compaq hardware -CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) +CVE-2002-0811 NOTE: bugzilla 2.16.0-2.1 -CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...) +CVE-2002-0807 NOTE: bugzilla 2.16.0-2.1 -CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...) +CVE-2002-0803 NOTE: bugzilla 2.16.0-2.1 -CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...) +CVE-2002-0800 NOT-FOR-US: BadBlue -CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) +CVE-2002-0799 NOT-FOR-US: YoungZoft -CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...) +CVE-2002-0798 NOT-FOR-US: HP -CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...) +CVE-2002-0797 NOT-FOR-US: Solaris -CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...) +CVE-2002-0796 NOT-FOR-US: Solaris -CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) +CVE-2002-0793 NOT-FOR-US: QNX -CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...) +CVE-2002-0792 NOT-FOR-US: Cisco -CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) +CVE-2002-0791 NOT-FOR-US: Novell -CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) +CVE-2002-0787 NOT-FOR-US: iCon -CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...) +CVE-2002-0786 NOT-FOR-US: Critical Path inJoin Directory Server -CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...) +CVE-2002-0784 NOT-FOR-US: Lidik web server -CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) +CVE-2002-0783 NOT-FOR-US: Opera -CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...) +CVE-2002-0782 NOT-FOR-US: Novell -CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) +CVE-2002-0781 NOT-FOR-US: Novell -CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...) +CVE-2002-0780 NOT-FOR-US: Novell -CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...) +CVE-2002-0779 NOT-FOR-US: Novell -CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...) +CVE-2002-0775 NOT-FOR-US: Hosting Controller -CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...) +CVE-2002-0774 NOT-FOR-US: Hosting Controller -CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) +CVE-2002-0773 NOT-FOR-US: Hosting Controller -CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...) +CVE-2002-0772 NOT-FOR-US: Hosting Controller -CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...) +CVE-2002-0771 - viewcvs 0.9.2-5 -CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...) +CVE-2002-0770 NOT-FOR-US: Historic Quake2 issue -CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...) +CVE-2002-0769 NOT-FOR-US: Cisco -CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...) +CVE-2002-0767 NOT-FOR-US: simpleinit -CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...) +CVE-2002-0764 NOT-FOR-US: Phorum -CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...) +CVE-2002-0763 NOT-FOR-US: HP -CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...) +CVE-2002-0757 - webmin 0.980-1 - usermin 0.910-1 -CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) +CVE-2002-0756 - webmin 0.980-1 - usermin 0.910-1 -CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...) +CVE-2002-0753 NOT-FOR-US: Talentsoft -CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) +CVE-2002-0752 NOT-FOR-US: CGIscript.net -CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...) +CVE-2002-0751 NOT-FOR-US: CGIscript.net -CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...) +CVE-2002-0750 NOT-FOR-US: CGIscript.net -CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...) +CVE-2002-0749 NOT-FOR-US: CGIscript.net -CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) +CVE-2002-0747 NOT-FOR-US: AIX -CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...) +CVE-2002-0746 NOT-FOR-US: AIX -CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) +CVE-2002-0745 NOT-FOR-US: AIX -CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...) +CVE-2002-0744 NOT-FOR-US: AIX -CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...) +CVE-2002-0743 NOT-FOR-US: AIX -CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) +CVE-2002-0742 NOT-FOR-US: AIX -CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...) +CVE-2002-0740 - slrn 0.9.6.2-9 -CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...) +CVE-2002-0739 NOT-FOR-US: PostCalendat -CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) +CVE-2002-0735 - squid <not-affected> (Historic vulnerability, fixed before Woody was released) -CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...) +CVE-2002-0732 NOT-FOR-US: MyGuestbook -CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...) +CVE-2002-0731 NOT-FOR-US: vqServer -CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...) +CVE-2002-0730 NOT-FOR-US: guestbook -CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...) +CVE-2002-0728 {DSA-140} - libpng 1.0.12-4 - libpng3 1.2.1-2 -CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...) +CVE-2002-0725 NOT-FOR-US: windows -CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...) +CVE-2002-0724 NOT-FOR-US: windows -CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...) +CVE-2002-0723 NOT-FOR-US: internet explorer -CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...) +CVE-2002-0721 NOT-FOR-US: Microsoft SQL Server -CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...) +CVE-2002-0717 - php4 4:4.2.2-1 -CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...) +CVE-2002-0715 - squid 2.4.6-2 -CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) +CVE-2002-0713 - squid 2.4.6-2 -CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...) +CVE-2002-0712 NOT-FOR-US: EASM -CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) +CVE-2002-0711 NOT-FOR-US: HP -CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...) +CVE-2002-0709 NOT-FOR-US: no_package -CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...) +CVE-2002-0708 NOT-FOR-US: no_package -CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...) +CVE-2002-0707 NOT-FOR-US: no_package -CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...) +CVE-2002-0706 NOT-FOR-US: no_package -CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) +CVE-2002-0705 NOT-FOR-US: no_package -CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) +CVE-2002-0702 - dhcp3 3.0+3.0.1rc9-1 -CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) +CVE-2002-0699 NOT-FOR-US: windows -CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...) +CVE-2002-0693 NOT-FOR-US: windows -CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...) +CVE-2002-0690 NOT-FOR-US: McAfee CVE-2002-0689 RESERVED -CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...) +CVE-2002-0686 NOT-FOR-US: no_package -CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...) +CVE-2002-0684 - glibc 2.2.5-8 -CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...) +CVE-2002-0683 NOT-FOR-US: no_package -CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...) +CVE-2002-0681 NOT-FOR-US: no_package -CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...) +CVE-2002-0680 NOT-FOR-US: no_package -CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...) +CVE-2002-0677 NOT-FOR-US: no_package -CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) +CVE-2002-0675 NOT-FOR-US: no_package -CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) +CVE-2002-0670 NOT-FOR-US: no_package -CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) +CVE-2002-0669 NOT-FOR-US: no_package -CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) +CVE-2002-0667 NOT-FOR-US: no_package -CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...) +CVE-2002-0666 {DSA-201} - freeswan 1.99-1 -CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) +CVE-2002-0664 NOT-FOR-US: ZMerge -CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...) +CVE-2002-0661 - apache2 2.0.40 -CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...) +CVE-2002-0660 {DSA-140} - libpng 1.0.12-4 - libpng3 1.2.1-2 -CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) +CVE-2002-0659 {DSA-136} - openssl 0.9.6e-1 -CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...) +CVE-2002-0657 {DSA-136} - openssl 0.9.6e-1 -CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) +CVE-2002-0656 {DSA-136} - openssl 0.9.6e-1 -CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...) +CVE-2002-0655 {DSA-136} - openssl 0.9.6e-1 -CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly ...) +CVE-2002-1412 {DSA-138} - gallery 1.3-3 -CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before ...) +CVE-2002-1574 NOTE: fixed after 2.6/2.4.20 kernel -CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...) +CVE-2002-1560 NOT-FOR-US: gbook not in Debian -CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...) +CVE-2002-1552 NOT-FOR-US: novell -CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary ...) +CVE-2002-1550 NOT-FOR-US: AIX -CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...) +CVE-2002-1549 NOT-FOR-US: lhttpd not in Debian -CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ...) +CVE-2002-1548 NOT-FOR-US: AIX -CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...) +CVE-2002-1547 NOT-FOR-US: Netscreen -CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...) +CVE-2002-1543 NOT-FOR-US: NetBSD -CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...) +CVE-2002-1541 NOT-FOR-US: BadBlue not in Debian -CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x ...) +CVE-2002-1540 NOT-FOR-US: norton -CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote ...) +CVE-2002-1538 NOT-FOR-US: acusend not in Debian -CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...) +CVE-2002-1537 - phpbb2 2.0.6c-1 NOTE: according to http://www.securityfocus.com/archive/1/297419 NOTE: phpBB versions above 2.0.0 are not vulnerable. -CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary ...) +CVE-2002-1534 NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian -CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) +CVE-2002-1532 NOT-FOR-US: surfcontrol -CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) +CVE-2002-1531 NOT-FOR-US: surfcontrol -CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) +CVE-2002-1530 NOT-FOR-US: surfcontrol -CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the ...) +CVE-2002-1529 NOT-FOR-US: surfcontrol -CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the ...) +CVE-2002-1528 NOT-FOR-US: mondosearch -CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) ...) +CVE-2002-1524 NOT-FOR-US: winamp -CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...) +CVE-2002-1521 NOT-FOR-US: webserver 4D -CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and ...) +CVE-2002-1520 NOT-FOR-US: WatchGuard -CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard ...) +CVE-2002-1519 NOT-FOR-US: WatchGuard -CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions ...) +CVE-2002-1518 NOT-FOR-US: IRIX -CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ...) +CVE-2002-1517 NOT-FOR-US: IRIX -CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows ...) +CVE-2002-1516 NOT-FOR-US: IRIX -CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite ...) +CVE-2002-1514 NOT-FOR-US: interbase -CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 ...) +CVE-2002-1513 NOT-FOR-US: OpenVMS -CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() ...) +CVE-2002-1511 - vnc 3.3.3r2-21 -CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary ...) +CVE-2002-1510 - xfree86 4.1.0-7 -CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...) +CVE-2002-1509 NOT-FOR-US: redhat and mandrake only -CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board ...) +CVE-2002-1505 NOT-FOR-US: WoltLab Burning Board not in Debian -CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...) +CVE-2002-1502 NOT-FOR-US: xbreaky not in Debian -CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) ...) +CVE-2002-1501 NOT-FOR-US: Enterasys -CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...) +CVE-2002-1497 NOT-FOR-US: Null HTTP Server not in Debian -CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier ...) +CVE-2002-1496 NOT-FOR-US: Null HTTP Server not in Debian -CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows ...) +CVE-2002-1494 NOT-FOR-US: Aestiva -CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...) +CVE-2002-1493 NOT-FOR-US: Lycos -CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...) +CVE-2002-1491 NOT-FOR-US: Cisco -CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...) +CVE-2002-1490 NOT-FOR-US: NetBSD -CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...) +CVE-2002-1479 - cacti 0.6.8-1 -CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...) +CVE-2002-1478 {DSA-164} - cacti 0.6.8a-2 -CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti ...) +CVE-2002-1477 {DSA-164} - cacti 0.6.8a-2 -CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...) +CVE-2002-1476 NOT-FOR-US: NetBSD -CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...) +CVE-2002-1472 - xfree86 4.2.1-1 (bug #280872) -CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ...) +CVE-2002-1471 - evolution 1.2.0-1 (bug #280883) -CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...) +CVE-2002-1469 - scponly 3.8-1 NOTE: according to http://web.archive.org/web/20150425070754/http://sublimation.org/scponly/ (scponly home page) NOTE: only versions of scponly older than scponly-2.4 are affected -CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ...) +CVE-2002-1468 NOT-FOR-US: AIX -CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...) +CVE-2002-1463 NOT-FOR-US: symantec -CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...) +CVE-2002-1448 NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products -CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...) +CVE-2002-1447 NOT-FOR-US: Cisco -CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...) +CVE-2002-1446 NOT-FOR-US: nCipher PKCS#11 library -CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) +CVE-2002-1443 NOT-FOR-US: Google toolbar -CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...) +CVE-2002-1438 NOT-FOR-US: Perl on Novell -CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...) +CVE-2002-1437 NOT-FOR-US: Perl on Novell -CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...) +CVE-2002-1436 NOT-FOR-US: Perl on Novell -CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except ...) +CVE-2002-1435 NOT-FOR-US: Achievo not in Debian -CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read ...) +CVE-2002-1430 NOT-FOR-US: Sympoll not in Debian -CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...) +CVE-2002-1425 {DSA-141} - mpack 1.5-9 -CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote ...) +CVE-2002-1424 - mpack 1.5-9 -CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...) +CVE-2002-1420 NOT-FOR-US: OpenBSD -CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes ...) +CVE-2002-1419 NOT-FOR-US: IRIX on Origin -CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting ...) +CVE-2002-1418 NOT-FOR-US: Novell NetBasic Scripting Server -CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...) +CVE-2002-1417 NOT-FOR-US: Novell NetBasic Scripting Server -CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges ...) +CVE-2002-1414 - qmailadmin 1.0.6-1 -CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, ...) +CVE-2002-1413 NOT-FOR-US: RCONAG6 for Novell Netware SP2 -CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...) +CVE-2002-1407 NOT-FOR-US: TinySSL not in Debian -CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote ...) +CVE-2002-1405 {DSA-210} - lynx 2.8.4.1b-4 - lynx-ssl 1:2.8.4.1b-3.1 CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla] - bugzilla 2.16.2-1 -CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to ...) +CVE-2002-1403 {DSA-219} - dhcpcd 1:1.3.22pl2-2 NOTE: Debian sarge uses dhcp >= 2.0 -CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...) +CVE-2002-1396 - php4 4:4.3.2+rc3-1 NOTE: according to http://www.securityfocus.com/bid/6488 NOTE: woody is not vulnerable -CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet ...) +CVE-2002-1394 {DSA-225} - tomcat4 4.1.16-1 -CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...) +CVE-2002-1392 - mgetty 1.1.30-1 NOTE: woody version seems to be vulnerable see bug #199351 -CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...) +CVE-2002-1391 - mgetty 1.1.30-1 NOTE: woody version seems to be vulnerable see bug #199351 -CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...) +CVE-2002-1390 {DSA-223} - geneweb 4.09-1 -CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to ...) +CVE-2002-1389 {DSA-217} - typespeed 0.4.2-2 -CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 ...) +CVE-2002-1388 {DSA-221} - mhonarc 2.5.14-1 -CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users ...) +CVE-2002-1385 - openwebmail 1.90-1 -CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...) +CVE-2002-1384 {DSA-232 DSA-226 DSA-222} - xpdf-i 2.01-2 - xpdf 2.01-2 - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to ...) +CVE-2002-1382 - flashplugin-nonfree 6.0.69-1 -CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...) +CVE-2002-1381 - exim4 4.11-0.0.1 - exim 3.36-14 -CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service ...) +CVE-2002-1380 {DSA-336} - kernel-source-2.2.25 2.2.25-2 -CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to ...) +CVE-2002-1377 - vim 6.1.263-1 NOTE: woody seems to be still vulnerable NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003 @@ -3165,1254 +3165,1254 @@ CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this. NOTE: No response from maintainer, I have mailed security team. NOTE: Martin Schulze don't consider this as an issue for updating woody. -CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to ...) +CVE-2002-1375 {DSA-212} - mysql <removed> -CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x ...) +CVE-2002-1374 {DSA-212} - mysql <removed> -CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL ...) +CVE-2002-1373 {DSA-212} - mysql <removed> -CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...) +CVE-2002-1372 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...) +CVE-2002-1371 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...) +CVE-2002-1369 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) +CVE-2002-1367 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...) +CVE-2002-1366 {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 -CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not ...) +CVE-2002-1365 {DSA-216} - fetchmail 6.2.0-1 -CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...) +CVE-2002-1364 {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...) +CVE-2002-1363 {DSA-213} - libpng 1.0.12-7 - libpng3 1.2.5-8 -CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of ...) +CVE-2002-1362 {DSA-211} - micq 0.4.9.4-1 -CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...) +CVE-2002-1361 NOT-FOR-US: sun -CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...) +CVE-2002-1350 {DSA-206} - tcpdump 3.7.2-1 NOTE: The fix from 3.6.2-2.2 was not upload to unstable. CVE-2002-XXXX [Multiple buffer overflows in gtetrinet] - gtetrinet 0.4.4-1 -CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...) +CVE-2002-1349 NOT-FOR-US: PC-cillin -CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...) +CVE-2002-1348 {DSA-251 DSA-250 DSA-249} - w3m 0.3.2.2-1 - w3mmee 0.3.p24.17-3 -CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...) +CVE-2002-1337 {DSA-257} - sendmail 8.13.0.PreAlpha4-0 - sendmail-wine <removed> NOTE: problem in sendmail 8.12, sarge uses 8.13 -CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...) +CVE-2002-1336 - tightvnc 1.2.6-1 -CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...) +CVE-2002-1327 NOT-FOR-US: windows -CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows ...) +CVE-2002-1325 NOT-FOR-US: windows -CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may ...) +CVE-2002-1323 {DSA-208} - perl 5.8.0-14 -CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ...) +CVE-2002-1320 NOT-FOR-US: pine not in Debian -CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 ...) +CVE-2002-1319 NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable) -CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...) +CVE-2002-1318 {DSA-200} - samba 2.2.7 -CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...) +CVE-2002-1317 NOT-FOR-US: solaris -CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...) +CVE-2002-1313 {DSA-198} - nullmailer 1.00RC5-17 -CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...) +CVE-2002-1311 {DSA-197} - courier 0.40.0-1 -CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote ...) +CVE-2002-1308 - mozilla 2:1.2-1 NOTE: woody is vulnerable see #237422 -CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...) +CVE-2002-1307 {DSA-199} - mhonarc 2.5.13-1 -CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris ...) +CVE-2002-1296 NOT-FOR-US: Solaris -CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the ...) +CVE-2002-1284 - kdeutils 4:3.2.1-1 -CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...) +CVE-2002-1278 NOTE: Linuxconf not in testing/unstable -CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...) +CVE-2002-1277 {DSA-190} - wmaker 0.80.1-4 -CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...) +CVE-2002-1272 NOT-FOR-US: Alcatel -CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...) +CVE-2002-1271 {DSA-386} - libmailtools-perl 1.51 (bug #168381) -CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...) +CVE-2002-1270 NOT-FOR-US: Mac OS X -CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted ...) +CVE-2002-1268 NOT-FOR-US: Mac OS X -CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service ...) +CVE-2002-1267 NOT-FOR-US: Mac OS X -CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a ...) +CVE-2002-1266 NOT-FOR-US: Mac OS X -CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...) +CVE-2002-1265 NOTE: don't know which version of glibc fix this NOTE: I've mailed maintainers. -CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...) +CVE-2002-1264 NOT-FOR-US: oracle -CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...) +CVE-2002-1260 NOT-FOR-US: Microsoft JVM -CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...) +CVE-2002-1257 NOT-FOR-US: Microsoft JVM -CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...) +CVE-2002-1256 NOT-FOR-US: Microsoft Windows -CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of ...) +CVE-2002-1255 NOT-FOR-US: Microsoft Outlook -CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via ...) +CVE-2002-1253 NOT-FOR-US: Abuse 2.00 not in Debian -CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...) +CVE-2002-1252 NOT-FOR-US: PeopleSoft -CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...) +CVE-2002-1251 {DSA-186} - log2mail 0.2.6-1 -CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain ...) +CVE-2002-1250 NOT-FOR-US: Abuse 2.00 not in Debian -CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other ...) +CVE-2002-1248 NOT-FOR-US: Xeneo Web Server -CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ...) +CVE-2002-1245 {DSA-189} - luxman 0.41-19 -CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...) +CVE-2002-1244 NOT-FOR-US: Pablo FTP Server -CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote ...) +CVE-2002-1242 NOT-FOR-US: PHP-Nuke not in Debian -CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...) +CVE-2002-1239 NOT-FOR-US: QNX -CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast ...) +CVE-2002-1236 NOT-FOR-US: Linksys -CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS ...) +CVE-2002-1232 {DSA-180} - nis 3.9-6.2 -CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a ...) +CVE-2002-1231 NOT-FOR-US: SCO -CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows ...) +CVE-2002-1230 NOT-FOR-US: Windows NT -CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) ...) +CVE-2002-1227 {DSA-177} - pam 0.76-6 -CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE ...) +CVE-2002-1224 - kdenetwork 4:3.1.0-1 -CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView ...) +CVE-2002-1223 - kdegraphics 4:3.1.0-1 -CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst ...) +CVE-2002-1222 NOT-FOR-US: CISCO -CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...) +CVE-2002-1221 {DSA-196} - bind 1:8.3.3-3 - bind9 <not-affected> -CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...) +CVE-2002-1220 {DSA-196} - bind 1:8.3.3-3 - bind9 <not-affected> -CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...) +CVE-2002-1219 {DSA-196} - bind 1:8.3.3-3 - bind9 <not-affected> -CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...) +CVE-2002-1214 NOT-FOR-US: Microsoft -CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...) +CVE-2002-1211 NOT-FOR-US: Prometheus not in Debian -CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...) +CVE-2002-1200 {DSA-175} - syslog-ng 1.5.21-1 -CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary ...) +CVE-2002-1199 NOT-FOR-US: ypxfrd not in Debian -CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...) +CVE-2002-1198 - bugzilla 2.16.1-1 NOTE: woody seems to be vulnerable, bug #282500 -CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...) +CVE-2002-1197 - bugzilla 2.16.1-1 NOTE: woody seems to be vulnerable, bug #282501 -CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before ...) +CVE-2002-1196 {DSA-173} - bugzilla 2.16.0-2.1 -CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ...) +CVE-2002-1195 {DSA-169} - htcheck 1:1.1-1.2 -CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite ...) +CVE-2002-1193 {DSA-172} - tkmail <removed> -CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...) +CVE-2002-1189 NOT-FOR-US: CISCO -CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...) +CVE-2002-1188 NOT-FOR-US: Microsoft -CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...) +CVE-2002-1187 NOT-FOR-US: Microsoft -CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...) +CVE-2002-1186 NOT-FOR-US: Microsoft -CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain ...) +CVE-2002-1185 NOT-FOR-US: Microsoft -CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default ...) +CVE-2002-1184 NOT-FOR-US: Microsoft -CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the ...) +CVE-2002-1183 NOT-FOR-US: Microsoft -CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ...) +CVE-2002-1182 NOT-FOR-US: Microsoft -CVE-2002-1180 (A typographical error in the script source access permissions for ...) +CVE-2002-1180 NOT-FOR-US: Microsoft -CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...) +CVE-2002-1179 NOT-FOR-US: Microsoft -CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ...) +CVE-2002-1178 - jetty 4.1.0 -CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...) +CVE-2002-1170 - net-snmp 5.0.6 -CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before ...) +CVE-2002-1169 NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server -CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...) +CVE-2002-1160 NOT-FOR-US: pam_xauth -CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...) +CVE-2002-1159 {DSA-224} - canna 3.6p1-1 -CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...) +CVE-2002-1158 {DSA-224} - canna 3.6p1-1 -CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...) +CVE-2002-1157 {DSA-181} - libapache-mod-ssl 2.8.9-2.3 -CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...) +CVE-2002-1156 - apache2 2.0.43 -CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...) +CVE-2002-1154 - analog 2:5.23 -CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...) +CVE-2002-1153 NOT-FOR-US: IBM Websphere -CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...) +CVE-2002-1152 - kdebase 3.03 -CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...) +CVE-2002-1151 {DSA-167} - kdelibs 4:2.2.2-14 -CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...) +CVE-2002-1148 {DSA-170} - tomcat4 4.1.12-1 -CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...) +CVE-2002-1147 NOT-FOR-US: HP Procurve 4000M Switch firmware -CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...) +CVE-2002-1146 NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc) NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind) - glibc 2.3 - bind 1:8.3.3 -CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...) +CVE-2002-1142 NOT-FOR-US: Microsoft -CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...) +CVE-2002-1141 NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP -CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...) +CVE-2002-1140 NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP -CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...) +CVE-2002-1139 NOT-FOR-US: Microsoft -CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...) +CVE-2002-1138 NOT-FOR-US: Microsoft -CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...) +CVE-2002-1137 NOT-FOR-US: Microsoft -CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...) +CVE-2002-1135 NOT-FOR-US: phpWebSite -CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...) +CVE-2002-1132 {DSA-191} - squirrelmail 1:1.2.8-1.1 -CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...) +CVE-2002-1126 - mozilla 2:1.2 -CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...) +CVE-2002-1123 NOT-FOR-US: Microsoft -CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner ...) +CVE-2002-1122 NOT-FOR-US: Microsoft -CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...) +CVE-2002-1119 {DSA-159} - python1.5 1.5.2-24 - python2.1 2.1.3-6a - python2.2 2.2.1-8 - python2.3 <not-affected> -CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...) +CVE-2002-1118 NOT-FOR-US: Oracle -CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...) +CVE-2002-1117 NOT-FOR-US: Veritas Backup Exec -CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...) +CVE-2002-1116 {DSA-161} - mantis 0.17.5-2 -CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...) +CVE-2002-1113 {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs ...) +CVE-2002-1112 {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...) +CVE-2002-1111 {DSA-153} - mantis 0.17.4a-2 -CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...) +CVE-2002-1109 NOTE: old amavis shell script -CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) +CVE-2002-1108 NOT-FOR-US: Cisco -CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) +CVE-2002-1107 NOT-FOR-US: Cisco -CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) +CVE-2002-1106 NOT-FOR-US: Cisco -CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...) +CVE-2002-1105 NOT-FOR-US: Cisco -CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x ...) +CVE-2002-1104 NOT-FOR-US: Cisco -CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...) +CVE-2002-1102 NOT-FOR-US: Cisco -CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) +CVE-2002-1099 NOT-FOR-US: Cisco -CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ...) +CVE-2002-1098 NOT-FOR-US: Cisco -CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows ...) +CVE-2002-1097 NOT-FOR-US: Cisco -CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows ...) +CVE-2002-1096 NOT-FOR-US: Cisco -CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...) +CVE-2002-1095 NOT-FOR-US: Cisco -CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...) +CVE-2002-1093 NOT-FOR-US: Cisco -CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when ...) +CVE-2002-1092 NOT-FOR-US: Cisco -CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...) +CVE-2002-1091 - mozilla 2:1.0.2 -CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...) +CVE-2002-1088 NOT-FOR-US: Novell GroupWise -CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote ...) +CVE-2002-1081 NOT-FOR-US: Abyss Web Server -CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows ...) +CVE-2002-1079 NOT-FOR-US: Abyss Web Server -CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...) +CVE-2002-1076 NOT-FOR-US: Ipswitch IMail -CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems ...) +CVE-2002-1060 NOT-FOR-US: CacheFlow CacheOS -CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...) +CVE-2002-1059 NOT-FOR-US: Van Dyke SecureCRT SSH client -CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...) +CVE-2002-1057 NOT-FOR-US: SmartMax MailMax POP3 daemon -CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...) +CVE-2002-1056 NOT-FOR-US: Microsoft -CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...) +CVE-2002-1054 NOT-FOR-US: Pablo FTP server -CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...) +CVE-2002-1053 NOT-FOR-US: W3C Jigsaw Proxy Server -CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG ...) +CVE-2002-1051 {DSA-254} - traceroute-nanog 6.3.0-1 -CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...) +CVE-2002-1050 {DSA-148} - hylafax 4.1.2-2.1 -CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...) +CVE-2002-1049 {DSA-148} - hylafax 4.1.2-2.1 -CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...) +CVE-2002-1046 NOT-FOR-US: Watchguard Firebox firmware -CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...) +CVE-2002-1039 - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/20020706 -CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...) +CVE-2002-1035 NOT-FOR-US: Omnicron OmniHTTPd -CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...) +CVE-2002-1031 NOT-FOR-US: KeyFocus (KF) web server -CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...) +CVE-2002-1030 NOT-FOR-US: BEA WebLogic Server and Express -CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code ...) +CVE-2002-1025 NOT-FOR-US: JRun -CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote ...) +CVE-2002-1024 NOT-FOR-US: Cisco -CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold ...) +CVE-2002-1015 NOT-FOR-US: Real -CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...) +CVE-2002-1014 NOT-FOR-US: Real -CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 ...) +CVE-2002-1013 NOT-FOR-US: Inktomi -CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to ...) +CVE-2002-1006 NOT-FOR-US: Betsie -CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...) +CVE-2002-1004 NOT-FOR-US: ArGoSoft Mail Server -CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote ...) +CVE-2002-1002 NOT-FOR-US: Novell -CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote ...) +CVE-2002-1000 NOT-FOR-US: AnalogX SimpleServer:Shout -CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges ...) +CVE-2002-0995 NOT-FOR-US: PHPAuction -CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 ...) +CVE-2002-0990 NOT-FOR-US: Symantec -CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...) +CVE-2002-0989 {DSA-158} - gaim 1:0.59.1-2 -CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...) +CVE-2002-0988 NOT-FOR-US: Xsco -CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...) +CVE-2002-0987 NOT-FOR-US: Xsco -CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...) +CVE-2002-0986 {DSA-168} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 -CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...) +CVE-2002-0985 {DSA-168} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 -CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...) +CVE-2002-0984 {DSA-156} - epic4-script-light 1:2.7.30p5-2 -CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...) +CVE-2002-0981 NOT-FOR-US: ndcfg -CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...) +CVE-2002-0974 NOT-FOR-US: Help and Support Center for Windows XP -CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...) +CVE-2002-0970 {DSA-155} - kdelibs 4:2.2.2-14 -CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...) +CVE-2002-0969 NOTE: mysql problem only affects Windows -CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...) +CVE-2002-0968 NOT-FOR-US: AnalogX SimpleServer:WWW -CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote ...) +CVE-2002-0967 NOT-FOR-US: eDonkey -CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on ...) +CVE-2002-0965 NOT-FOR-US: Oracle -CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...) +CVE-2002-0964 NOT-FOR-US: Half Life -CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) ...) +CVE-2002-0958 NOT-FOR-US: PHP Reactor -CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen ...) +CVE-2002-0953 NOT-FOR-US: PHP Address -CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 ...) +CVE-2002-0952 NOT-FOR-US: Cisco -CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server ...) +CVE-2002-0947 NOT-FOR-US: Oracle -CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...) +CVE-2002-0946 NOT-FOR-US: SeaNox Devwex -CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a ...) +CVE-2002-0945 NOT-FOR-US: SeaNox Devwex -CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and ...) +CVE-2002-0941 NOT-FOR-US: Java on Windows -CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows ...) +CVE-2002-0938 NOT-FOR-US: Cisco -CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, ...) +CVE-2002-0935 - tomcat4 4.1.9-1 -CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...) +CVE-2002-0916 - squid 2.4.7 -CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...) +CVE-2002-0914 - courier 0.46 -CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...) +CVE-2002-0911 NOT-FOR-US: Caldera Volution Manager -CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...) +CVE-2002-0906 - sendmail 8.12.5 -CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers ...) +CVE-2002-0904 - kismet 2.2.2-1 -CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows ...) +CVE-2002-0900 NOT-FOR-US: pks -CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary ...) +CVE-2002-0898 NOT-FOR-US: Opera -CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...) +CVE-2002-0897 NOT-FOR-US: LocalWEB2000 -CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote ...) +CVE-2002-0895 NOT-FOR-US: MatuFtpServer -CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows ...) +CVE-2002-0892 NOT-FOR-US: NewAtlanta ServletExec