diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
| commit | b52483e988b611ffa7ff016030b0a61101f28219 (patch) | |
| tree | 440ead7c2c2cb0bf02ecc5929bee37f271401d72 /data/CVE/2004.list | |
| parent | 48e42f485f4e01f92211c58abc88e5304d6a9667 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2004.list')
| -rw-r--r-- | data/CVE/2004.list | 5286 |
1 files changed, 2643 insertions, 2643 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 5a5ef9521c..f5b275c2f9 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,10 +1,10 @@ -CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b ...) +CVE-2004-2779 - libid3tag 0.15.1b-5 (bug #304913) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647 NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/ -CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending ...) +CVE-2004-2778 NOT-FOR-US: Gentoo ebuilds dir permissions at install time -CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...) +CVE-2004-2777 NOT-FOR-US: GE Healthcare Centricity Image Vault CVE-2004-XXXX [base-passwd: sets valid shells for system services] - base-passwd 3.5.30 (unimportant; bug #274229) @@ -20,615 +20,615 @@ CVE-2004-2773 RESERVED CVE-2004-2772 RESERVED -CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and ...) +CVE-2004-2771 {DSA-3105-1 DLA-114-1} - heirloom-mailx 12.5-3.1 (bug #773417) - bsd-mailx 8.1.2-0.20071201cvs-1 - mailx 1:8.1.2-0.20040524cvs-2 (bug #278748) CVE-2004-2770 REJECTED -CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users ...) +CVE-2004-2769 NOT-FOR-US: Cerberus FTP Server -CVE-2004-2768 (dpkg 1.9.21 does not properly reset the metadata of a file during ...) +CVE-2004-2768 - dpkg 1.10.19 (bug #225692) -CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...) +CVE-2004-2767 NOT-FOR-US: Novell NetWare -CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server ...) +CVE-2004-2766 NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server -CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE ...) +CVE-2004-2765 NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server -CVE-2004-2764 (Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, ...) +CVE-2004-2764 NOT-FOR-US: Historic issues in proprietary Java -CVE-2004-2763 (The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 ...) +CVE-2004-2763 NOT-FOR-US: Sun ONE iPlanet Web Server -CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x ...) +CVE-2004-2762 NOT-FOR-US: Tivoli -CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...) +CVE-2004-2761 NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise -CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...) +CVE-2004-2760 - openssh 1:3.6p1-1 (unimportant) -CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in ...) +CVE-2004-2759 NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS -CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...) +CVE-2004-2758 NOT-FOR-US: Sun SunForum -CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in ...) +CVE-2004-2757 NOT-FOR-US: Novell iChain -CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops ...) +CVE-2004-2756 NOT-FOR-US: Xoops -CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...) +CVE-2004-2755 NOT-FOR-US: Symantec Web Security -CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and ...) +CVE-2004-2754 NOT-FOR-US: YaBB -CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...) +CVE-2004-2753 NOT-FOR-US: HP-UX -CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) +CVE-2004-2752 NOT-FOR-US: PostNuke -CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke ...) +CVE-2004-2751 NOT-FOR-US: PostNuke -CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 ...) +CVE-2004-2750 NOT-FOR-US: JBrowser -CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire ...) +CVE-2004-2749 NOT-FOR-US: 2Wire Gateway -CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...) +CVE-2004-2748 NOT-FOR-US: WebTrends Reporting Center -CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...) +CVE-2004-2747 NOT-FOR-US: Quick 'n Easy FTP Server (Windows only) -CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo ...) +CVE-2004-2746 NOT-FOR-US: XTREME ASP Photo Gallery -CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies ...) +CVE-2004-2745 NOT-FOR-US: Anteco Visual Technologies OwnServer -CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...) +CVE-2004-2744 NOT-FOR-US: Tincan Limited PHPlist -CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote ...) +CVE-2004-2743 NOT-FOR-US: Mega Upload Progress Bar -CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in ...) +CVE-2004-2742 NOT-FOR-US: Crystal Enterprise -CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" ...) +CVE-2004-2741 - horde2 <removed> -CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in ...) +CVE-2004-2740 NOT-FOR-US: PHProjekt -CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows ...) +CVE-2004-2739 NOT-FOR-US: PHProjekt -CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ...) +CVE-2004-2738 NOT-FOR-US: Zero board -CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...) +CVE-2004-2737 NOT-FOR-US: NetSupport DNA HelpDesk -CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...) +CVE-2004-2736 NOT-FOR-US: Polar HelpDesk -CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier ...) +CVE-2004-2735 NOT-FOR-US: P4DB -CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...) +CVE-2004-2734 NOT-FOR-US: Novell NetWare -CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, ...) +CVE-2004-2733 NOT-FOR-US: Web Wiz Forums -CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...) +CVE-2004-2732 NOT-FOR-US: Netbilling -CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...) +CVE-2004-2731 {DSA-1503-2 DSA-1503-1} - linux-2.6 2.6.18-1 NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions -CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, ...) +CVE-2004-2730 NOT-FOR-US: PsTools -CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 ...) +CVE-2004-2729 NOT-FOR-US: Hummingbird Connectivity -CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and ...) +CVE-2004-2728 NOT-FOR-US: Hummingbird Connectivity -CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 ...) +CVE-2004-2727 NOT-FOR-US: MailEnable -CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly ...) +CVE-2004-2726 NOT-FOR-US: MailEnable -CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...) +CVE-2004-2725 NOT-FOR-US: Aztek Forum -CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause ...) +CVE-2004-2724 NOT-FOR-US: Chat Anywhere -CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session ...) +CVE-2004-2723 NOT-FOR-US: NessusWXdd -CVE-2004-2722 (** DISPUTED ** ...) +CVE-2004-2722 - nessus-core <unfixed> (unimportant) NOTE: this is no security issue assuming correct permissions -CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public ...) +CVE-2004-2721 NOT-FOR-US: openSkat -CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz ...) +CVE-2004-2720 NOT-FOR-US: Snitz Forums -CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail ...) +CVE-2004-2719 NOT-FOR-US: Foxmail -CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after ...) +CVE-2004-2718 NOT-FOR-US: PHPMyChat -CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in ...) +CVE-2004-2717 NOT-FOR-US: PHPMyChat -CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat ...) +CVE-2004-2716 NOT-FOR-US: PHPMyChat -CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass ...) +CVE-2004-2715 NOT-FOR-US: PHPMyChat -CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows ...) +CVE-2004-2714 - wmaker 0.90-1 -CVE-2004-2713 (** DISPUTED ** ...) +CVE-2004-2713 NOT-FOR-US: ZoneAlarm -CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 ...) +CVE-2004-2712 NOT-FOR-US: Gyach-E -CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 ...) +CVE-2004-2711 NOT-FOR-US: Gyach-E -CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 ...) +CVE-2004-2710 NOT-FOR-US: Gyach-E -CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced ...) +CVE-2004-2709 NOT-FOR-US: Gyach-E -CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, ...) +CVE-2004-2708 NOT-FOR-US: Gyach-E -CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) ...) +CVE-2004-2707 NOT-FOR-US: Gyach-E -CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 ...) +CVE-2004-2706 NOT-FOR-US: Gyach-E -CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) ...) +CVE-2004-2705 - pvpgn 1.6.4+20040826-1 -CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...) +CVE-2004-2704 - hastymail <removed> -CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from ...) +CVE-2004-2703 NOT-FOR-US: MIMEsweeper -CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...) +CVE-2004-2702 NOT-FOR-US: Plesk -CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for ...) +CVE-2004-2701 NOT-FOR-US: AspDotNetStorefront -CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 ...) +CVE-2004-2700 NOT-FOR-US: AspDotNetStorefront -CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to ...) +CVE-2004-2699 NOT-FOR-US: AspDotNetStorefront -CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with ...) +CVE-2004-2698 - imwheel 1.0.0pre12-1 -CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...) +CVE-2004-2697 NOT-FOR-US: InvScoutd -CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...) +CVE-2004-2696 NOT-FOR-US: BEA WebLogic -CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code ...) +CVE-2004-2695 NOT-FOR-US: vBulletin -CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass ...) +CVE-2004-2694 NOT-FOR-US: Outlook -CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries ...) +CVE-2004-2693 NOT-FOR-US: HP-UX -CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe ...) +CVE-2004-2692 NOT-FOR-US: php-exec-dir patch -CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with ...) +CVE-2004-2691 NOT-FOR-US: 3Com firmware -CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...) +CVE-2004-2690 NOT-FOR-US: NewsPHP -CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ...) +CVE-2004-2689 NOT-FOR-US: NewsPHP -CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP ...) +CVE-2004-2688 NOT-FOR-US: NewsPHP -CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...) +CVE-2004-2687 - distcc 2.18.1-1 (low) NOTE: since 2.18.1-1 there is the --allow switch to control network access NOTE: https://github.com/distcc/distcc/issues/155 NOTE: Fix in depth is only in later version 3.3, cf. NOTE: https://bugs.debian.org/892973 -CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...) +CVE-2004-2686 NOT-FOR-US: Solaris -CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...) +CVE-2004-2685 NOT-FOR-US: Ccproxy -CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...) +CVE-2004-2684 NOT-FOR-US: InterSystems Cache -CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in ...) +CVE-2004-2683 NOT-FOR-US: InterSystems Cache -CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...) +CVE-2004-2682 - matrixssl 1.1-1 -CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...) +CVE-2004-2681 - matrixssl 1.1-1 -CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...) +CVE-2004-2680 - libapache2-mod-python 3.2.8-1 (low) -CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...) +CVE-2004-2679 NOT-FOR-US: CheckPoint Firewall -CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and ...) +CVE-2004-2678 NOT-FOR-US: HP Tru64 UNIX -CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP ...) +CVE-2004-2677 NOT-FOR-US: QwikMail SMTP -CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...) +CVE-2004-2676 NOT-FOR-US: WebRoot Spy Sweeper -CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...) +CVE-2004-2675 NOT-FOR-US: ArgoSoft FTP Server -CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...) +CVE-2004-2674 NOT-FOR-US: ArgoSoft FTP Server -CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...) +CVE-2004-2673 NOT-FOR-US: ArgoSoft FTP Server -CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...) +CVE-2004-2672 NOT-FOR-US: ArgoSoft FTP Server -CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...) +CVE-2004-2671 NOT-FOR-US: eNdonesia CMS -CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...) +CVE-2004-2670 NOT-FOR-US: eNdonesia -CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 ...) +CVE-2004-2669 NOT-FOR-US: Land Down Under -CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...) +CVE-2004-2668 - interchange 4.9.8-1 -CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before ...) +CVE-2004-2667 NOT-FOR-US: Lotus Domino -CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...) +CVE-2004-2666 - mantis 0.19.2-1 -CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...) +CVE-2004-2665 NOT-FOR-US: HP-UX -CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...) +CVE-2004-2664 - libphp-adodb <not-affected> - egroupware <not-affected> - moodle <not-affected> - phppgadmin 4.0.1-2 (unimportant) - gallery2 <not-affected> - phpwiki <unfixed> (unimportant) -CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...) +CVE-2004-2663 NOT-FOR-US: IBM -CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...) +CVE-2004-2662 NOT-FOR-US: 04WebServer -CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...) +CVE-2004-2661 NOT-FOR-US: 04WebServer -CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...) +CVE-2004-2660 {DSA-1184-2} - linux-2.6 <not-affected> (fixed before the first upload) -CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...) +CVE-2004-2659 NOT-FOR-US: Opera -CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...) +CVE-2004-2658 - resmgr <not-affected> -CVE-2004-2657 (** DISPUTED ** ...) +CVE-2004-2657 - mozilla-firefox <not-affected> - firefox <not-affected> -CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...) +CVE-2004-2656 - slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469) -CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, ...) +CVE-2004-2655 - xscreensaver 4.18-1 (low) -CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...) +CVE-2004-2654 - squid 2.5.6 -CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...) +CVE-2004-2653 NOT-FOR-US: PD9 Software MegaBBS -CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...) +CVE-2004-2652 - snort 2.3.0-1 -CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...) +CVE-2004-2651 NOT-FOR-US: YaCy -CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...) +CVE-2004-2650 NOT-FOR-US: Apache James -CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...) +CVE-2004-2649 NOT-FOR-US: Eudora -CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...) +CVE-2004-2648 NOT-FOR-US: FreezeX -CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...) +CVE-2004-2647 NOT-FOR-US: Free Web Chat -CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...) +CVE-2004-2646 NOT-FOR-US: Free Web Chat -CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...) +CVE-2004-2645 - asn1c <not-affected> (Fixed before upload into archive; 0.9.7) -CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...) +CVE-2004-2644 - asn1c <not-affected> (Fixed before upload into archive; 0.9.7) -CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...) +CVE-2004-2643 NOT-FOR-US: Microsoft cabarc -CVE-2004-2642 (Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which ...) +CVE-2004-2642 NOT-FOR-US: Yeemp -CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...) +CVE-2004-2641 NOT-FOR-US: Sun appliances -CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...) +CVE-2004-2640 NOT-FOR-US: LinuxStat -CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...) +CVE-2004-2639 NOT-FOR-US: Journalness -CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...) +CVE-2004-2638 NOT-FOR-US: osCommerce -CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...) +CVE-2004-2637 NOT-FOR-US: Zyxel hardware -CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...) +CVE-2004-2636 NOT-FOR-US: TinyWeb -CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...) +CVE-2004-2635 NOT-FOR-US: McAfee -CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...) +CVE-2004-2634 NOT-FOR-US: AIX -CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...) +CVE-2004-2633 NOT-FOR-US: Sesamie -CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...) +CVE-2004-2632 - phpmyadmin 1:2.5.7-pl1-1 -CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...) +CVE-2004-2631 - phpmyadmin 1:2.5.7-pl1-1 -CVE-2004-2630 (The MIME transformation system ...) +CVE-2004-2630 - phpmyadmin 2:2.6.0-pl2-1 -CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...) +CVE-2004-2629 NOT-FOR-US: Click to Meet express -CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...) +CVE-2004-2628 - thttpd <not-affected> (Windows-specific vulnerabilities) -CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...) +CVE-2004-2627 NOT-FOR-US: J2ME -CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...) +CVE-2004-2626 NOT-FOR-US: Siemens cell phone -CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...) +CVE-2004-2625 NOT-FOR-US: Outblaze Email -CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...) +CVE-2004-2624 NOT-FOR-US: WackoWiki -CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...) +CVE-2004-2623 NOT-FOR-US: Rippy the Aggregator -CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...) +CVE-2004-2622 NOT-FOR-US: Altiris Deployment Solution -CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...) +CVE-2004-2621 NOT-FOR-US: Nortel Contivity VPN client -CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...) +CVE-2004-2620 NOT-FOR-US: ripMIME -CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...) +CVE-2004-2619 NOT-FOR-US: ripMIME -CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...) +CVE-2004-2618 NOT-FOR-US: Pegasi Web Server -CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...) +CVE-2004-2617 NOT-FOR-US: Pegasi Web Server -CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) +CVE-2004-2616 NOT-FOR-US: ActivePost Standard -CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...) +CVE-2004-2615 NOT-FOR-US: Cutenews -CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...) +CVE-2004-2614 NOT-FOR-US: MyWeb -CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...) +CVE-2004-2613 - kernel-patch-ctx 1:1.28-1 (bug #262903; medium) -CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...) +CVE-2004-2612 NOT-FOR-US: BNC -CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...) +CVE-2004-2611 NOT-FOR-US: Sophster suite -CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...) +CVE-2004-2610 NOT-FOR-US: mntd -CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...) +CVE-2004-2609 NOT-FOR-US: Symantec PowerQuest DeployCenter -CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news ...) +CVE-2004-2608 NOT-FOR-US: SmartWebby Smart Guest Book -CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...) +CVE-2004-2607 {DSA-1018-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6) -CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...) +CVE-2004-2606 NOT-FOR-US: Linksys hardware -CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...) +CVE-2004-2605 - astats <removed> (bug #287604) -CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...) +CVE-2004-2604 NOT-FOR-US: PHProxy -CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...) +CVE-2004-2603 NOT-FOR-US: UberTec Help Center Live -CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...) +CVE-2004-2602 NOT-FOR-US: UberTec Help Center Live -CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...) +CVE-2004-2601 NOT-FOR-US: UberTec Help Center Live -CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...) +CVE-2004-2600 NOT-FOR-US: Intel hardware -CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...) +CVE-2004-2599 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) NOTE: There is a big note in the quake2 package stating that it is not secure. NOTE: Otherwise severity would be high. -CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows ...) +CVE-2004-2598 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows ...) +CVE-2004-2597 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows ...) +CVE-2004-2596 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...) +CVE-2004-2595 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...) +CVE-2004-2594 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...) +CVE-2004-2593 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...) +CVE-2004-2592 - quake2 <removed> (bug #280573; low) [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib) -CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...) +CVE-2004-2591 NOT-FOR-US: ButtUglySoftware CleanCache -CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...) +CVE-2004-2590 NOT-FOR-US: meindlSOFT Cute PHP Library -CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...) +CVE-2004-2589 - gaim 0.82-1 (medium) -CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...) +CVE-2004-2588 NOT-FOR-US: XMB -CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) +CVE-2004-2587 NOT-FOR-US: SmarterTools SmarterMail -CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...) +CVE-2004-2586 NOT-FOR-US: SmarterTools SmarterMail -CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...) +CVE-2004-2585 NOT-FOR-US: SmarterTools SmarterMail -CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...) +CVE-2004-2584 NOT-FOR-US: SmarterTools SmarterMail -CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) +CVE-2004-2583 NOT-FOR-US: SmarterTools SmarterMail -CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...) +CVE-2004-2582 NOT-FOR-US: iChain -CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...) +CVE-2004-2581 NOT-FOR-US: iChain -CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...) +CVE-2004-2580 NOT-FOR-US: iChain -CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...) +CVE-2004-2579 NOT-FOR-US: iChain -CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...) +CVE-2004-2578 - phpgroupware 0.9.16.002-1 -CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...) +CVE-2004-2577 - phpgroupware 0.9.14-0.RC3.1 -CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...) +CVE-2004-2576 - phpgroupware 0.9.16.000.1.cvs.20040620-1 -CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...) +CVE-2004-2575 - phpgroupware 0.9.14.007 -CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...) +CVE-2004-2574 - phpgroupware 0.9.14.007 -CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...) +CVE-2004-2573 - phpgroupware 0.9.14.007 -CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...) +CVE-2004-2572 NOT-FOR-US: AMAX Magic Winmail -CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...) +CVE-2004-2571 - isoqlog 2.2-0.1 -CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...) +CVE-2004-2570 NOT-FOR-US: Opera -CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...) +CVE-2004-2568 NOT-FOR-US: ReciPants -CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...) +CVE-2004-2567 NOT-FOR-US: ReciPants -CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...) +CVE-2004-2566 NOT-FOR-US: LiveWorld -CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...) +CVE-2004-2565 NOT-FOR-US: Sambar -CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...) +CVE-2004-2564 NOT-FOR-US: Sambar -CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...) +CVE-2004-2563 NOT-FOR-US: Serena TeamTrack -CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...) +CVE-2004-2562 NOT-FOR-US: Leigh Business Enterprises -CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...) +CVE-2004-2561 NOT-FOR-US: ISS Web+Center -CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...) +CVE-2004-2560 - dokuwiki <not-affected> (Fixed before upload into the archive) -CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...) +CVE-2004-2559 - dokuwiki <not-affected> (Fixed before upload into the archive) -CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...) +CVE-2004-2569 {DSA-907-1} - ipmenu 0.0.3-5 -CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...) +CVE-2004-2558 NOT-FOR-US: Tivoli -CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...) +CVE-2004-2557 NOT-FOR-US: Netgear hardware -CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...) +CVE-2004-2556 NOT-FOR-US: Netgear hardware -CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...) +CVE-2004-2555 NOT-FOR-US: FoolProof Security -CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...) +CVE-2004-2554 NOT-FOR-US: Novell Client Firewall -CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...) +CVE-2004-2553 NOT-FOR-US: ignitionServer -CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...) +CVE-2004-2552 - xboard 4.2.7-3 (bug #343560; unimportant) -CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...) +CVE-2004-2551 NOT-FOR-US: Layton HelpBox -CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...) +CVE-2004-2550 NOT-FOR-US: SandSurfer -CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...) +CVE-2004-2549 NOT-FOR-US: Nortel hardware -CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...) +CVE-2004-2548 NOT-FOR-US: SurgeMail -CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...) +CVE-2004-2547 NOT-FOR-US: SurgeMail -CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...) +CVE-2004-2546 - samba 3.0.6-1 -CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...) +CVE-2004-2545 NOT-FOR-US: Sidewinder G2 -CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...) +CVE-2004-2544 NOT-FOR-US: Sidewinder G2 -CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...) +CVE-2004-2543 NOT-FOR-US: Sidewinder G2 -CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...) +CVE-2004-2542 NOT-FOR-US: Dynix WebPac -CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...) +CVE-2004-2541 {DSA-1064-1} - cscope 15.5+cvs20050816-1.1 (bug #340177; medium) NOTE: Sarge and Woody are affected -CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...) +CVE-2004-2540 NOT-FOR-US: Proprietary Java -CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) +CVE-2004-2539 NOT-FOR-US: NetCache -CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...) +CVE-2004-2538 NOT-FOR-US: phpCodeGenie -CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...) +CVE-2004-2537 NOT-FOR-US: SurgeMail -CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...) +CVE-2004-2536 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6) - kernel-source-2.4.27 <not-affected> [sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6) -CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...) +CVE-2004-2535 NOT-FOR-US: Sticker -CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...) +CVE-2004-2534 NOT-FOR-US: NETFile Server -CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...) +CVE-2004-2533 NOT-FOR-US: Serv-U FTP Server -CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...) +CVE-2004-2532 NOT-FOR-US: Serv-U FTP Server -CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...) +CVE-2004-2531 - gnutls11 1.0.16-8 (bug #336006; low) - gnutls12 <not-affected> (fixed before upload) -CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...) +CVE-2004-2530 NOT-FOR-US: Gadu-Gadu -CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...) +CVE-2004-2529 NOT-FOR-US: Gadu-Gadu -CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...) +CVE-2004-2528 NOT-FOR-US: Webcam Watchdog -CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...) +CVE-2004-2527 NOT-FOR-US: Microsoft -CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...) +CVE-2004-2526 NOT-FOR-US: Tivoli -CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...) +CVE-2004-2525 - serendipity 1.0-1 -CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...) +CVE-2004-2524 NOT-FOR-US: WHM AutoPilot -CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...) +CVE-2004-2523 NOT-FOR-US: OpenFTPD -CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...) +CVE-2004-2522 NOT-FOR-US: Gattaca -CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...) +CVE-2004-2521 NOT-FOR-US: Gattaca -CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...) +CVE-2004-2520 NOT-FOR-US: Gattaca -CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...) +CVE-2004-2519 NOT-FOR-US: Gattaca -CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...) +CVE-2004-2518 NOT-FOR-US: Gattaca -CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...) +CVE-2004-2517 NOT-FOR-US: myServer -CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...) +CVE-2004-2516 NOT-FOR-US: myServer -CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...) +CVE-2004-2515 NOT-FOR-US: VMWare Workstation -CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2004-2514 NOT-FOR-US: PowerPortal -CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...) +CVE-2004-2513 NOT-FOR-US: Mercury Mail -CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...) +CVE-2004-2512 NOT-FOR-US: DCP-Portal -CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) +CVE-2004-2511 NOT-FOR-US: DCP-Portal -CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...) +CVE-2004-2510 NOT-FOR-US: Infopop UBB.Threads -CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...) +CVE-2004-2509 NOT-FOR-US: Infopop UBB.Threads -CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...) +CVE-2004-2508 NOT-FOR-US: Linksys hardware -CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...) +CVE-2004-2507 NOT-FOR-US: Linksys hardware -CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...) +CVE-2004-2506 NOT-FOR-US: WIKINDX -CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...) +CVE-2004-2505 NOT-FOR-US: ColdFusion -CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...) +CVE-2004-2504 NOT-FOR-US: Alt-N Technologies Mdaemon -CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...) +CVE-2004-2503 NOT-FOR-US: Inweb Mail Server -CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...) +CVE-2004-2502 - im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected) -CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...) +CVE-2004-2501 NOT-FOR-US: MailEnable Professional -CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...) +CVE-2004-2500 - ilohamail 0.8.14-0rc1 -CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...) +CVE-2004-2499 NOT-FOR-US: Hitachi Web Page Generator -CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...) +CVE-2004-2498 NOT-FOR-US: Hitachi Web Page Generator -CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...) +CVE-2004-2497 NOT-FOR-US: Hitachi Web Page Generator -CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...) +CVE-2004-2496 NOT-FOR-US: OpenText FirstClass -CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...) +CVE-2004-2495 NOT-FOR-US: Ability Mail Server -CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...) +CVE-2004-2494 NOT-FOR-US: Ability Mail Server -CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...) +CVE-2004-2493 NOT-FOR-US: GmaxWWW -CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...) +CVE-2004-2492 NOT-FOR-US: GmaxWWW -CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...) +CVE-2004-2491 NOT-FOR-US: Opera -CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...) +CVE-2004-2490 NOT-FOR-US: Informix Dynamic Server -CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...) +CVE-2004-2489 NOT-FOR-US: Informix Dynamic Server -CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) +CVE-2004-2488 NOT-FOR-US: Nexgen FTP Server -CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) +CVE-2004-2487 NOT-FOR-US: Nexgen FTP Server -CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...) +CVE-2004-2486 - dropbear 0.43-2 -CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major ...) +CVE-2004-2485 NOT-FOR-US: PHP Live! -CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...) +CVE-2004-2484 NOT-FOR-US: PHP Gift Registry CVE-2004-XXXX [Unspecified buffer overflow in libmng] - libmng 1.0.8-1 (bug #250106) @@ -642,1718 +642,1718 @@ CVE-2004-XXXX [Two vulnerabilities in