ISAPI -CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ...) +CVE-2002-0891 NOT-FOR-US: NetScreen ScreenOS -CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local ...) +CVE-2002-0889 - qpopper 4.0.5-1 -CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...) +CVE-2002-0887 NOT-FOR-US: scoadmin -CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...) +CVE-2002-0875 {DSA-154} - fam 2.6.8-1 -CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...) +CVE-2002-0873 {DSA-152} - l2tpd 0.68-1 -CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which ...) +CVE-2002-0872 {DSA-152} - l2tpd 0.68-1 -CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...) +CVE-2002-0871 {DSA-151} - xinetd 1:2.3.7-1 -CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...) +CVE-2002-0867 NOT-FOR-US: Microsoft -CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...) +CVE-2002-0866 NOT-FOR-US: Microsoft -CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in ...) +CVE-2002-0865 NOT-FOR-US: Microsoft -CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP ...) +CVE-2002-0864 NOT-FOR-US: Microsoft -CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office ...) +CVE-2002-0860 NOT-FOR-US: Microsoft -CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...) +CVE-2002-0859 NOT-FOR-US: Microsoft -CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...) +CVE-2002-0856 NOT-FOR-US: Oracle -CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...) +CVE-2002-0853 NOT-FOR-US: Cisco -CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) ...) +CVE-2002-0851 - isdnutils 1:3.2 -CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...) +CVE-2002-0850 NOT-FOR-US: PGP corporate desktop -CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, ...) +CVE-2002-0848 NOT-FOR-US: Cisco -CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...) +CVE-2002-0847 {DSA-145} - tinyproxy 1.4.3-3 -CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...) +CVE-2002-0846 - flashplugin-nonfree 6.0.47 -CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...) +CVE-2002-0845 NOT-FOR-US: Sun ONE -CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...) +CVE-2002-0844 - cvs 1:1.11.2 -CVE-2002-0842 (Format string vulnerability in certain third party modifications to ...) +CVE-2002-0842 NOTE: mod_dav for apache not vulnerable according to NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html -CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...) +CVE-2002-0840 {DSA-195 DSA-188 DSA-187} - apache2 2.0.43-1 - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 -CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...) +CVE-2002-0836 {DSA-207} - tetex-bin 1.0.7+20021025-4 -CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...) +CVE-2002-0835 NOT-FOR-US: RedHat/Intel PXE daemon NOTE: this is not the one in Debian -CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local ...) +CVE-2002-0831 NOT-FOR-US: FreeBSD -CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, ...) +CVE-2002-0830 NOT-FOR-US: BSD/NFS -CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD ...) +CVE-2002-0829 NOT-FOR-US: FreeBSD -CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...) +CVE-2002-0826 NOT-FOR-US: WS FTP server -CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary ...) +CVE-2002-0824 NOT-FOR-US: BSD/pppd -CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute ...) +CVE-2002-0823 NOT-FOR-US: Windows -CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...) +CVE-2002-0818 {DSA-144} - wwwoffle 2.7d-1 -CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...) +CVE-2002-0817 {DSA-139} - super 3.18.0-3 -CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...) +CVE-2002-0816 NOT-FOR-US: HP Tru64 -CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...) +CVE-2002-0814 NOT-FOR-US: VMware -CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...) +CVE-2002-0813 NOT-FOR-US: Cisco -CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...) +CVE-2002-0810 - bugzilla 2.16.0 -CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...) +CVE-2002-0809 - bugzilla 2.16.0 -CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...) +CVE-2002-0808 - bugzilla 2.16.0 -CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows ...) +CVE-2002-0806 - bugzilla 2.16.0 -CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...) +CVE-2002-0805 - bugzilla 2.16.0 -CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...) +CVE-2002-0804 - bugzilla 2.16.0 -CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding ...) +CVE-2002-0802 - postgresql 7.2 -CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...) +CVE-2002-0801 NOT-FOR-US: Macromedia / Windows -CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local ...) +CVE-2002-0795 NOT-FOR-US: FreeBSD -CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...) +CVE-2002-0794 NOT-FOR-US: FreeBSD -CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...) +CVE-2002-0790 NOT-FOR-US: AIX -CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...) +CVE-2002-0789 - mnogosearch 3.1.19-3 -CVE-2002-0788 (An interaction between PGP 7.0.3 with the "wipe deleted files" option, ...) +CVE-2002-0788 NOT-FOR-US: windows -CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...) +CVE-2002-0785 NOT-FOR-US: AOL AIM -CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and ...) +CVE-2002-0778 NOT-FOR-US: CISCO -CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and ...) +CVE-2002-0777 NOT-FOR-US: Ipswitch not in Debian -CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...) +CVE-2002-0776 NOT-FOR-US: Hosting Controller 2002 -CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and ...) +CVE-2002-0768 - lukemftp 1.5-7 -CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of ...) +CVE-2002-0766 NOT-FOR-US: OpenBSD -CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...) +CVE-2002-0765 - openssh 1:3.3p1-0.0woody1 -CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the ...) +CVE-2002-0762 NOT-FOR-US: SUSE specific -CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...) +CVE-2002-0761 NOT-FOR-US: FreeBSD and OpenLinux -CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, ...) +CVE-2002-0760 NOT-FOR-US: FreeBSD and OpenLinux -CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...) +CVE-2002-0759 NOT-FOR-US: FreeBSD and OpenLinux -CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote ...) +CVE-2002-0758 NOT-FOR-US: SUSE specific -CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...) +CVE-2002-0755 NOT-FOR-US: FreeBSD -CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...) +CVE-2002-0754 NOT-FOR-US: FreeBSD -CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...) +CVE-2002-0748 NOT-FOR-US: Labview -CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU ...) +CVE-2002-0741 NOT-FOR-US: psyBNC -CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...) +CVE-2002-0738 {DSA-163} - mhonarc 2.5.11-1 -CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...) +CVE-2002-0737 NOT-FOR-US: Sambar web server -CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...) +CVE-2002-0736 NOT-FOR-US: Microsoft -CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...) +CVE-2002-0734 NOT-FOR-US: B2 -CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...) +CVE-2002-0733 - thttpd 2.21 -CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...) +CVE-2002-0729 NOT-FOR-US: Microsoft -CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and ...) +CVE-2002-0727 NOT-FOR-US: Microsoft -CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...) +CVE-2002-0726 NOT-FOR-US: Microsoft -CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...) +CVE-2002-0722 NOT-FOR-US: Microsoft -CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...) +CVE-2002-0720 NOT-FOR-US: Microsoft -CVE-2002-0719 (SQL injection vulnerability in the function that services for ...) +CVE-2002-0719 NOT-FOR-US: Microsoft -CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...) +CVE-2002-0718 NOT-FOR-US: Microsoft -CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...) +CVE-2002-0716 NOT-FOR-US: SCO OpenServer -CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...) +CVE-2002-0714 - squid 2.4.6 -CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier ...) +CVE-2002-0710 NOT-FOR-US: sendform.cgi -CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...) +CVE-2002-0704 NOTE: kernel netfilter bug, not in user space NOTE: this is fixed in kernel 2.4.20 - kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant) -CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...) +CVE-2002-0703 - perl 5.8.0-7 (bug #282527) -CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...) +CVE-2002-0701 NOT-FOR-US: BSD -CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...) +CVE-2002-0700 NOT-FOR-US: Microsoft -CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...) +CVE-2002-0698 NOT-FOR-US: Microsoft -CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...) +CVE-2002-0697 NOT-FOR-US: Microsoft -CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files ...) +CVE-2002-0696 NOT-FOR-US: Microsoft -CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of ...) +CVE-2002-0695 NOT-FOR-US: Microsoft -CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, ...) +CVE-2002-0694 NOT-FOR-US: Microsoft -CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft ...) +CVE-2002-0692 NOT-FOR-US: Microsoft -CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ...) +CVE-2002-0691 NOT-FOR-US: Microsoft -CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...) +CVE-2002-0688 {DSA-490} - zope 2.6.0-0.1 -CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 ...) +CVE-2002-0687 - zope 2.5.1b2 -CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...) +CVE-2002-0685 NOT-FOR-US: PGP Outlook Encryption Plug-In -CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows ...) +CVE-2002-0682 - tomcat 4.0.4 -CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC ...) +CVE-2002-0679 NOT-FOR-US: CDE -CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to ...) +CVE-2002-0678 NOT-FOR-US: CDE ToolTalk -CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...) +CVE-2002-0676 NOT-FOR-US: MacOS -CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) +CVE-2002-0674 NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...) +CVE-2002-0673 NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) +CVE-2002-0672 NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) +CVE-2002-0671 NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) +CVE-2002-0668 NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone -CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...) +CVE-2002-0665 NOT-FOR-US: Microsoft -CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...) +CVE-2002-0663 NOT-FOR-US: Norton -CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...) +CVE-2002-0662 {DSA-160} - scrollkeeper 0.3.11-2 -CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...) +CVE-2002-0658 {DSA-137} - mm 1.1.3-7 -CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ...) +CVE-2002-0653 {DSA-135} - libapache-mod-ssl 2.8.9-2 -CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...) +CVE-2002-0651 - glibc 2.2.5-8 -CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...) +CVE-2002-0650 NOT-FOR-US: microsoft -CVE-2002-0648 (The legacy <script> data-island capability for XML in Microsoft ...) +CVE-2002-0648 NOT-FOR-US: microsoft -CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...) +CVE-2002-0647 NOT-FOR-US: microsoft -CVE-2002-0642 (The registry key containing the SQL Server service account information ...) +CVE-2002-0642 NOT-FOR-US: microsoft -CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...) +CVE-2002-0640 - openssh 1:3.4 (high) -CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...) +CVE-2002-0639 - openssh 1:3.4 (high) -CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...) +CVE-2002-0638 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...) +CVE-2002-0631 NOT-FOR-US: SGI -CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) +CVE-2002-0630 NOT-FOR-US: Polycom -CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote ...) +CVE-2002-0627 NOT-FOR-US: Polycom -CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...) +CVE-2002-0623 NOT-FOR-US: Microsoft -CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft ...) +CVE-2002-0622 NOT-FOR-US: Microsoft -CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer ...) +CVE-2002-0621 NOT-FOR-US: Microsoft -CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...) +CVE-2002-0619 NOT-FOR-US: Microsoft -CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) +CVE-2002-0618 NOT-FOR-US: Microsoft -CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) +CVE-2002-0617 NOT-FOR-US: Microsoft -CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) +CVE-2002-0616 NOT-FOR-US: Microsoft -CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player ...) +CVE-2002-0615 NOT-FOR-US: Microsoft -CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote ...) +CVE-2002-0613 NOT-FOR-US: DNSTools -CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 ...) +CVE-2002-0605 NOT-FOR-US: Flash -CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...) +CVE-2002-0601 NOT-FOR-US: ISS -CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass ...) +CVE-2002-0599 NOT-FOR-US: Blahz -CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner ...) +CVE-2002-0598 NOT-FOR-US: Foundstone -CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ...) +CVE-2002-0597 NOT-FOR-US: Microsoft -CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...) +CVE-2002-0594 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...) +CVE-2002-0576 NOT-FOR-US: ColdFusion -CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with ...) +CVE-2002-0575 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to ...) +CVE-2002-0574 NOT-FOR-US: FreeBSD -CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for ...) +CVE-2002-0573 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access ...) +CVE-2002-0571 NOT-FOR-US: Oracle -CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...) +CVE-2002-0569 NOT-FOR-US: Oracle -CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...) +CVE-2002-0567 NOT-FOR-US: Oracle -CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows ...) +CVE-2002-0553 NOT-FOR-US: SunShop -CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...) +CVE-2002-0546 NOT-FOR-US: Winamp -CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...) +CVE-2002-0545 NOT-FOR-US: Cisco -CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server ...) +CVE-2002-0543 NOT-FOR-US: Aprelium -CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...) +CVE-2002-0542 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...) +CVE-2002-0539 NOT-FOR-US: Demarc -CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 ...) +CVE-2002-0538 NOT-FOR-US: Symantec -CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the ...) +CVE-2002-0536 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...) +CVE-2002-0532 NOT-FOR-US: EMU -CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...) +CVE-2002-0531 NOT-FOR-US: EMU -CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...) +CVE-2002-0516 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...) +CVE-2002-0513 NOT-FOR-US: popper_mod -CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the ...) +CVE-2002-0512 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in ...) +CVE-2002-0511 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...) +CVE-2002-0506 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework ...) +CVE-2002-0505 NOT-FOR-US: Cisco -CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ...) +CVE-2002-0501 NOT-FOR-US: Posadis -CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, ...) +CVE-2002-0497 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...) +CVE-2002-0495 NOT-FOR-US: csSearch -CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...) +CVE-2002-0494 NOT-FOR-US: WebSight -CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...) +CVE-2002-0493 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...) +CVE-2002-0490 NOT-FOR-US: Instant Web Mail -CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote ...) +CVE-2002-0488 NOT-FOR-US: Linux Directory Penguin -CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...) +CVE-2002-0484 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote ...) +CVE-2002-0473 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...) +CVE-2002-0464 NOT-FOR-US: Hosting Controller -CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...) +CVE-2002-0463 NOT-FOR-US: ARSC -CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone ...) +CVE-2002-0462 NOT-FOR-US: Big Sam -CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote ...) +CVE-2002-0454 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote ...) +CVE-2002-0451 NOT-FOR-US: PHProjekt -CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to ...) +CVE-2002-0445 NOT-FOR-US: PHP FirstPost -CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial ...) +CVE-2002-0444 NOT-FOR-US: Windows -CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that ...) +CVE-2002-0443 NOT-FOR-US: Windows -CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 ...) +CVE-2002-0442 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...) +CVE-2002-0441 NOT-FOR-US: PHP Imglist -CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote ...) +CVE-2002-0437 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) ...) +CVE-2002-0435 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU ...) +CVE-2002-0431 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...) +CVE-2002-0429 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.2.20 <removed> -CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...) +CVE-2002-0425 NOT-FOR-US: mIRC -CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...) +CVE-2002-0424 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...) +CVE-2002-0423 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, ...) +CVE-2002-0414 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...) +CVE-2002-0412 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...) +CVE-2002-0406 NOT-FOR-US: SPHERE -CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...) +CVE-2002-0404 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to ...) +CVE-2002-0403 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...) +CVE-2002-0402 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...) +CVE-2002-0401 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of ...) +CVE-2002-0400 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...) +CVE-2002-0398 NOT-FOR-US: Red-M -CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, ...) +CVE-2002-0397 NOT-FOR-US: Red-M -CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...) +CVE-2002-0396 NOT-FOR-US: Red-M -CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be ...) +CVE-2002-0395 NOT-FOR-US: Red-M -CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, ...) +CVE-2002-0394 NOT-FOR-US: Red-M -CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...) +CVE-2002-0392 - apache2 2.0.37 -CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...) +CVE-2002-0391 {DSA-333 DSA-149 DSA-146 DSA-143 DSA-142} - acm 5.0-10 - glibc 2.2.5-13 - dietlibc 0.20-0cvs20020808 - krb5 1.2.5-2 - openafs 1.2.6-1 -CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...) +CVE-2002-0389 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...) +CVE-2002-0387 NOT-FOR-US: Sun -CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...) +CVE-2002-0384 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...) +CVE-2002-0382 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...) +CVE-2002-0381 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers ...) +CVE-2002-0380 {DSA-255} - tcpdump 3.7.1-1.2 -CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ...) +CVE-2002-0379 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...) +CVE-2002-0377 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...) +CVE-2002-0376 NOT-FOR-US: Apple -CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap ...) +CVE-2002-0374 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows ...) +CVE-2002-0373 NOT-FOR-US: Microsoft -CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player ...) +CVE-2002-0372 NOT-FOR-US: Microsoft -CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to ...) +CVE-2002-0369 NOT-FOR-US: Microsoft -CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers ...) +CVE-2002-0368 NOT-FOR-US: Microsoft -CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not ...) +CVE-2002-0367 NOT-FOR-US: Microsoft -CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows ...) +CVE-2002-0366 NOT-FOR-US: Microsoft -CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...) +CVE-2002-0364 NOT-FOR-US: Microsoft -CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...) +CVE-2002-0363 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows ...) +CVE-2002-0362 NOT-FOR-US: AOL -CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which ...) +CVE-2002-0359 NOT-FOR-US: IRIX -CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows ...) +CVE-2002-0358 NOT-FOR-US: MediaMail -CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...) +CVE-2002-0357 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX ...) +CVE-2002-0356 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...) +CVE-2002-0355 NOT-FOR-US: SGI -CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) ...) +CVE-2002-0339 NOT-FOR-US: Cisco -CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin ...) +CVE-2002-0330 NOT-FOR-US: OpenBB -CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ...) +CVE-2002-0329 NOT-FOR-US: Snitz -CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...) +CVE-2002-0318 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...) +CVE-2002-0313 NOT-FOR-US: Essentia -CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the ...) +CVE-2002-0309 NOT-FOR-US: Symantec -CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops ...) +CVE-2002-0302 NOT-FOR-US: Symantec -CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, ...) +CVE-2002-0300 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code ...) +CVE-2002-0299 NOT-FOR-US: CatchUp -CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in ...) +CVE-2002-0292 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...) +CVE-2002-0290 NOT-FOR-US: WebNews -CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, ...) +CVE-2002-0287 NOT-FOR-US: pforum -CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...) +CVE-2002-0276 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to ...) +CVE-2002-0275 NOT-FOR-US: Falcon -CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a ...) +CVE-2002-0274 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before ...) +CVE-2002-0267 NOT-FOR-US: SIPS -CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...) +CVE-2002-0265 NOT-FOR-US: Sawmill -CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to ...) +CVE-2002-0251 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through ...) +CVE-2002-0250 NOT-FOR-US: HP -CVE-2002-0246 (Format string vulnerability in the message catalog library functions ...) +CVE-2002-0246 NOT-FOR-US: UnixWare -CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...) +CVE-2002-0241 NOT-FOR-US: Cisco -CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE ...) +CVE-2002-0237 NOT-FOR-US: ISS -CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...) +CVE-2002-0226 NOT-FOR-US: DCForum -CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ...) +CVE-2002-0213 NOT-FOR-US: Xinet -CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...) +CVE-2002-0211 NOT-FOR-US: Tarantella -CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing ...) +CVE-2002-0209 NOT-FOR-US: Nortel -CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows ...) +CVE-2002-0207 NOT-FOR-US: Real Networks -CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof ...) +CVE-2002-0197 NOT-FOR-US: psyBNC -CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the ...) +CVE-2002-0196 NOT-FOR-US: ACD -CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...) +CVE-2002-0193 NOT-FOR-US: Microsoft -CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) +CVE-2002-0191 NOT-FOR-US: Microsoft -CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) +CVE-2002-0190 NOT-FOR-US: Microsoft -CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...) +CVE-2002-0188 NOT-FOR-US: Microsoft -CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...) +CVE-2002-0187 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...) +CVE-2002-0186 NOT-FOR-US: Microsoft -CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly ...) +CVE-2002-0185 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...) +CVE-2002-0184 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and ...) +CVE-2002-0181 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows ...) +CVE-2002-0179 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...) +CVE-2002-0178 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly ...) +CVE-2002-0176 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection ...) +CVE-2002-0175 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite ...) +CVE-2002-0174 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart ...) +CVE-2002-0173 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with ...) +CVE-2002-0172 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with ...) +CVE-2002-0171 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for ...) +CVE-2002-0170 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...) +CVE-2002-0169 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a ...) +CVE-2002-0168 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...) +CVE-2002-0167 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...) +CVE-2002-0166 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...) +CVE-2002-0163 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0160 (The administration function in Cisco Secure Access Control Server ...) +CVE-2002-0160 NOT-FOR-US: Cisco -CVE-2002-0159 (Format string vulnerability in the administration function in Cisco ...) +CVE-2002-0159 NOT-FOR-US: Cisco -CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...) +CVE-2002-0158 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...) +CVE-2002-0157 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...) +CVE-2002-0155 NOT-FOR-US: Microsoft -CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...) +CVE-2002-0153 NOT-FOR-US: Microsoft -CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...) +CVE-2002-0152 NOT-FOR-US: Microsoft -CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...) +CVE-2002-0151 NOT-FOR-US: Microsoft -CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) +CVE-2002-0150 NOT-FOR-US: Microsoft -CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...) +CVE-2002-0149 NOT-FOR-US: Microsoft -CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...) +CVE-2002-0148 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...) +CVE-2002-0147 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the ...) +CVE-2002-0146 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier ...) +CVE-2002-0143 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect ...) +CVE-2002-0139 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...) +CVE-2002-0128 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, ...) +CVE-2002-0123 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...) +CVE-2002-0121 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup ...) +CVE-2002-0120 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board ...) +CVE-2002-0117 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, ...) +CVE-2002-0115 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...) +CVE-2002-0111 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier ...) +CVE-2002-0107 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! ...) +CVE-2002-0098 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...) +CVE-2002-0097 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments ...) +CVE-2002-0096 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...) +CVE-2002-0095 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...) +CVE-2002-0094 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, ...) +CVE-2002-0092 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 ...) +CVE-2002-0090 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 ...) +CVE-2002-0083 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...) +CVE-2002-0082 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...) +CVE-2002-0081 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups ...) +CVE-2002-0080 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...) +CVE-2002-0079 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...) +CVE-2002-0078 NOT-FOR-US: Microsoft -CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote ...) +CVE-2002-0076 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server ...) +CVE-2002-0075 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...) +CVE-2002-0074 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...) +CVE-2002-0073 NOT-FOR-US: Microsoft -CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...) +CVE-2002-0072 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...) +CVE-2002-0071 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...) +CVE-2002-0070 NOT-FOR-US: Microsoft -CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote ...) +CVE-2002-0069 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a ...) +CVE-2002-0068 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even ...) +CVE-2002-0067 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that ...) +CVE-2002-0066 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host ...) +CVE-2002-0065 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions ...) +CVE-2002-0064 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow ...) +CVE-2002-0063 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...) +CVE-2002-0062 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows ...) +CVE-2002-0061 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for ...) +CVE-2002-0060 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...) +CVE-2002-0059 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...) +CVE-2002-0057 NOT-FOR-US: Microsoft -CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and ...) +CVE-2002-0055 NOT-FOR-US: Microsoft -CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail ...) +CVE-2002-0054 NOT-FOR-US: Microsoft -CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...) +CVE-2002-0052 NOT-FOR-US: Microsoft -CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new ...) +CVE-2002-0051 NOT-FOR-US: Microsoft -CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...) +CVE-2002-0050 NOT-FOR-US: Microsoft -CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives "Everyone" group ...) +CVE-2002-0049 NOT-FOR-US: Microsoft -CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a ...) +CVE-2002-0047 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote ...) +CVE-2002-0046 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...) +CVE-2002-0045 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite ...) +CVE-2002-0044 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment ...) +CVE-2002-0043 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...) +CVE-2002-0042 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...) +CVE-2002-0040 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name ...) +CVE-2002-0038 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...) +CVE-2002-0036 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...) +CVE-2002-0033 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to ...) +CVE-2002-0032 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows ...) +CVE-2002-0028 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...) +CVE-2002-0027 NOT-FOR-US: Microsoft -CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass ...) +CVE-2002-0026 NOT-FOR-US: Microsoft -CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the ...) +CVE-2002-0025 NOT-FOR-US: Microsoft -CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an ...) +CVE-2002-0024 NOT-FOR-US: Microsoft -CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ...) +CVE-2002-0023 NOT-FOR-US: Microsoft -CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in ...) +CVE-2002-0022 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...) +CVE-2002-0021 NOT-FOR-US: Microsoft -CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 ...) +CVE-2002-0020 NOT-FOR-US: Microsoft -CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that ...) +CVE-2002-0018 NOT-FOR-US: Microsoft -CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...) +CVE-2002-0017 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...) +CVE-2002-0014 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may ...) +CVE-2002-0011 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs ...) +CVE-2002-0009 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote ...) +CVE-2002-0007 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...) +CVE-2002-0006 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...) +CVE-2002-0005 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0004 (Heap corruption vulnerability in the "at" program allows local users ...) +CVE-2002-0004 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows ...) +CVE-2002-0003 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...) +CVE-2002-0002 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...) +CVE-2002-0654 - apache2 2.0.40 -CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...) +CVE-2002-0652 NOT-FOR-US: IRIX -CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL ...) +CVE-2002-0649 NOT-FOR-US: Microsoft CVE-2002-0646 REJECTED -CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...) +CVE-2002-0645 NOT-FOR-US: Microsoft -CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...) +CVE-2002-0644 NOT-FOR-US: Microsoft -CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...) +CVE-2002-0643 NOT-FOR-US: Microsoft -CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) +CVE-2002-0641 NOT-FOR-US: Microsoft -CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) +CVE-2002-0637 NOT-FOR-US: InterScan CVE-2002-0636 RESERVED @@ -4422,606 +4422,606 @@ CVE-2002-0634 REJECTED CVE-2002-0633 REJECTED -CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) +CVE-2002-0632 NOT-FOR-US: SGI -CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) +CVE-2002-0629 NOT-FOR-US: Polycom -CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...) +CVE-2002-0628 NOT-FOR-US: Polycom -CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...) +CVE-2002-0626 NOT-FOR-US: Polycom -CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...) +CVE-2002-0624 NOT-FOR-US: Microsoft -CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...) +CVE-2002-0620 NOT-FOR-US: Microsoft -CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...) +CVE-2002-0614 NOT-FOR-US: PHP-Survey -CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) +CVE-2002-0612 NOT-FOR-US: FileSeek -CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...) +CVE-2002-0611 NOT-FOR-US: FileSeek -CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...) +CVE-2002-0610 NOT-FOR-US: HP -CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) +CVE-2002-0609 NOT-FOR-US: HP -CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...) +CVE-2002-0608 NOT-FOR-US: Matu -CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...) +CVE-2002-0607 NOT-FOR-US: Snitz -CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) +CVE-2002-0606 NOT-FOR-US: 3Cdaemon -CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...) +CVE-2002-0604 NOT-FOR-US: Snapgear -CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...) +CVE-2002-0603 NOT-FOR-US: Snapgear -CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...) +CVE-2002-0602 NOT-FOR-US: Snapgear -CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...) +CVE-2002-0600 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...) +CVE-2002-0596 NOT-FOR-US: WebTrends -CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...) +CVE-2002-0595 NOT-FOR-US: WebTrends -CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...) +CVE-2002-0593 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...) +CVE-2002-0592 NOT-FOR-US: AOL -CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...) +CVE-2002-0591 NOT-FOR-US: AOL -CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...) +CVE-2002-0590 NOT-FOR-US: IncrediBB -CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) +CVE-2002-0589 NOT-FOR-US: PVote -CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...) +CVE-2002-0588 NOT-FOR-US: PVote -CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) +CVE-2002-0587 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...) +CVE-2002-0586 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...) +CVE-2002-0585 NOT-FOR-US: HP-UX -CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) +CVE-2002-0584 NOT-FOR-US: WorkforceROI -CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...) +CVE-2002-0583 NOT-FOR-US: WorkforceROI -CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...) +CVE-2002-0582 NOT-FOR-US: WorkforceROI -CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...) +CVE-2002-0581 NOT-FOR-US: WorkforceROI -CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) +CVE-2002-0580 NOT-FOR-US: WorkforceROI -CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...) +CVE-2002-0579 NOT-FOR-US: WorkforceROI -CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) +CVE-2002-0578 NOT-FOR-US: 4D WebServer -CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...) +CVE-2002-0577 NOT-FOR-US: HP-UX -CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...) +CVE-2002-0572 NOT-FOR-US: FreeBSD -CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) +CVE-2002-0570 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) +CVE-2002-0568 