sredird] - sredird 2.2.1-1.1 (bug #267098) CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host] - phpwiki 1.3.12p2-1 (bug #282565; medium) -CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...) +CVE-2004-2483 NOT-FOR-US: Kerio WinRoute Firewall -CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...) +CVE-2004-2482 NOT-FOR-US: Outlook -CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...) +CVE-2004-2481 NOT-FOR-US: MyProxy -CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...) +CVE-2004-2480 NOTE: could not reproduce this with squid 2.5, neither could the redhat guys NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522 - squid 2.5 -CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...) +CVE-2004-2479 - squid 2.5.8 -CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM ...) +CVE-2004-2478 NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name." -CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...) +CVE-2004-2477 NOT-FOR-US: DiamondCS -CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...) +CVE-2004-2476 NOT-FOR-US: MS IE -CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...) +CVE-2004-2475 NOT-FOR-US: Google Toolbar -CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...) +CVE-2004-2474 NOT-FOR-US: PHPNews -CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows ...) +CVE-2004-2473 NOT-FOR-US: wmFrog -CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...) +CVE-2004-2472 NOT-FOR-US: Outpost Pro -CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...) +CVE-2004-2471 NOT-FOR-US: QuoteEngine -CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...) +CVE-2004-2470 NOT-FOR-US: MadBMS -CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...) +CVE-2004-2469 NOT-FOR-US: phpScheduleIt -CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...) +CVE-2004-2468 NOT-FOR-US: SillySearch -CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...) +CVE-2004-2467 NOT-FOR-US: Easy Chat Server -CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...) +CVE-2004-2466 NOT-FOR-US: Easy Chat Server -CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...) +CVE-2004-2465 NOT-FOR-US: Easy Chat Server -CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...) +CVE-2004-2464 NOT-FOR-US: ADA Image Server -CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...) +CVE-2004-2463 NOT-FOR-US: ADA Image Server -CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...) +CVE-2004-2462 - cplay 1.49-3 (medium) -CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...) +CVE-2004-2461 - gnubiff 2.0.0 (medium) -CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...) +CVE-2004-2460 - gnubiff 2.0.0 (medium) -CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...) +CVE-2004-2459 - gnubiff 2.0.0 (medium) -CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...) +CVE-2004-2458 NOT-FOR-US: Open WebMail -CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...) +CVE-2004-2457 NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router -CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...) +CVE-2004-2456 NOT-FOR-US: miniBB -CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...) +CVE-2004-2455 NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g -CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...) +CVE-2004-2454 NOT-FOR-US: aMSN 0.90 for Microsoft Windows -CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...) +CVE-2004-2453 NOT-FOR-US: Tutti Nova -CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...) +CVE-2004-2452 NOT-FOR-US: Hitachi Cosminexus Portal Framework -CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...) +CVE-2004-2451 NOT-FOR-US: Roger Wilco -CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...) +CVE-2004-2450 NOT-FOR-US: Roger Wilco -CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...) +CVE-2004-2449 NOT-FOR-US: Roger Wilco -CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...) +CVE-2004-2448 NOT-FOR-US: S-Mart Shopping Cart or RediCart -CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...) +CVE-2004-2447 NOT-FOR-US: *1st Class Mail Server -CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...) +CVE-2004-2446 NOT-FOR-US: *1st Class Mail Server -CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...) +CVE-2004-2445 NOT-FOR-US: Jaws -CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...) +CVE-2004-2444 NOT-FOR-US: Jaws -CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...) +CVE-2004-2443 NOT-FOR-US: Jaws -CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...) +CVE-2004-2442 NOT-FOR-US: F-Secure Anti-Virus -CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...) +CVE-2004-2441 NOT-FOR-US: Kerio -CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...) +CVE-2004-2440 - proxytunnel 1.2.0-1 -CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...) +CVE-2004-2439 NOT-FOR-US: HP printers -CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...) +CVE-2004-2438 NOT-FOR-US: PHP-Fusion -CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...) +CVE-2004-2437 NOT-FOR-US: PHP-Fusion -CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...) +CVE-2004-2436 NOT-FOR-US: Computer Associates Unicenter Common Services -CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...) +CVE-2004-2435 NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS) -CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) +CVE-2004-2434 NOT-FOR-US: MS IE -CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...) +CVE-2004-2433 NOT-FOR-US: ADM ActiveX control -CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...) +CVE-2004-2432 NOT-FOR-US: WinAgents TFTP Server -CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...) +CVE-2004-2431 NOT-FOR-US: ignitionServer -CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...) +CVE-2004-2430 NOT-FOR-US: Trend OfficeScan -CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...) +CVE-2004-2429 NOT-FOR-US: EnderUNIX spamGuard -CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...) +CVE-2004-2428 NOT-FOR-US: WWWguestbook -CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) +CVE-2004-2427 NOT-FOR-US: Axis Network Camera -CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...) +CVE-2004-2426 NOT-FOR-US: Axis Network Camera -CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...) +CVE-2004-2425 NOT-FOR-US: Axis Network Camera -CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...) +CVE-2004-2424 NOT-FOR-US: BEA -CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...) +CVE-2004-2423 NOT-FOR-US: Ipswitch IMail Server -CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...) +CVE-2004-2422 NOT-FOR-US: Ipswitch IMail Server -CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...) +CVE-2004-2421 NOT-FOR-US: Hitachi Job Management Partner -CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...) +CVE-2004-2420 NOT-FOR-US: Hitachi Job Management Partner -CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...) +CVE-2004-2419 NOT-FOR-US: Keene Digital Media Server -CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...) +CVE-2004-2418 NOT-FOR-US: slimftpd not in debian -CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...) +CVE-2004-2417 NOT-FOR-US: smtp.proxy -CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...) +CVE-2004-2416 NOT-FOR-US: ccproxy -CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...) +CVE-2004-2415 NOT-FOR-US: Davenport -CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...) +CVE-2004-2414 NOT-FOR-US: Novell NetWare -CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...) +CVE-2004-2413 NOT-FOR-US: VP-ASP Shopping Cart -CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...) +CVE-2004-2412 NOT-FOR-US: VP-ASP Shopping Cart -CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...) +CVE-2004-2411 NOT-FOR-US: VP-ASP Shopping Cart -CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...) +CVE-2004-2410 - samhain 2.0.2 -CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...) +CVE-2004-2409 - samhain 2.0.2 -CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...) +CVE-2004-2408 - kernel-patch-vserver 1.9.2 -CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...) +CVE-2004-2407 - phpgroupware 0.9.14.002 -CVE-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before ...) +CVE-2004-2406 - phpgroupware 0.9.14.002 -CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...) +CVE-2004-2405 NOT-FOR-US: F-Secure Anti-Virus CVE-2004-2404 REJECTED -CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...) +CVE-2004-2403 NOT-FOR-US: YaBB -CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...) +CVE-2004-2402 NOT-FOR-US: YaBB -CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...) +CVE-2004-2401 NOT-FOR-US: Ipswitch IMail -CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...) +CVE-2004-2400 NOT-FOR-US: WinFTP Server -CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...) +CVE-2004-2399 NOT-FOR-US: Sidewinder -CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...) +CVE-2004-2398 NOT-FOR-US: Netenberg Fantastico De Luxe -CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...) +CVE-2004-2397 NOT-FOR-US: Blue Coat -CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...) +CVE-2004-2396 NOTE: shadow is a different code base, and does not have this problem -CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...) +CVE-2004-2395 NOTE: shadow is a different code base, and does not have this problem -CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...) +CVE-2004-2394 NOTE: shadow is a different code base, and does not have this problem -CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...) +CVE-2004-2393 NOT-FOR-US: Sun JSSE -CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...) +CVE-2004-2392 NOT-FOR-US: libuser -CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...) +CVE-2004-2391 NOT-FOR-US: jabber-gg-transport -CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...) +CVE-2004-2390 NOT-FOR-US: jabber-gg-transport -CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...) +CVE-2004-2389 NOT-FOR-US: jabber-gg-transport -CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...) +CVE-2004-2388 NOT-FOR-US: rexecd -CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...) +CVE-2004-2387 NOT-FOR-US: sercd -CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...) +CVE-2004-2386 NOT-FOR-US: sercd -CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...) +CVE-2004-2385 NOT-FOR-US: EMU Webmail -CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...) +CVE-2004-2384 NOT-FOR-US: Winamp -CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) +CVE-2004-2383 NOT-FOR-US: Microsoft -CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...) +CVE-2004-2382 NOT-FOR-US: Microsoft -CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...) +CVE-2004-2381 - jetty 4.2.19-1 (medium) -CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...) +CVE-2004-2380 NOT-FOR-US: Twilight Utilities Web Server -CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...) +CVE-2004-2379 NOT-FOR-US: @Mail -CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...) +CVE-2004-2378 NOT-FOR-US: @Mail -CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...) +CVE-2004-2377 NOT-FOR-US: Alcatel OmniSwitch -CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...) +CVE-2004-2376 NOT-FOR-US: Twilight Utilities Web Server -CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...) +CVE-2004-2375 NOT-FOR-US: 1st Class Mail Server -CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...) +CVE-2004-2374 NOT-FOR-US: BadBlue -CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...) +CVE-2004-2373 NOT-FOR-US: AIM -CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...) +CVE-2004-2372 - bochs 2.1.1-1 -CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...) +CVE-2004-2371 NOT-FOR-US: Red Storm Games -CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...) +CVE-2004-2370 NOT-FOR-US: Cerulean Trillian -CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...) +CVE-2004-2369 NOT-FOR-US: Lotus Domino -CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...) +CVE-2004-2368 NOT-FOR-US: Opt-X -CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...) +CVE-2004-2367 NOT-FOR-US: WFTPD -CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...) +CVE-2004-2366 NOT-FOR-US: GlobalScape Secure FTP Server -CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...) +CVE-2004-2365 NOT-FOR-US: Microsoft -CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...) +CVE-2004-2364 NOT-FOR-US: PHPX CMS -CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...) +CVE-2004-2363 NOT-FOR-US: PHPX CMS -CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...) +CVE-2004-2362 NOT-FOR-US: PHPX CMS -CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...) +CVE-2004-2361 NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0 -CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...) +CVE-2004-2360 NOT-FOR-US: Targem Battle Mages -CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...) +CVE-2004-2359 NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet -CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...) +CVE-2004-2358 - phpbb2 2.0.6c (low) -CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...) +CVE-2004-2357 NOT-FOR-US: roofpoint Protection Server -CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...) +CVE-2004-2356 NOT-FOR-US: Fizmez -CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...) +CVE-2004-2355 NOT-FOR-US: Crafty Syntax Live Help -CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...) +CVE-2004-2354 NOT-FOR-US: 4nGuestbook -CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...) +CVE-2004-2353 NOT-FOR-US: BugPort -CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...) +CVE-2004-2352 NOT-FOR-US: GBook -CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...) +CVE-2004-2351 NOT-FOR-US: GBook -CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...) +CVE-2004-2350 - phpbb2 2.0.8 (low) -CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) +CVE-2004-2349 NOT-FOR-US: Tunez -CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...) +CVE-2004-2348 NOT-FOR-US: Sybari AntiGen for Domino -CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...) +CVE-2004-2347 NOT-FOR-US: Leif M. Wright Web Blog -CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...) +CVE-2004-2346 NOT-FOR-US: Forum Web Server -CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...) +CVE-2004-2345 NOT-FOR-US: Oracle -CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...) +CVE-2004-2344 NOT-FOR-US: VocalTec -CVE-2004-2343 (** DISPUTED ** ...) +CVE-2004-2343 NOTE: apache disputes this and I agree -- joeyh -CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...) +CVE-2004-2342 NOT-FOR-US: ChatterBox -CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...) +CVE-2004-2341 NOT-FOR-US: iSearch -CVE-2004-2340 (** UNVERIFIABLE ** ...) +CVE-2004-2340 NOT-FOR-US: PunkBuster Screenshot Database -CVE-2004-2339 (** DISPUTED ** ...) +CVE-2004-2339 NOT-FOR-US: Microsoft -CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...) +CVE-2004-2338 NOT-FOR-US: OpenBSD -CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...) +CVE-2004-2337 NOT-FOR-US: inlook -CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...) +CVE-2004-2336 NOT-FOR-US: Novel Groupwise -CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...) +CVE-2004-2335 NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X -CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...) +CVE-2004-2334 NOT-FOR-US: EMU Webmail -CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...) +CVE-2004-2333 NOT-FOR-US: Bodington -CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...) +CVE-2004-2332 NOT-FOR-US: WWW::Form -CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...) +CVE-2004-2331 NOT-FOR-US: ColdFusion -CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...) +CVE-2004-2330 