NOT-FOR-US: Oracle -CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CVE-2002-0566 NOT-FOR-US: Oracle -CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...) +CVE-2002-0565 NOT-FOR-US: Oracle -CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CVE-2002-0564 NOT-FOR-US: Oracle -CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) +CVE-2002-0563 NOT-FOR-US: Oracle -CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) +CVE-2002-0562 NOT-FOR-US: Oracle -CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...) +CVE-2002-0561 NOT-FOR-US: Oracle -CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CVE-2002-0560 NOT-FOR-US: Oracle -CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...) +CVE-2002-0559 NOT-FOR-US: Oracle -CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...) +CVE-2002-0558 NOT-FOR-US: TYPSoft -CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...) +CVE-2002-0557 NOT-FOR-US: OpenBSD -CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) +CVE-2002-0556 NOT-FOR-US: Quik-Serv -CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...) +CVE-2002-0555 NOT-FOR-US: IBM -CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...) +CVE-2002-0554 NOT-FOR-US: IBM -CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) +CVE-2002-0552 NOT-FOR-US: Melange -CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...) +CVE-2002-0551 NOT-FOR-US: Dynamic Guestbook -CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...) +CVE-2002-0550 NOT-FOR-US: Dynamic Guestbook -CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) +CVE-2002-0549 NOT-FOR-US: Anthill -CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) +CVE-2002-0548 NOT-FOR-US: Anthill -CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) +CVE-2002-0547 NOT-FOR-US: Winamp -CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...) +CVE-2002-0544 NOT-FOR-US: Aprelium -CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...) +CVE-2002-0541 NOT-FOR-US: Tivoli -CVE-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) +CVE-2002-0540 NOT-FOR-US: Nortel -CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...) +CVE-2002-0537 NOT-FOR-US: SWS -CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...) +CVE-2002-0535 NOT-FOR-US: PostBoard -CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...) +CVE-2002-0534 NOT-FOR-US: PostBoard -CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) +CVE-2002-0533 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...) +CVE-2002-0530 NOT-FOR-US: Novell -CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...) +CVE-2002-0529 NOT-FOR-US: HP/Apple -CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...) +CVE-2002-0528 NOT-FOR-US: Watchguard -CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...) +CVE-2002-0527 NOT-FOR-US: Watchguard -CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...) +CVE-2002-0526 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) +CVE-2002-0525 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...) +CVE-2002-0524 NOT-FOR-US: ASP-Nuke -CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) +CVE-2002-0523 NOT-FOR-US: ASP-Nuke -CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...) +CVE-2002-0522 NOT-FOR-US: ASP-Nuke -CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) +CVE-2002-0521 NOT-FOR-US: ASP-Nuke -CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...) +CVE-2002-0520 NOT-FOR-US: ASP-Nuke -CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...) +CVE-2002-0518 NOT-FOR-US: FreeBSD -CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...) +CVE-2002-0517 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) +CVE-2002-0515 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) +CVE-2002-0514 NOT-FOR-US: OpenBSD -CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...) +CVE-2002-0510 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...) +CVE-2002-0509 NOT-FOR-US: Oracle -CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) +CVE-2002-0508 NOT-FOR-US: wwwisis -CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...) +CVE-2002-0507 NOT-FOR-US: Microsoft -CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...) +CVE-2002-0504 NOT-FOR-US: Citrix -CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) +CVE-2002-0503 NOT-FOR-US: Citrix -CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...) +CVE-2002-0502 NOT-FOR-US: Citrix -CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) +CVE-2002-0500 NOT-FOR-US: Microsoft -CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) +CVE-2002-0499 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...) +CVE-2002-0498 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...) +CVE-2002-0496 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...) +CVE-2002-0492 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...) +CVE-2002-0491 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...) +CVE-2002-0489 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...) +CVE-2002-0487 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...) +CVE-2002-0486 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...) +CVE-2002-0485 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...) +CVE-2002-0483 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...) +CVE-2002-0482 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...) +CVE-2002-0481 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...) +CVE-2002-0480 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...) +CVE-2002-0479 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...) +CVE-2002-0478 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...) +CVE-2002-0477 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) +CVE-2002-0476 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...) +CVE-2002-0475 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...) +CVE-2002-0474 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...) +CVE-2002-0472 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...) +CVE-2002-0471 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...) +CVE-2002-0470 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) +CVE-2002-0469 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...) +CVE-2002-0468 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...) +CVE-2002-0467 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) +CVE-2002-0466 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) +CVE-2002-0465 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) +CVE-2002-0461 NOT-FOR-US: Microsoft -CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) +CVE-2002-0460 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) +CVE-2002-0459 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...) +CVE-2002-0458 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...) +CVE-2002-0457 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) +CVE-2002-0456 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) +CVE-2002-0455 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) +CVE-2002-0453 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) +CVE-2002-0452 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...) +CVE-2002-0450 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...) +CVE-2002-0449 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...) +CVE-2002-0448 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...) +CVE-2002-0447 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...) +CVE-2002-0446 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) +CVE-2002-0440 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) +CVE-2002-0439 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) +CVE-2002-0438 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...) +CVE-2002-0436 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...) +CVE-2002-0434 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...) +CVE-2002-0433 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...) +CVE-2002-0432 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...) +CVE-2002-0430 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...) +CVE-2002-0428 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...) +CVE-2002-0427 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) +CVE-2002-0426 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) +CVE-2002-0422 NOT-FOR-US: Microsoft -CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) +CVE-2002-0421 NOT-FOR-US: Microsoft -CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) +CVE-2002-0420 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) +CVE-2002-0419 NOT-FOR-US: Microsoft -CVE-2002-0418 (Directory traversal vulnerability in the ...) +CVE-2002-0418 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) +CVE-2002-0417 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...) +CVE-2002-0416 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) +CVE-2002-0415 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) +CVE-2002-0413 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) +CVE-2002-0411 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) +CVE-2002-0410 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) +CVE-2002-0409 NOT-FOR-US: Microsoft -CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) +CVE-2002-0408 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) +CVE-2002-0407 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...) +CVE-2002-0405 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) +CVE-2002-0399 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) +CVE-2002-0393 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0390 RESERVED -CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...) +CVE-2002-0388 {DSA-147} - mailman 2.0.12-1 -CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...) +CVE-2002-0386 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...) +CVE-2002-0385 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0383 RESERVED -CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) +CVE-2002-0378 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) +CVE-2002-0375 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) +CVE-2002-0371 NOT-FOR-US: Microsoft -CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) +CVE-2002-0370 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0365 RESERVED CVE-2002-0361 RESERVED -CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...) +CVE-2002-0360 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) +CVE-2002-0354 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) +CVE-2002-0353 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) +CVE-2002-0352 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...) +CVE-2002-0351 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...) +CVE-2002-0350 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...) +CVE-2002-0349 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) +CVE-2002-0348 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...) +CVE-2002-0347 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...) +CVE-2002-0346 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) +CVE-2002-0345 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...) +CVE-2002-0344 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...) +CVE-2002-0343 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...) +CVE-2002-0342 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...) +CVE-2002-0341 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) +CVE-2002-0340 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...) +CVE-2002-0338 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) +CVE-2002-0337 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) +CVE-2002-0336 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) +CVE-2002-0335 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...) +CVE-2002-0334 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...) +CVE-2002-0333 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) +CVE-2002-0332 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...) +CVE-2002-0331 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...) +CVE-2002-0328 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...) +CVE-2002-0327 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) +CVE-2002-0326 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...) +CVE-2002-0325 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...) +CVE-2002-0324 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...) +CVE-2002-0323 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...) +CVE-2002-0322 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...) +CVE-2002-0321 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...) +CVE-2002-0320 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) +CVE-2002-0319 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) +CVE-2002-0317 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) +CVE-2002-0316 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...) +CVE-2002-0315 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) +CVE-2002-0314 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...) +CVE-2002-0312 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) +CVE-2002-0311 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) +CVE-2002-0310 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...) +CVE-2002-0308 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...) +CVE-2002-0307 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...) +CVE-2002-0306 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...) +CVE-2002-0305 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) +CVE-2002-0304 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) +CVE-2002-0303 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) +CVE-2002-0301 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...) +CVE-2002-0298 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...) +CVE-2002-0297 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...) +CVE-2002-0296 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...) +CVE-2002-0295 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...) +CVE-2002-0294 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...) +CVE-2002-0293 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...) +CVE-2002-0291 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...) +CVE-2002-0289 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...) +CVE-2002-0288 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...) +CVE-2002-0286 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) +CVE-2002-0285 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) +CVE-2002-0284 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...) +CVE-2002-0283 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...) +CVE-2002-0282 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...) +CVE-2002-0281 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...) +CVE-2002-0280 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...) +CVE-2002-0279 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...) +CVE-2002-0278 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...) +CVE-2002-0277 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...) +CVE-2002-0273 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...) +CVE-2002-0272 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) +CVE-2002-0271 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) +CVE-2002-0270 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) +CVE-2002-0269 NOT-FOR-US: Microsoft -CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) +CVE-2002-0268 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) +CVE-2002-0266 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...) +CVE-2002-0264 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...) +CVE-2002-0263 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...) +CVE-2002-0262 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...) +CVE-2002-0261 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) +CVE-2002-0260 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) +CVE-2002-0259 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) +CVE-2002-0258 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...) +CVE-2002-0257 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) +CVE-2002-0256 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...) +CVE-2002-0255 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...) +CVE-2002-0254 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...) +CVE-2002-0253 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) +CVE-2002-0252 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) +CVE-2002-0249 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...) +CVE-2002-0248 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...) +CVE-2002-0247 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...) +CVE-2002-0245 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...) +CVE-2002-0244 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) +CVE-2002-0243 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) +CVE-2002-0242 NOT-FOR-US: Microsoft -CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) +CVE-2002-0240 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) +CVE-2002-0239 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) +CVE-2002-0238 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) +CVE-2002-0236 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) +CVE-2002-0235 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...) +CVE-2002-0234 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...) +CVE-2002-0233 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...) +CVE-2002-0232 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...) +CVE-2002-0231 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...) +CVE-2002-0230 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) +CVE-2002-0229 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) +CVE-2002-0228 NOT-FOR-US: Microsoft -CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) +CVE-2002-0227 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) +CVE-2002-0225 NOT-FOR-US: Cisco -CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) +CVE-2002-0224 NOT-FOR-US: Microsoft -CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) +CVE-2002-0223 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...) +CVE-2002-0222 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) +CVE-2002-0221 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...) +CVE-2002-0220 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) +CVE-2002-0219 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) +CVE-2002-0218 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...) +CVE-2002-0217 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...) +CVE-2002-0216 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) +CVE-2002-0215 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) +CVE-2002-0214 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...) +CVE-2002-0212 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...) +CVE-2002-0210 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) +CVE-2002-0208 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) +CVE-2002-0206 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...) +CVE-2002-0205 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) +CVE-2002-0204 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...) +CVE-2002-0203 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...) +CVE-2002-0202 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) +CVE-2002-0201 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) +CVE-2002-0200 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...) +CVE-2002-0199 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...) +CVE-2002-0198 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0195 RESERVED @@ -5029,140 +5029,140 @@ CVE-2002-0194 RESERVED CVE-2002-0192 REJECTED -CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) +CVE-2002-0189 NOT-FOR-US: Microsoft CVE-2002-0182 RESERVED -CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) +CVE-2002-0180 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) +CVE-2002-0177 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) +CVE-2002-0165 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...) +CVE-2002-0164 {DSA-380} - xfree86 4.2.1-11 -CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) +CVE-2002-0162 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0161 RESERVED -CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) +CVE-2002-0154 NOT-FOR-US: Microsoft -CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) +CVE-2002-0145 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) +CVE-2002-0144 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...) +CVE-2002-0142 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) +CVE-2002-0141 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...) +CVE-2002-0140 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) +CVE-2002-0138 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) +CVE-2002-0137 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) +CVE-2002-0136 NOT-FOR-US: Microsoft -CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) +CVE-2002-0135 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) +CVE-2002-0134 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) +CVE-2002-0133 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) +CVE-2002-0132 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) +CVE-2002-0131 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) +CVE-2002-0130 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) +CVE-2002-0129 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) +CVE-2002-0127 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) +CVE-2002-0126 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...) +CVE-2002-0125 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...) +CVE-2002-0124 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...) +CVE-2002-0122 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) +CVE-2002-0119 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) +CVE-2002-0118 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) +CVE-2002-0116 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0114 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords ...) +CVE-2002-0114 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0113 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files ...) +CVE-2002-0113 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...) +CVE-2002-0112 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...) +CVE-2002-0110 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) +CVE-2002-0109 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...) +CVE-2002-0108 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...) +CVE-2002-0106 NOT-FOR-US: BEA WebLogic -CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...) +CVE-2002-0105 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) +CVE-2002-0104 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...) +CVE-2002-0103 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) +CVE-2002-0102 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) +CVE-2002-0101 NOT-FOR-US: Microsoft -CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) +CVE-2002-0100 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) +CVE-2002-0099 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) +CVE-2002-0093 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...) +CVE-2002-0091 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...) +CVE-2002-0089 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...) +CVE-2002-0088 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) +CVE-2002-0087 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...) +CVE-2002-0086 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...) +CVE-2002-0085 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) +CVE-2002-0084 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) +CVE-2002-0077 NOT-FOR-US: Microsoft -CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) +CVE-2002-0058 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) +CVE-2002-0056 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...) +CVE-2002-0053 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) +CVE-2002-0048 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...) +CVE-2002-0041 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...) +CVE-2002-0039 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) +CVE-2002-0037 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0035 REJECTED -CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) +CVE-2002-0034 NOT-FOR-US: Microsoft -CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) +CVE-2002-0031 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) +CVE-2002-0030 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...) +CVE-2002-0029 {DSA-196} - bind9 <not-affected> - bind 1:8.3.3-3 @@ -5172,13 +5172,13 @@ CVE-2002-0016 RESERVED CVE-2002-0015 RESERVED -CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...) +CVE-2002-0013 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...) +CVE-2002-0012 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) +CVE-2002-0010 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...) +CVE-2002-0008 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) +CVE-2002-0001 NOT-FOR-US: Data pre-dating the Security Tracker |