NOT-FOR-US: ColdFusion -CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...) +CVE-2004-2329 NOT-FOR-US: Kerio Personal Firewal -CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...) +CVE-2004-2328 NOT-FOR-US: Clearswift MAILsweeper -CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...) +CVE-2004-2327 NOT-FOR-US: Vizer -CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...) +CVE-2004-2326 NOT-FOR-US: IP3 Networks NetAccess -CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...) +CVE-2004-2325 NOT-FOR-US: DotNetNuke -CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...) +CVE-2004-2324 NOT-FOR-US: DotNetNuke -CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...) +CVE-2004-2323 NOT-FOR-US: DotNetNuke -CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...) +CVE-2004-2322 NOT-FOR-US: phpWebSite -CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...) +CVE-2004-2321 NOT-FOR-US: BEA WebLogic -CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...) +CVE-2004-2320 NOT-FOR-US: BEA WebLogic -CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...) +CVE-2004-2319 NOT-FOR-US: IBM Informatik Dynamic Server -CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...) +CVE-2004-2318 NOT-FOR-US: SurgeFTP Server -CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...) +CVE-2004-2317 NOT-FOR-US: AppWeb HTTP server -CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) +CVE-2004-2316 NOT-FOR-US: AppWeb HTTP server -CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...) +CVE-2004-2315 NOT-FOR-US: AppWeb HTTP server -CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...) +CVE-2004-2314 NOT-FOR-US: Novell iChain Server -CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...) +CVE-2004-2313 - courier <unfixed> (unimportant) NOTE: This is a lack of a security feature, but not a direct vulnerability -CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...) +CVE-2004-2312 NOT-FOR-US: AIX only -CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...) +CVE-2004-2311 NOT-FOR-US: Lotus Domino -CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...) +CVE-2004-2310 NOT-FOR-US: Lotus Domino -CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...) +CVE-2004-2309 NOT-FOR-US: Crob FTP Server -CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...) +CVE-2004-2308 NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel -CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...) +CVE-2004-2307 NOT-FOR-US: MS IE -CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...) +CVE-2004-2306 NOT-FOR-US: Solaris -CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...) +CVE-2004-2305 NOT-FOR-US: Computer Associates -CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...) +CVE-2004-2304 NOT-FOR-US: Cerulean Trillian -CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...) +CVE-2004-2303 - mtools 3.9.9 -CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...) +CVE-2004-2302 {DSA-922-1 DTSA-16-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) - kernel-source-2.4.27 <not-affected> -CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...) +CVE-2004-2301 NOT-FOR-US: Eudora -CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...) +CVE-2004-2300 - net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian) -CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...) +CVE-2004-2299 NOT-FOR-US: Omnicron -CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...) +CVE-2004-2298 NOT-FOR-US: Novell Internet Messaging System -CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) +CVE-2004-2162 {DSA-980-1} - tutos 1.1.20031017-2.1 (bug #318633; medium) -CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...) +CVE-2004-2161 {DSA-980-1} - tutos 1.1.20031017-2.1 (bug #318633; medium) -CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...) +CVE-2004-2297 NOT-FOR-US: PHP-Nuke -CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...) +CVE-2004-2296 NOT-FOR-US: PHP-Nuke -CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...) +CVE-2004-2295 NOT-FOR-US: PHP-Nuke -CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...) +CVE-2004-2294 NOT-FOR-US: PHP-Nuke -CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...) +CVE-2004-2293 NOT-FOR-US: PHP-Nuke -CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...) +CVE-2004-2292 NOT-FOR-US: Alt-N Technologies Mdaemon -CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...) +CVE-2004-2291 NOT-FOR-US: Microsoft -CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...) +CVE-2004-2290 NOT-FOR-US: Microsoft -CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...) +CVE-2004-2289 NOT-FOR-US: Microsoft -CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...) +CVE-2004-2288 NOT-FOR-US: vBulletin -CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...) +CVE-2004-2287 NOT-FOR-US: Light Web File Manager -CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...) +CVE-2004-2286 NOT-FOR-US: ActivePerl CVE-2004-2285 REJECTED -CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...) +CVE-2004-2284 NOT-FOR-US: OpenWebmail -CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...) +CVE-2004-2283 - dansguardian 2.6.1-13 (medium) -CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...) +CVE-2004-2282 - dansguardian 2.7.7-2 -CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...) +CVE-2004-2281 NOT-FOR-US: IBM Lotus Notes -CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...) +CVE-2004-2280 NOT-FOR-US: IBM Lotus Notes -CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...) +CVE-2004-2279 NOT-FOR-US: Invision Power Board -CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...) +CVE-2004-2278 NOT-FOR-US: vHost -CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...) +CVE-2004-2277 NOT-FOR-US: aGSM Half-Life -CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...) +CVE-2004-2276 NOT-FOR-US: F-Secure Anti-Virus -CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...) +CVE-2004-2275 NOT-FOR-US: I-Mall Commerce -CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...) +CVE-2004-2274 NOT-FOR-US: w3m Jigsaw -CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...) +CVE-2004-2273 NOT-FOR-US: efFingerD -CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...) +CVE-2004-2272 NOT-FOR-US: efFingerD -CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...) +CVE-2004-2271 NOT-FOR-US: MiniShare -CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...) +CVE-2004-2270 NOT-FOR-US: IBM Parallel Environment -CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...) +CVE-2004-2269 - pads 1.1.1 (high) -CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...) +CVE-2004-2268 NOT-FOR-US: PimenGest2 -CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...) +CVE-2004-2267 NOT-FOR-US: Ansel -CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...) +CVE-2004-2266 NOT-FOR-US: Ansel -CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...) +CVE-2004-2265 - uudeview 0.5.20-2.1 (bug #320541; low) [sarge] - uudeview <no-dsa> (Hardly exploitable) NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500) -CVE-2004-2264 (** DISPUTED ** ...) +CVE-2004-2264 - less <not-affected> (less is not suid, explotability unlikely) -CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...) +CVE-2004-2263 NOT-FOR-US: PlaySMS -CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...) +CVE-2004-2262 NOT-FOR-US: e107 -CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...) +CVE-2004-2261 NOT-FOR-US: e107 -CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...) +CVE-2004-2260 NOT-FOR-US: Opera -CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...) +CVE-2004-2259 - vsftpd 2.0.1-1 (low) -CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...) +CVE-2004-2258 NOT-FOR-US: Hummingbird Exceed -CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...) +CVE-2004-2257 NOT-FOR-US: phpMyFAQ -CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...) +CVE-2004-2256 NOT-FOR-US: phpMyFAQ -CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...) +CVE-2004-2255 NOT-FOR-US: phpMyFAQ -CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...) +CVE-2004-2254 NOT-FOR-US: SurgeLDAP -CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...) +CVE-2004-2253 NOT-FOR-US: SurgeLDAP -CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...) +CVE-2004-2252 NOT-FOR-US: Astaro suite -CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...) +CVE-2004-2251 NOT-FOR-US: Astaro suite -CVE-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before ...) +CVE-2004-2250 NOT-FOR-US: RemoteEditor -CVE-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before ...) +CVE-2004-2249 NOT-FOR-US: SecureEditor -CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...) +CVE-2004-2248 NOT-FOR-US: RemoteEditor -CVE-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in ...) +CVE-2004-2247 NOT-FOR-US: AudienceConnect -CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...) +CVE-2004-2246 NOT-FOR-US: Goollery -CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...) +CVE-2004-2245 NOT-FOR-US: Goollery -CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...) +CVE-2004-2244 NOT-FOR-US: Oracle -CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...) +CVE-2004-2243 NOT-FOR-US: Phorum -CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...) +CVE-2004-2242 NOT-FOR-US: Phorum -CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...) +CVE-2004-2241 NOT-FOR-US: Phorum -CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...) +CVE-2004-2240 NOT-FOR-US: Phorum -CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...) +CVE-2004-2239 - vpopmail <removed> (bug #320608; low) -CVE-2004-2238 (** DISPUTED ** ...) +CVE-2004-2238 NOTE: format string vuln in vpopmail doesn't seem to be real -CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...) +CVE-2004-2237 - moodle 1.4-1 -CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...) +CVE-2004-2236 - moodle 1.3.3-1 -CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...) +CVE-2004-2235 - moodle 1.2.1-1 -CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...) +CVE-2004-2234 - moodle 1.2.1-1 -CVE-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle ...) +CVE-2004-2233 - moodle 1.3.2-1 -CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...) +CVE-2004-2232 - moodle 1.4.2-1 -CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...) +CVE-2004-2231 NOT-FOR-US: InstallAnywhere -CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...) +CVE-2004-2230 NOT-FOR-US: OpenBSD -CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...) +CVE-2004-2229 NOT-FOR-US: Oracle -CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...) +CVE-2004-2228 - mozilla-firefox <not-affected> (Only affects Firefox on MacOS) -CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...) +CVE-2004-2227 - mozilla-firefox 1.0-1 -CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...) +CVE-2004-2226 - mozilla-thunderbird 1.0-3 -CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...) +CVE-2004-2225 - mozilla-firefox 0.99+1.0RC1-1 -CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...) +CVE-2004-2224 NOT-FOR-US: Message Foundry -CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...) +CVE-2004-2223 NOT-FOR-US: FsPHPGallery -CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...) +CVE-2004-2222 NOT-FOR-US: FsPHPGallery -CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...) +CVE-2004-2221 NOT-FOR-US: SoftCart -CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...) +CVE-2004-2220 NOT-FOR-US: F-Secure Anti-Virus -CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...) +CVE-2004-2219 NOT-FOR-US: Microsoft -CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...) +CVE-2004-2218 NOT-FOR-US: PHPMyWebHosting -CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...) +CVE-2004-2217 NOT-FOR-US: yChat -CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) +CVE-2004-2216 NOT-FOR-US: Sun Java -CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...) +CVE-2004-2215 - rxvt-unicode 3.8-1 -CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) +CVE-2004-2214 NOT-FOR-US: AppWeb HTTP server -CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) +CVE-2004-2213 NOT-FOR-US: AppWeb HTTP server -CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...) +CVE-2004-2212 NOT-FOR-US: AliveSites -CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...) +CVE-2004-2211 NOT-FOR-US: AliveSites -CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) +CVE-2004-2210 NOT-FOR-US: Express-Web -CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) +CVE-2004-2209 NOT-FOR-US: IdealBB -CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) +CVE-2004-2208 NOT-FOR-US: IdealBB -CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...) +CVE-2004-2207 NOT-FOR-US: IdealBB -CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...) +CVE-2004-2206 NOT-FOR-US: NatterChat -CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...) +CVE-2004-2205 NOT-FOR-US: Veritas -CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...) +CVE-2004-2204 NOT-FOR-US: Cold Fusion -CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) +CVE-2004-2203 NOT-FOR-US: Ansel -CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...) +CVE-2004-2202 NOT-FOR-US: DUclassified -CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...) +CVE-2004-2201 NOT-FOR-US: DUforum -CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...) +CVE-2004-2200 NOT-FOR-US: DUforum -CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...) +CVE-2004-2199 NOT-FOR-US: DUclassified -CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...) +CVE-2004-2198 NOT-FOR-US: DUclassmate -CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...) +CVE-2004-2197 NOT-FOR-US: kdocker -CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...) +CVE-2004-2196 NOT-FOR-US: Zanfi -CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...) +CVE-2004-2195 NOT-FOR-US: Zanfi -CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...) +CVE-2004-2194 NOT-FOR-US: MailEnable -CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...) +CVE-2004-2193 NOT-FOR-US: CJOverkill -CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...) +CVE-2004-2192 NOT-FOR-US: Turbo Traffic Trader -CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) +CVE-2004-2191 NOT-FOR-US: Turbo Traffic Trader -CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...) +CVE-2004-2190 - unzoo 4.4-3 (bug #306164) -CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...) +CVE-2004-2189 NOT-FOR-US: DMXReady -CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...) +CVE-2004-2188 NOT-FOR-US: DMXReady -CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...) +CVE-2004-2187 - mediawiki 1.4.9 (bug #276057) -CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...) +CVE-2004-2186 - mediawiki 1.4.9 (bug #276057) -CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...) +CVE-2004-2185 - mediawiki 1.4.9 (bug #276057) -CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...) +CVE-2004-2184 NOT-FOR-US: Digicraft Yak! -CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...) +CVE-2004-2183 NOT-FOR-US: WeHelpBUS -CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...) +CVE-2004-2182 NOT-FOR-US: Macromedia JRun -CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow ...) +CVE-2004-2181 NOT-FOR-US: WowBB Forum -CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...) +CVE-2004-2180 NOT-FOR-US: WowBB Forum -CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...) +CVE-2004-2179 NOT-FOR-US: Microsoft -CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...) +CVE-2004-2178 NOT-FOR-US: DevoyBB -CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...) +CVE-2004-2177 NOT-FOR-US: DevoyBB -CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...) +CVE-2004-2176 NOT-FOR-US: Microsoft -CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...) +CVE-2004-2175 NOT-FOR-US: ReviewPost -CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...) +CVE-2004-2174 NOT-FOR-US: EarlyImpact -CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...) +CVE-2004-2173 NOT-FOR-US: EarlyImpact -CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...) +CVE-2004-2172 NOT-FOR-US: EarlyImpact -CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...) +CVE-2004-2171 - cherokee 0.4.8 -CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...) +CVE-2004-2170 NOT-FOR-US: Caravan -CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...) +CVE-2004-2169 NOT-FOR-US: Application Access Server (A-A-S) -CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...) +CVE-2004-2168 NOT-FOR-US: BaSoMail -CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...) +CVE-2004-2167 - latex2rtf 1.9.16 -CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...) +CVE-2004-2166 NOT-FOR-US: Canon ImageRUNNER -CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...) +CVE-2004-2165 NOT-FOR-US: Lords of the Realm -CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...) +CVE-2004-2164 NOT-FOR-US: VP-ASP -CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...) +CVE-2004-2163 NOT-FOR-US: OpenBSD -CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...) +CVE-2004-2160 - xmlstarlet 1.0.0-1 -CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...) +CVE-2004-2159 - xmlstarlet 1.0.0-1 -CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...) +CVE-2004-2158 - serendipity 1.0-1 -CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...) +CVE-2004-2157 - serendipity 1.0-1 -CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...) +CVE-2004-2156 NOT-FOR-US: Online Recruitment Agency -CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...) +CVE-2004-2155 NOT-FOR-US: Online-bookmarks -CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...) +CVE-2004-2154 - cups 1.1.20final+rc1-1 (low) - cupsys 1.1.20final+rc1-1 (low) -CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...) +CVE-2004-2153 NOT-FOR-US: Real Estate Management Software -CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...) +CVE-2004-2152 - mediawiki 1.4.9 (bug #276057) -CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a ...) +CVE-2004-2151 NOT-FOR-US: Chatman -CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...) +CVE-2004-2150 NOT-FOR-US: INTELLIPEER Email Server -CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...) +CVE-2004-2149 - mysql-dfsg-4.1 4.1.5-1 -CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...) +CVE-2004-2148 - fprobe-ng 1.1-1 - fprobe 1.1-4 NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package NOTE: replaced fprobe therefore marking as fixed in 1.1-4 -CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...) +CVE-2004-2147 NOT-FOR-US: Symantec Antivirus -CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) +CVE-2004-2146 NOT-FOR-US: MegaBBS -CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) +CVE-2004-2145 NOT-FOR-US: MegaBBS -CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...) +CVE-2004-2144 NOT-FOR-US: Baal Smart Forms -CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...) +CVE-2004-2143 NOT-FOR-US: Mambo Portal -CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...) +CVE-2004-2142 - sdd 1.52-1 CVE-2004-2141 REJECTED -CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...) +CVE-2004-2140 NOT-FOR-US: YaBB -CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...) +CVE-2004-2139 NOT-FOR-US: YaBB -CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...) +CVE-2004-2138 NOT-FOR-US: MySQLGuest -CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) +CVE-2004-2137 NOT-FOR-US: Microsoft -CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) +CVE-2004-2136 - linux-2.6 2.6.10-1 (low) - linux-2.6.24 <not-affected> (fixed before initial upload) -CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) +CVE-2004-2135 - linux-2.6 2.6.32-2 (unimportant) - linux-2.6.24 <removed> (unimportant) NOTE: minor issue; solution (removal of cryptoloop) would be a significant change NOTE: if backported to the stable releases NOTE: mitigation: use dm-crypt or loop-aes for disk encrytion instead of cryptoloop -CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) +CVE-2004-2134 NOT-FOR-US: Oracle -CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) +CVE-2004-2133 NOT-FOR-US: CVSup third party modules -CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) +CVE-2004-2132 NOT-FOR-US: PJ CGI Nero -CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) +CVE-2004-2131 NOT-FOR-US: Informix Dynamic Server -CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) +CVE-2004-2130 - phpbb2 2.0.6d-2 -CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) +CVE-2004-2129 NOT-FOR-US: SurfNOW -CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) +CVE-2004-2128 NOT-FOR-US: WebWeaver -CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) +CVE-2004-2127 NOT-FOR-US: Web Blog -CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) +CVE-2004-2126 NOT-FOR-US: BlackICE -CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...) +CVE-2004-2125 NOT-FOR-US: BlackICE -CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) +CVE-2004-2124 - gallery 1.4.4-pl1-1 -CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) +CVE-2004-2123 NOT-FOR-US: Nextplace -CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) +CVE-2004-2122 NOT-FOR-US: Intra Forum -CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) +CVE-2004-2121 NOT-FOR-US: Borland Web Server -CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) +CVE-2004-2120 NOT-FOR-US: Reptile Web Server -CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) +CVE-2004-2119 NOT-FOR-US: Tiny Server -CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) +CVE-2004-2118 NOT-FOR-US: Tiny Server -CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) +CVE-2004-2117 NOT-FOR-US: Tiny Server -CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) +CVE-2004-2116 NOT-FOR-US: Tiny Server -CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) +CVE-2004-2115 NOT-FOR-US: Oracle -CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) +CVE-2004-2114 NOT-FOR-US: ProxyNow! -CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) +CVE-2004-2113 NOT-FOR-US: BremsServer -CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) +CVE-2004-2112 NOT-FOR-US: BremsServer -CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) +CVE-2004-2111 NOT-FOR-US: Serv-U FTP Server -CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) +CVE-2004-2110 NOT-FOR-US: Phorum -CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2004-2109 NOT-FOR-US: Q-Shop -CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) +CVE-2004-2108 NOT-FOR-US: Q-Shop -CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) +CVE-2004-2107 NOT-FOR-US: Finjan SurfinGate -CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) +CVE-2004-2106 NOT-FOR-US: Novell NetWare -CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) +CVE-2004-2105 NOT-FOR-US: Novell NetWare -CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) +CVE-2004-2104 NOT-FOR-US: Novell NetWare -CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) +CVE-2004-2103 NOT-FOR-US: Novell NetWare -CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) +CVE-2004-2102 NOT-FOR-US: Freesco -CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) +CVE-2004-2101 NOT-FOR-US: GeoHttpServer -CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) +CVE-2004-2100 NOT-FOR-US: GeoHttpServer -CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) +CVE-2004-2099 NOT-FOR-US: Need for Speed game -CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) +CVE-2004-2098 NOT-FOR-US: Banner engine -CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) +CVE-2004-2097 - fvwm <not-affected> (Used mktemp) - xbase-clients <not-affected> (x11perfcomp uses mkdir atomically) - lvm10 <not-affected> (does not contain lvmcreate_initrd) -CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) +CVE-2004-2096 NOT-FOR-US: Mephistoles -CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) +CVE-2004-2095 - honeyd 0.8-1 -CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) +CVE-2004-2094 NOT-FOR-US: WebcamXP -CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) +CVE-2004-2093 - rsync 2.6.1-1 -CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...) +CVE-2004-2092 NOT-FOR-US: InoculateIT -CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...) +CVE-2004-2091 NOT-FOR-US: Microsoft -CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) +CVE-2004-2090 NOT-FOR-US: Microsoft -CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) +CVE-2004-2089 NOT-FOR-US: Matrix FTP Server -CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...) +CVE-2004-2088 NOT-FOR-US: Sophos -CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...) +CVE-2004-2087 NOT-FOR-US: SandSurfer -CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) +CVE-2004-2086 NOT-FOR-US: Sambar -CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) +CVE-2004-2085 NOT-FOR-US: phpcodeCabinet -CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...) +CVE-2004-2084 NOT-FOR-US: JShop -CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...) +CVE-2004-2083 NOT-FOR-US: Opera -CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...) +CVE-2004-2082 NOT-FOR-US: Sami FTP Server -CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...) +CVE-2004-2081 NOT-FOR-US: Sami FTP Server -CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...) +CVE-2004-2080 NOT-FOR-US: Red-Alert -CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...) +CVE-2004-2079 NOT-FOR-US: Red-Alert -CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...) +CVE-2004-2078 NOT-FOR-US: Red-Alert -CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...) +CVE-2004-2077 NOT-FOR-US: Nadeo -CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...) +CVE-2004-2076 NOT-FOR-US: Jelsoft Bulletin -CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...) +CVE-2004-2075 NOT-FOR-US: Sophos -CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...) +CVE-2004-2074 NOT-FOR-US: Dream FTP -CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...) +CVE-2004-2073 - kernel-patch-vserver 1.9.4-1 -CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...) +CVE-2004-2072 NOT-FOR-US: Mambo -CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...) +CVE-2004-2071 NOT-FOR-US: Macallan -CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...) +CVE-2004-2070 NOT-FOR-US: Altiris Client Service for Windows -CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...) +CVE-2004-2067 NOT-FOR-US: JAWS -CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...) +CVE-2004-2066 NOT-FOR-US: LinPHA -CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) +CVE-2004-2065 - dansguardian 2.5.2-0-0.1 -CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier ...) +CVE-2004-2064 NOT-FOR-US: lostBook -CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) +CVE-2004-2063 NOT-FOR-US: AntiBoard -CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...) +CVE-2004-2062 NOT-FOR-US: AntiBoard -CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) +CVE-2004-2061 NOT-FOR-US: RiSearch -CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...) +CVE-2004-2060 NOT-FOR-US: ASPRunner -CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...) +CVE-2004-2059 NOT-FOR-US: ASPRunner -CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...) +CVE-2004-2058 NOT-FOR-US: ASPRunner -CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...) +CVE-2004-2057 NOT-FOR-US: ASPRunner -CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...) +CVE-2004-2056 NOT-FOR-US: ASPRunner -CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) +CVE-2004-2055 - phpbb2 2.0.10-1 -CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...) +CVE-2004-2054 - phpbb2 2.0.10-1 -CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...) +CVE-2004-2053 NOT-FOR-US: Easyins Stadtportal -CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...) +CVE-2004-2052 NOT-FOR-US: eSeSIX Thintune -CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...) +CVE-2004-2051 NOT-FOR-US: eSeSIX Thintune -CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) +CVE-2004-2050 NOT-FOR-US: eSeSIX Thintune -CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) +CVE-2004-2049 NOT-FOR-US: eSeSIX Thintune -CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...) +CVE-2004-2048 NOT-FOR-US: no_package -CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) +CVE-2004-2047 NOT-FOR-US: no_package -CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...) +CVE-2004-2046 NOT-FOR-US: no_package -CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) +CVE-2004-2045 NOT-FOR-US: no_package -CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...) +CVE-2004-2044 NOT-FOR-US: no_package -CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...) +CVE-2004-2043 {DSA-1014-1} - firebird2 1.5.3.4870-3 (bug #357580) -CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) +CVE-2004-2042 NOT-FOR-US: no_package -CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in ...) +CVE-2004-2041 NOT-FOR-US: no_package -CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) +CVE-2004-2040 NOT-FOR-US: no_package -CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) +CVE-2004-2039 NOT-FOR-US: no_package -CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) +CVE-2004-2038 NOT-FOR-US: no_package -CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) +CVE-2004-2037 NOT-FOR-US: no_package -CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) +CVE-2004-2036 NOT-FOR-US: no_package -CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...) +CVE-2004-2035 NOT-FOR-US: no_package -CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...) +CVE-2004-2034 NOT-FOR-US: no_package -CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...) +CVE-2004-2033 NOT-FOR-US: no_package -CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) +CVE-2004-2032 NOT-FOR-US: no_package -CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...) +CVE-2004-2031 NOT-FOR-US: no_package -CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...) +CVE-2004-2030 NOT-FOR-US: no_package -CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...) +CVE-2004-2029 NOT-FOR-US: no_package -CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...) +CVE-2004-2028 NOT-FOR-US: no_package -CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...) +CVE-2004-2027 - icecast2 2.0.1.debian-1 -CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) +CVE-2004-2026 - pound 1.7-1 -CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) +CVE-2004-2025 NOT-FOR-US: no_package -CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...) +CVE-2004-2024 NOT-FOR-US: no_package -CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) +CVE-2004-2023 NOT-FOR-US: no_package -CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...) +CVE-2004-2022 NOT-FOR-US: various perls on Windows -CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) +CVE-2004-2021 NOT-FOR-US: osCommerce -CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...) +CVE-2004-2020 NOT-FOR-US: php-nuke -CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) +CVE-2004-2019 NOT-FOR-US: php-nuke -CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x ...) +CVE-2004-2018 NOT-FOR-US: php-nuke -CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) +CVE-2004-2017 NOT-FOR-US: Turbo Traffic Trader C (TTT-C) -CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...) +CVE-2004-2016 NOT-FOR-US: netchat -CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) +CVE-2004-2015 NOT-FOR-US: WebCT -CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) +CVE-2004-2014 - wget 1.9.1-12 -CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) +CVE-2004-2013 NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok -CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) +CVE-2004-2012 NOT-FOR-US: NetBSD -CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) +CVE-2004-2011 NOT-FOR-US: MSIE -CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...) +CVE-2004-2010 NOT-FOR-US: phpShop -CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) +CVE-2004-2009 NOT-FOR-US: NukeJokes -CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) +CVE-2004-2008 NOT-FOR-US: NukeJokes -CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...) +CVE-2004-2007 NOT-FOR-US: NukeJokes -CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) +CVE-2004-2006 NOT-FOR-US: OfficeScan -CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...) +CVE-2004-2005 NOT-FOR-US: Eudora -CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) +CVE-2004-2004 NOT-FOR-US: SUSE Live CD -CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...) +CVE-2004-2003 NOT-FOR-US: DeleGate -CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...) +CVE-2004-2002 NOT-FOR-US: IRIX -CVE-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...) +CVE-2004-2001 NOT-FOR-US: IRIX -CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...) +CVE-2004-2000 NOT-FOR-US: Php-Nuke -CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) +CVE-2004-1999 NOT-FOR-US: Windows -CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...) +CVE-2004-1998 NOT-FOR-US: php-nuke -CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...) +CVE-2004-1997 NOT-FOR-US: kolab -CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) +CVE-2004-1996 NOT-FOR-US: Simple Machines Forum -CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) +CVE-2004-1995 NOT-FOR-US: FuseTalk -CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...) +CVE-2004-1994 NOT-FOR-US: FuseTalk -CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...) +CVE-2004-1993 NOT-FOR-US: omail -CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...) +CVE-2004-1992 NOT-FOR-US: Serv-U -CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...) +CVE-2004-1991 NOT-FOR-US: aweb -CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) +CVE-2004-1990 NOT-FOR-US: aweb -CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine ...) +CVE-2004-1989 NOT-FOR-US: Coppermine -CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...) +CVE-2004-1988 NOT-FOR-US: Coppermine -CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) +CVE-2004-1987 NOT-FOR-US: Coppermine -CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...) +CVE-2004-1986 NOT-FOR-US: Coppermine -CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) +CVE-2004-1985 NOT-FOR-US: Coppermine -CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) +CVE-2004-1984 NOT-FOR-US: Coppermine -CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...) +CVE-2004-1983 - kernel-patch-adamantix <not-affected> (Only affects PaX for kernel 2.6) -CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...) +CVE-2004-1982 NOT-FOR-US: YaBB -CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) +CVE-2004-1981 NOT-FOR-US: Crystal Reports -CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...) +CVE-2004-1980 NOT-FOR-US: PROPS -CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...) +CVE-2004-1979 NOT-FOR-US: PROPS -CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) +CVE-2004-1978 - moodle 1.3 -CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) +CVE-2004-1977 NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager -CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...) +CVE-2004-1976 NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR -CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...) +CVE-2004-1975 NOT-FOR-US: paFileDB -CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) +CVE-2004-1974 NOT-FOR-US: paFileDB -CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...) +CVE-2004-1973 NOT-FOR-US: DiGi Web Server -CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...) +CVE-2004-1972 NOT-FOR-US: PHP-Nuke -CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) +CVE-2004-1971 NOT-FOR-US: PHP-Nuke -CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...) +CVE-2004-1970 NOT-FOR-US: Samsung SmartEther SS6215Sswitch -CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) +CVE-2004-1969 NOT-FOR-US: OpenBB -CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) +CVE-2004-1968 NOT-FOR-US: OpenBB -CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...) +CVE-2004-1967 NOT-FOR-US: OpenBB -CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) +CVE-2004-1966 NOT-FOR-US: OpenBB -CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...) +CVE-2004-1965 NOT-FOR-US: OpenBB -CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...) +CVE-2004-1964 NOT-FOR-US: Network Query Tool (NQT) -CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...) +CVE-2004-1963 NOT-FOR-US: Network Query Tool (NQT) -CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...) +CVE-2004-1962 NOT-FOR-US: Protector System -CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...) +CVE-2004-1961 NOT-FOR-US: Protector System -CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...) +CVE-2004-1960 NOT-FOR-US: Protector System -CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...) +CVE-2004-1959 NOT-FOR-US: Protector System -CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...) +CVE-2004-1958 NOT-FOR-US: Unreal engine -CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) +CVE-2004-1957 NOT-FOR-US: PostNuke -CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...) +CVE-2004-1956 NOT-FOR-US: PostNuke -CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) +CVE-2004-1955 NOT-FOR-US: phProfession -CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...) +CVE-2004-1954 NOT-FOR-US: phProfession -CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) +CVE-2004-1953 NOT-FOR-US: phProfession -CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...) +CVE-2004-1952 NOT-FOR-US: Advanced Guestbook -CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...) +CVE-2004-1951 - xine-ui 0.99.1 -CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...) +CVE-2004-1950 - phpbb2 2.0.9 -CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...) +CVE-2004-1949 NOT-FOR-US: PostNuke -CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...) +CVE-2004-1948 - ncftp 2:3.1.8-1 (low) -CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...) +CVE-2004-1947 NOT-FOR-US: bitdefender -CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...) +CVE-2004-1946 - cherokee 0.4.21b01-1 -CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) +CVE-2004-1945 NOT-FOR-US: Kinesphere eXchange POP3 -CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) +CVE-2004-1944 NOT-FOR-US: Eudora -CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...) +CVE-2004-1943 NOT-FOR-US: phpbb as modified by przemo -CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) +CVE-2004-1942 NOT-FOR-US: Solaris -CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...) +CVE-2004-1941 NOT-FOR-US: Fastream NETFile FTP/Web Server -CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...) +CVE-2004-1940 - kphone 1:4.0.2 -CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...) +CVE-2004-1939 NOT-FOR-US: Zaep -CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...) +CVE-2004-1938 NOT-FOR-US: Phorum -CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...) +CVE-2004-1937 NOT-FOR-US: Nuked-KlaN -CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...) +CVE-2004-1936 NOT-FOR-US: ZoneAlarm -CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) +CVE-2004-1935 NOT-FOR-US: SCT Campus Pipeline -CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...) +CVE-2004-1934 NOT-FOR-US: Gemitel -CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) +CVE-2004-1933 NOT-FOR-US: Citadel -CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...) +CVE-2004-1932 NOT-FOR-US: PhpNuke -CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) +CVE-2004-1930 NOT-FOR-US: PhpNuke -CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...) +CVE-2004-1929 NOT-FOR-US: PhpNuke -CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...) +CVE-2004-1928 NOT-FOR-US: tikiwiki -CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) +CVE-2004-1927 NOT-FOR-US: tikiwiki -CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) +CVE-2004-1926 NOT-FOR-US: tikiwiki -CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...) +CVE-2004-1925 NOT-FOR-US: tikiwiki -CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...) +CVE-2004-1924 NOT-FOR-US: tikiwiki -CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) +CVE-2004-1923 NOT-FOR-US: tikiwiki -CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) +CVE-2004-1922 NOT-FOR-US: MSIE -CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...) +CVE-2004-1921 NOT-FOR-US: X-Micro WLAN 11b Broadband Router -CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) +CVE-2004-1920 NOT-FOR-US: X-Micro WLAN 11b Broadband Router -CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) +CVE-2004-1919 NOT-FOR-US: Crackalaka -CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...) +CVE-2004-1918 NOT-FOR-US: rsniff -CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...) +CVE-2004-1917 - lcdproc 0.4.5 -CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...) +CVE-2004-1916 - lcdproc 0.4.5 -CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...) +CVE-2004-1915 - lcdproc 0.4.5 -CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...) +CVE-2004-1914 NOT-FOR-US: phpnuke -CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...) +CVE-2004-1913 NOT-FOR-US: phpnuke -CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) +CVE-2004-1912 NOT-FOR-US: phpnuke -CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...) +CVE-2004-1911 NOT-FOR-US: AzDGDatingLite -CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) +CVE-2004-1910 NOT-FOR-US: Symantec -CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) +CVE-2004-1909 - clamav 0.68.1 -CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...) +CVE-2004-1908 NOT-FOR-US: Mcafee FreeScan -CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...) +CVE-2004-1907 NOT-FOR-US: Kerio Personal Firewall -CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...) +CVE-2004-1906 NOT-FOR-US: Mcafee FreeScan -CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) +CVE-2004-1905 NOT-FOR-US: Panda ActiveScan -CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) +CVE-2004-1904 NOT-FOR-US: Panda ActiveScan -CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...) +CVE-2004-1903 NOT-FOR-US: blaxxun -CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...) +CVE-2004-1902 NOT-FOR-US: Citrix MetaFrame Password Manager -CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...) +CVE-2004-1901 NOT-FOR-US: gentoo portage -CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...) +CVE-2004-1900 NOT-FOR-US: IGI 2 Covert Strike server -CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) +CVE-2004-1899 - monit 1:4.2.1 -CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) +CVE-2004-1898 - monit 1:4.2.1-1 -CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) +CVE-2004-1897 - monit 1:4.2.1-1 -CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...) +CVE-2004-1896 NOT-FOR-US: no_package -CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ...) +CVE-2004-1895 NOT-FOR-US: no_package -CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...) +CVE-2004-1894 NOT-FOR-US: no_package -CVE-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) +CVE-2004-1893 NOT-FOR-US: no_package -CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...) +CVE-2004-1892 NOT-FOR-US: no_package -CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...) +CVE-2004-1891 NOT-FOR-US: no_package -CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) +CVE-2004-1890 NOT-FOR-US: no_package -CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) +CVE-2004-1889 NOT-FOR-US: no_package -CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...) +CVE-2004-1888 NOT-FOR-US: no_package -CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...) +CVE-2004-1887 NOT-FOR-US: no_package CVE-2004-1886 REJECTED -CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) +CVE-2004-1885 NOT-FOR-US: no_package -CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) +CVE-2004-1884 NOT-FOR-US: no_package -CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...) +CVE-2004-1883 NOT-FOR-US: no_package -CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...) +CVE-2004-1882 NOT-FOR-US: no_package -CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) +CVE-2004-1881 NOT-FOR-US: no_package -CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...) +CVE-2004-1880 - openldap2 2.1.17-1 -CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) +CVE-2004-1879 NOT-FOR-US: no_package -CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...) +CVE-2004-1878 NOT-FOR-US: no_package -CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...) +CVE-2004-1877 NOT-FOR-US: no_package -CVE-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) +CVE-2004-1876 - clamav 0.70-1 -CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...) +CVE-2004-1875 NOT-FOR-US: no_package -CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) +CVE-2004-1874 NOT-FOR-US: no_package -CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...) +CVE-2004-1873 NOT-FOR-US: no_package -CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) +CVE-2004-1872 NOT-FOR-US: no_package -CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) +CVE-2004-1871 NOT-FOR-US: no_package -CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) +CVE-2004-1870 NOT-FOR-US: no_package -CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...) +CVE-2004-1869 NOT-FOR-US: no_package -CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...) +CVE-2004-1868 NOT-FOR-US: no_package -CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...) +CVE-2004-1867 NOT-FOR-US: no_package -CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) +CVE-2004-1866 - nstx 1.1-beta4-1 -CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...) +CVE-2004-1865 NOT-FOR-US: no_package -CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...) +CVE-2004-1864 NOT-FOR-US: no_package -CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka ...) +CVE-2004-1863 NOT-FOR-US: no_package -CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...) +CVE-2004-1862 NOT-FOR-US: no_package -CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...) +CVE-2004-1861 NOT-FOR-US: no_package -CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...) +CVE-2004-1860 NOT-FOR-US: no_package -CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...) +CVE-2004-1859 NOT-FOR-US: no_package -CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) +CVE-2004-1858 NOT-FOR-US: no_package -CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...) +CVE-2004-1857 NOT-FOR-US: no_package -CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) +CVE-2004-1856 NOT-FOR-US: no_package -CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...) +CVE-2004-1855 NOT-FOR-US: no_package -CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) +CVE-2004-1854 NOT-FOR-US: no_package -CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) +CVE-2004-1853 NOT-FOR-US: no_package -CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...) +CVE-2004-1852 NOT-FOR-US: no_package -CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...) +CVE-2004-1851 NOT-FOR-US: no_package -CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) +CVE-2004-1850 NOT-FOR-US: no_package -CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...) +CVE-2004-1849 NOT-FOR-US: no_package -CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) +CVE-2004-1848 NOT-FOR-US: no_package -CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) +CVE-2004-1847 NOT-FOR-US: no_package -CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) +CVE-2004-1846 NOT-FOR-US: no_package -CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...) +CVE-2004-1845 NOT-FOR-US: no_package -CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...) +CVE-2004-1844 NOT-FOR-US: no_package -CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...) +CVE-2004-1843 NOT-FOR-US: no_package -CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...) +CVE-2004-1842 NOT-FOR-US: no_package -CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...) +CVE-2004-1841 NOT-FOR-US: no_package -CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) +CVE-2004-1840 NOT-FOR-US: no_package -CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) +CVE-2004-1839 NOT-FOR-US: no_package -CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) +CVE-2004-1838 NOT-FOR-US: no_package -CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...) +CVE-2004-1837 NOT-FOR-US: no_package -CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...) +CVE-2004-1836 NOT-FOR-US: no_package -CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...) +CVE-2004-1835 NOT-FOR-US: no_package -CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...) +CVE-2004-1834 - apache2 2.0.53-1 -CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...) +CVE-2004-1833 NOT-FOR-US: no_package -CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...) +CVE-2004-1832 NOT-FOR-US: no_package -CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...) +CVE-2004-1831 NOT-FOR-US: no_package -CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...) +CVE-2004-1830 NOT-FOR-US: no_package -CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...) +CVE-2004-1829 NOT-FOR-US: no_package -CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...) +CVE-2004-1828 NOT-FOR-US: no_package -CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...) +CVE-2004-1827 NOT-FOR-US: no_package -CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...) +CVE-2004-1826 NOT-FOR-US: no_package -CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...) +CVE-2004-1825 NOT-FOR-US: no_package -CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...) +CVE-2004-1824 NOT-FOR-US: no_package -CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...) +CVE-2004-1823 NOT-FOR-US: no_package -CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...) +CVE-2004-1822 NOT-FOR-US: no_package -CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...) +CVE-2004-1821 NOT-FOR-US: no_package -CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in ...) +CVE-2004-1820 NOT-FOR-US: no_package -CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...) +CVE-2004-1819 NOT-FOR-US: no_package -CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...) +CVE-2004-1818 NOT-FOR-US: no_package -CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...) +CVE-2004-1817 NOT-FOR-US: no_package -CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...) +CVE-2004-1816 NOT-FOR-US: no_package -CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...) +CVE-2004-1815 NOT-FOR-US: no_package -CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...) +CVE-2004-1814 NOT-FOR-US: no_package -CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...) +CVE-2004-1813 NOT-FOR-US: no_package -CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...) +CVE-2004-1812 NOT-FOR-US: no_package -CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...) +CVE-2004-1811 NOT-FOR-US: no_package -CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...) +CVE-2004-1810 NOT-FOR-US: no_package -CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...) +CVE-2004-1809 - phpbb2 2.0.10-1 NOTE: probably fixed in 2.0.6d-3 -CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...) +CVE-2004-1808 NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail NOTE: see bug #308875 -CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...) +CVE-2004-1807 NOT-FOR-US: no_package -CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...) +CVE-2004-1806 NOT-FOR-US: no_package -CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...) +CVE-2004-1805 NOT-FOR-US: no_package -CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...) +CVE-2004-1804 NOT-FOR-US: no_package -CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...) +CVE-2004-1802 NOT-FOR-US: no_package -CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...) +CVE-2004-1801 NOT-FOR-US: no_package -CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...) +CVE-2004-1800 NOT-FOR-US: no_package -CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...) +CVE-2004-1799 NOT-FOR-US: no_package -CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...) +CVE-2004-1798 NOT-FOR-US: no_package -CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) +CVE-2004-1797 NOT-FOR-US: no_package -CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier ...) +CVE-2004-1796 NOT-FOR-US: no_package -CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...) +CVE-2004-1795 NOT-FOR-US: no_package -CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...) +CVE-2004-1794 NOT-FOR-US: no_package -CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...) +CVE-2004-1793 NOT-FOR-US: no_package -CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) +CVE-2004-1792 NOT-FOR-US: no_package -CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) +CVE-2004-1791 NOT-FOR-US: Edimax Router -CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...) +CVE-2004-1790 NOT-FOR-US: Edimax Router -CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...) +CVE-2004-1789 NOT-FOR-US: ZyWALL -CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...) +CVE-2004-1788 NOT-FOR-US: ASP-Nuke -CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...) +CVE-2004-1787 NOT-FOR-US: PostCalendar -CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) +CVE-2004-1786 NOT-FOR-US: PortalApp -CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...) +CVE-2004-1785 NOT-FOR-US: Invision Power Board -CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...) +CVE-2004-1784 NOT-FOR-US: web server of Webcam Watchdog -CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...) +CVE-2004-1783 NOT-FOR-US: Net2Soft Flash FTP Server -CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...) +CVE-2004-1782 NOT-FOR-US: Athena Web Registration -CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...) +CVE-2004-1781 NOT-FOR-US: Info Touch Surfnet kiosk -CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) +CVE-2004-1780 NOT-FOR-US: Info Touch Surfnet kiosk -CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...) +CVE-2004-1779 NOT-FOR-US: ThWboard -CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...) +CVE-2004-2069 - openssh 1:3.8p1 -CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...) +CVE-2004-2068 - leafnode <not-affected> (Leafnode2 development branch) -CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) +CVE-2004-1778 NOT-FOR-US: Skype -CVE-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) +CVE-2004-1777 NOT-FOR-US: Skype -CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...) +CVE-2004-1776 NOT-FOR-US: Cisco -CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...) +CVE-2004-1775 NOT-FOR-US: Cisco -CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package ...) +CVE-2004-1774 NOT-FOR-US: Oracle -CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) +CVE-2004-1773 - sharutils 1:4.2.1-12 -CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) +CVE-2004-1772 - sharutils 1:4.2.1-11 -CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...) +CVE-2004-1771 NOT-FOR-US: Scalable OGo (SOGo) -CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...) +CVE-2004-1770 NOT-FOR-US: not our cpanel -CVE-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...) +CVE-2004-1769 NOT-FOR-US: not our cpanel -CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...) +CVE-2004-1768 NOT-FOR-US: Symantec Brightmail AntiSpam -CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...) +CVE-2004-1767 NOT-FOR-US: Solaris -CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...) +CVE-2004-1766 NOT-FOR-US: NetScreen-Security Manager -CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...) +CVE-2004-1765 - libapache-mod-security <not-affected> (only seems to affect 1.7.4, not the newer branch in Debian) -CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...) +CVE-2004-1764 NOT-FOR-US: HP-UX -CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...) +CVE-2004-1763 NOT-FOR-US: hsrun.exe -CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...) +CVE-2004-1762 NOT-FOR-US: F-Secure Anti-Virus -CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...) +CVE-2004-1761 - ethereal 0.10.3 -CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...) +CVE-2004-1760 NOT-FOR-US: Cisco -CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM ...) +CVE-2004-1759 NOT-FOR-US: Cisco -CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...) +CVE-2004-1758 NOT-FOR-US: BEA WebLogic Server -CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...) +CVE-2004-1757 NOT-FOR-US: BEA WebLogic Server -CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...) +CVE-2004-1756 NOT-FOR-US: BEA WebLogic Server -CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...) +CVE-2004-1755 NOT-FOR-US: BEA WebLogic Server -CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...) +CVE-2004-1754 NOT-FOR-US: Symantec DNSd -CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) +CVE-2004-1753 NOT-FOR-US: Apple Java plugin -CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...) +CVE-2004-1752 NOT-FOR-US: Gaucho -CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...) +CVE-2004-1751 NOT-FOR-US: Ground Control II -CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...) +CVE-2004-1750 NOT-FOR-US: RealVNC -CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...) +CVE-2004-1749 NOT-FOR-US: Attack Mitigator IPS 5500 -CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...) +CVE-2004-1748 NOT-FOR-US: NtRegmon -CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...) +CVE-2004-1747 NOT-FOR-US: NetworkEverywhere NR041 -CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...) +CVE-2004-1746 NOT-FOR-US: PHP Code Snippet Library -CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...) +CVE-2004-1745 NOT-FOR-US: Painkiller -CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...) +CVE-2004-1744 NOT-FOR-US: ESF Webserver -CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...) +CVE-2004-1743 NOT-FOR-US: ESF Webserver -CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...) +CVE-2004-1742 NOT-FOR-US: WebAPP -CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) +CVE-2004-1741 NOT-FOR-US: musicd -CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) +CVE-2004-1740 NOT-FOR-US: musicd -CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...) +CVE-2004-1739 NOT-FOR-US: Bird Chat -CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...) +CVE-2004-1738 NOT-FOR-US: JShop -CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...) +CVE-2004-1737 - cacti 0.8.5a-5 -CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) +CVE-2004-1736 - cacti 0.8.5a-5 -CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) +CVE-2004-1735 - sympa 4.1.5-4 (bug #298105; unimportant) NOTE: A user with the privilege to create new mailing lists needs to be trustworthy -CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...) +CVE-2004-1734 - mantis 0.19.2-1 -CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) +CVE-2004-1733 - mydms 1.4.3-1 -CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...) +CVE-2004-1732 - mydms 1.4.3-1 -CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...) +CVE-2004-1731 - mantis 0.19.0-1 -CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...) +CVE-2004-1730 - mantis 0.19.0-1 -CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) +CVE-2004-1729 NOT-FOR-US: Nihuo Web Log Analyzer -CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) +CVE-2004-1728 NOT-FOR-US: sarad -CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...) +CVE-2004-1727 NOT-FOR-US: BadBlue -CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...) +CVE-2004-1726 NOT-FOR-US: XV -CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...) +CVE-2004-1725 NOT-FOR-US: XV -CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) +CVE-2004-1724 NOT-FOR-US: PHP-Fusion -CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) +CVE-2004-1723 NOT-FOR-US: PHP-Fusion -CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...) +CVE-2004-1722 NOT-FOR-US: Merak Mail Server -CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...) +CVE-2004-1721 NOT-FOR-US: Merak Mail Server -CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...) +CVE-2004-1720 NOT-FOR-US: Merak Mail Server -CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...) +CVE-2004-1719 NOT-FOR-US: Merak Webmail Server -CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...) +CVE-2004-1718 NOT-FOR-US: IPD -CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...) +CVE-2004-1717 - gv 1:3.6.1-1 -CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) +CVE-2004-1716 NOT-FOR-US: PForum -CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) +CVE-2004-1715 NOT-FOR-US: MIMEsweeper -CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...) +CVE-2004-1714 NOT-FOR-US: BlackICE PC Protection -CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...) +CVE-2004-1713 NOT-FOR-US: PRM on HP-UX -CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...) +CVE-2004-1712 NOT-FOR-US: TypePad -CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) +CVE-2004-1711 - moodle 1.4-1 -CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) +CVE-2004-1710 NOT-FOR-US: page.cgi -CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) +CVE-2004-1709 NOT-FOR-US: Datakey Rainbow iKey2032 USB token -CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...) +CVE-2004-1708 NOT-FOR-US: Webbsyte -CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...) +CVE-2004-1707 NOT-FOR-US: Oracle -CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...) +CVE-2004-1706 NOT-FOR-US: U.S. Robotics wireless access point -CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) +CVE-2004-1705 NOT-FOR-US: Citadel/UX -CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...) +CVE-2004-1704 NOT-FOR-US: WpQuiz -CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) +CVE-2004-1703 NOT-FOR-US: Fusion News -CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...) +CVE-2004-0838 NOT-FOR-US: Lexar Safe Guard -CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...) +CVE-2004-1702 - cfengine2 2.1.8-1 -CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...) +CVE-2004-1701 - cfengine2 2.1.8-1 -CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...) +CVE-2004-1700 NOT-FOR-US: Pinnacle ShowCenter -CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...) +CVE-2004-1699 NOT-FOR-US: Pinnacle ShowCenter -CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...) +CVE-2004-1698 NOT-FOR-US: PopMessenger -CVE-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) +CVE-2004-1697 NOT-FOR-US: Computer Associates Unicenter Management Portal -CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) +CVE-2004-1696 NOT-FOR-US: EmuLive Server4 -CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) +CVE-2004-1695 NOT-FOR-US: EmuLive Server4 -CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...) +CVE-2004-1694 NOT-FOR-US: Symantec -CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ...) +CVE-2004-1693 NOT-FOR-US: Mambo -CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...) +CVE-2004-1692 NOT-FOR-US: Mambo -CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...) +CVE-2004-1691 NOT-FOR-US: DNS4Me -CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...) +CVE-2004-1690 NOT-FOR-US: DNS4Me -CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...) +CVE-2004-1689 - sudo 1.6.8p3-1 -CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...) +CVE-2004-1688 NOT-FOR-US: Pigeon Server -CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...) +CVE-2004-1687 NOT-FOR-US: Snitz Forums -CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...) +CVE-2004-1686 NOT-FOR-US: MSIE -CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...) +CVE-2004-1685 NOT-FOR-US: SMC router -CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...) +CVE-2004-1684 NOT-FOR-US: Zyxel -CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...) +CVE-2004-1683 NOT-FOR-US: crrtrap -CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...) +CVE-2004-1682 NOT-FOR-US: QNX FTP -CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...) +CVE-2004-1681 NOT-FOR-US: QNX -CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...) +CVE-2004-1680 NOT-FOR-US: Pingtel Xpressa -CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...) +CVE-2004-1679 NOT-FOR-US: TwinFTP -CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...) +CVE-2004-1678 NOT-FOR-US: PerlDesk -CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...) +CVE-2004-1677 NOT-FOR-US: PerlDesk -CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...) +CVE-2004-1676 NOT-FOR-US: Gadu-Gadu -CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...) +CVE-2004-1675 NOT-FOR-US: Serv-U FTP -CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) +CVE-2004-1674 NOT-FOR-US: Merak Mail Server -CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...) +CVE-2004-1673 NOT-FOR-US: Merak Mail Server -CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) +CVE-2004-1672 NOT-FOR-US: Merak Mail Server -CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...) +CVE-2004-1671 NOT-FOR-US: Merak Mail Server -CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...) +CVE-2004-1670 NOT-FOR-US: Merak Mail Server -CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...) +CVE-2004-1669 NOT-FOR-US: Merak Mail Server -CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...) +CVE-2004-1668 NOT-FOR-US: Subjects -CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...) +CVE-2004-1667 NOT-FOR-US: Halo Combat Evolved -CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...) +CVE-2004-1666 NOT-FOR-US: Cerulean Trillian -CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...) +CVE-2004-1665 NOT-FOR-US: PsNews -CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...) +CVE-2004-1664 NOT-FOR-US: Call of Duty -CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...) +CVE-2004-1663 NOT-FOR-US: Engenio/LSI Logic storage controllers -CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...) +CVE-2004-1662 NOT-FOR-US: YaBB -CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...) +CVE-2004-1661 NOT-FOR-US: MailWorks -CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...) +CVE-2004-1660 NOT-FOR-US: CuteNews -CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...) +CVE-2004-1659 NOT-FOR-US: CuteNews -CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...) +CVE-2004-1658 NOT-FOR-US: Kerio Personal Firewall -CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...) +CVE-2004-1657 NOT-FOR-US: DasBlog -CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...) +CVE-2004-1656 NOT-FOR-US: Comersus Shopping Cart -CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...) +CVE-2004-1655 NOT-FOR-US: phpWebsite -CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...) +CVE-2004-1654 NOT-FOR-US: phpWebsite -CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...) +CVE-2004-1653 - openssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed") NOTE: See bug #296547 for details -CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...) +CVE-2004-1652 NOT-FOR-US: phpScheduleIt -CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2004-1651 NOT-FOR-US: phpScheduleIt -CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...) +CVE-2004-1650 NOT-FOR-US: D-Link DCS-900 -CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...) +CVE-2004-1649 NOT-FOR-US: Msinfo32.exe -CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...) +CVE-2004-1648 NOT-FOR-US: Password Protect -CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...) +CVE-2004-1647 NOT-FOR-US: Password Protect -CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...) +CVE-2004-1646 NOT-FOR-US: Xedus -CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...) +CVE-2004-1645 NOT-FOR-US: Xedus -CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...) +CVE-2004-1644 NOT-FOR-US: Xedus -CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...) +CVE-2004-1643 NOT-FOR-US: WS_FTP -CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...) +CVE-2004-1642 NOT-FOR-US: WS_FTP -CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...) +CVE-2004-1641 NOT-FOR-US: Titan -CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...) +CVE-2004-1640 NOT-FOR-US: XOOPS -CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) +CVE-2004-1639 NOTE: This is not a real security issue; it just describes the fact that the Gecko NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed @@ -2364,835 +2364,835 @@ CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allo - firefox <removed> (unimportant) - iceweasel <removed> (unimportant) - mozilla <removed> (unimportant) -CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) +CVE-2004-1638 NOT-FOR-US: mailcarrier -CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...) +CVE-2004-1637 NOT-FOR-US: Hawking Technologies HAR11A modem/router -CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...) +CVE-2004-1636 NOT-FOR-US: WvTftp -CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...) +CVE-2004-1635 NOTE: does not affect older 2.16.7 in sid. -CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...) +CVE-2004-1634 NOTE: does not affect older 2.16.7 in sid. -CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) +CVE-2004-1633 - bugzilla 2.16.7 -CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) +CVE-2004-1632 - moniwiki 1.0.9 -CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...) +CVE-2004-1631 NOT-FOR-US: Open WorkFlow Engine -CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...) +CVE-2004-1630 NOT-FOR-US: Open WorkFlow Engine -CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) +CVE-2004-1629 NOT-FOR-US: Dwc_articles -CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...) +CVE-2004-1628 - rssh 2.2.2 -CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) +CVE-2004-1627 NOT-FOR-US: ability server -CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...) +CVE-2004-1626 NOT-FOR-US: ability server -CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) +CVE-2004-1625 NOT-FOR-US: pGina -CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...) +CVE-2004-1624 NOT-FOR-US: Carbon Copy -CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...) +CVE-2004-1623 NOT-FOR-US: Microsoft -CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...) +CVE-2004-1622 NOT-FOR-US: UBB.threads -CVE-2004-1621 (** DISPUTED ** ...) +CVE-2004-1621 NOT-FOR-US: Lotus Notes -CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows ...) +CVE-2004-1620 NOT-FOR-US: Serendipity -CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...) +CVE-2004-1619 NOT-FOR-US: Privateer's Bounty: Age of Sail II -CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...) +CVE-2004-1618 NOT-FOR-US: Tonecast -CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers ...) +CVE-2004-1617 {DSA-1077-1 DSA-1076-1} - lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low) - lynx-cur 2.8.6-6 (low) - lynx-ssl <removed> -CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) +CVE-2004-1616 - links 0.99+1.00pre12-1 (bug #296341; low) -CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) +CVE-2004-1615 NOT-FOR-US: Opera -CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...) +CVE-2004-1614 - mozilla-firefox <not-affected> (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6) NOTE: mozilla-browser 1.7.5-1 also ok -CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...) +CVE-2004-1613 NOTE: example page did not bother firefox 1.0+dfsg.1-6 NOTE: mozilla-browser 1.7.5-1 also ok -CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...) +CVE-2004-1612 NOT-FOR-US: SalesLogix -CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...) +CVE-2004-1611 NOT-FOR-US: SalesLogix -CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...) +CVE-2004-1610 NOT-FOR-US: SalesLogix -CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...) +CVE-2004-1609 NOT-FOR-US: SalesLogix -CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) +CVE-2004-1608 NOT-FOR-US: SalesLogix -CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...) +CVE-2004-1607 NOT-FOR-US: SalesLogix -CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) +CVE-2004-1606 NOT-FOR-US: SalesLogix -CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...) +CVE-2004-1605 NOT-FOR-US: SalesLogix -CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...) +CVE-2004-1604 NOT-FOR-US: not our cpanel -CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...) +CVE-2004-1603 NOT-FOR-US: not our cpanel -CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...) +CVE-2004-1602 - proftpd 1.2.10-4 -CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) +CVE-2004-1601 NOT-FOR-US: coolphp -CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) +CVE-2004-1600 NOT-FOR-US: CoolPHP -CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...) +CVE-2004-1599 NOT-FOR-US: CoolPHP -CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...) +CVE-2004-1598 NOT-FOR-US: Acrobat -CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...) +CVE-2004-1597 NOT-FOR-US: RIM Blackberry -CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...) +CVE-2004-1596 NOT-FOR-US: 3COM router -CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...) +CVE-2004-1595 NOT-FOR-US: ShixxNote -CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) +CVE-2004-1594 NOT-FOR-US: FuseTalk -CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2004-1593 NOT-FOR-US: SCT email client -CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...) +CVE-2004-1592 - ocportal <itp> (bug #625865) -CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) +CVE-2004-1591 NOT-FOR-US: Micronet Wireless Router -CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) +CVE-2004-1590 NOT-FOR-US: clientexec -CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...) +CVE-2004-1589 NOT-FOR-US: GoSmart -CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...) +CVE-2004-1588 NOT-FOR-US: GoSmart -CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) +CVE-2004-1587 NOT-FOR-US: Monolith Games -CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...) +CVE-2004-1586 NOT-FOR-US: Flash Messaging -CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) +CVE-2004-1585 NOT-FOR-US: Flash Messaging -CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...) +CVE-2004-1584 - wordpress 1.2.1-1.1 -CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) +CVE-2004-1583 NOT-FOR-US: FTP server in TriDComm -CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...) +CVE-2004-1582 NOT-FOR-US: BlackBoard -CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...) +CVE-2004-1581 NOT-FOR-US: BlackBoard -CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) +CVE-2004-1580 NOT-FOR-US: CubeCart -CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) +CVE-2004-1579 NOT-FOR-US: CubeCart -CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...) +CVE-2004-1578 NOT-FOR-US: Invision Power Board -CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...) +CVE-2004-1577 NOT-FOR-US: phplinks -CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...) +CVE-2004-1576 NOT-FOR-US: Judge Dredd -CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) +CVE-2004-1575 - xerces25 2.5.0-4 - xerces24 2.4.0-4 - xerces23 <not-affected> (not affected, see bug #296432) - xerces21 <not-affected> (not affected, see bug #296466) -CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...) +CVE-2004-1574 NOT-FOR-US: Vypress -CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...) +CVE-2004-1573 NOT-FOR-US: AJ-Fork -CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) +CVE-2004-1572 NOT-FOR-US: AJ-Fork -CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) +CVE-2004-1571 NOT-FOR-US: AJ-Fork -CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...) +CVE-2004-1570 NOT-FOR-US: bBlog -CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...) +CVE-2004-1569 NOT-FOR-US: dbPowerAmp -CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) +CVE-2004-1568 NOT-FOR-US: Parachat -CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) +CVE-2004-1567 NOT-FOR-US: Silent Storm Portal -CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) +CVE-2004-1566 NOT-FOR-US: Silent Storm Portal -CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) +CVE-2004-1565 NOT-FOR-US: w-Agora -CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) +CVE-2004-1564 NOT-FOR-US: w-Agora -CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...) +CVE-2004-1563 NOT-FOR-US: w-Agora -CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) +CVE-2004-1562 NOT-FOR-US: w-Agora -CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...) +CVE-2004-1561 - icecast2 2.0.2.debian-1 -CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) +CVE-2004-1560 NOT-FOR-US: Microsoft SQL Server -CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...) +CVE-2004-1559 - wordpress 1.2.2-1.1 -CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 ...) +CVE-2004-1558 NOT-FOR-US: YahooPOPS -CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...) +CVE-2004-1557 NOT-FOR-US: MyWebServer -CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) +CVE-2004-1556 NOT-FOR-US: MyWebServer -CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) +CVE-2004-1555 NOT-FOR-US: BroadBoard Instant ASP Message Board -CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex ...) +CVE-2004-1554 NOT-FOR-US: @lex GuestBook -CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) +CVE-2004-1553 NOT-FOR-US: aspWebAlbum -CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) +CVE-2004-1552 NOT-FOR-US: aspWebCalendar -CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...) +CVE-2004-1551 NOT-FOR-US: PafileDB -CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...) +CVE-2004-1550 NOT-FOR-US: Motorola Router -CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...) +CVE-2004-1549 NOT-FOR-US: ActivePost -CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...) +CVE-2004-1548 NOT-FOR-US: ActivePost -CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) +CVE-2004-1547 NOT-FOR-US: ActivePost -CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...) +CVE-2004-1546 NOT-FOR-US: MDaemon -CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) +CVE-2004-1545 - moniwiki 1.0.9-4 -CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) +CVE-2004-1544 - jspwiki 2.0.52-8 -CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) +CVE-2004-1543 NOT-FOR-US: KorWeblog -CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) +CVE-2004-1542 NOT-FOR-US: Soldier of Fortune -CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) +CVE-2004-1541 NOT-FOR-US: SecureCRT -CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) +CVE-2004-1540 NOT-FOR-US: ZyXEL Routers -CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) +CVE-2004-1539 NOT-FOR-US: Halo: Combat Evolved -CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) +CVE-2004-1538 NOT-FOR-US: PHPKIT -CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) +CVE-2004-1537 NOT-FOR-US: PHPKIT -CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) +CVE-2004-1536 NOT-FOR-US: Invision Power Board -CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...) +CVE-2004-1535 NOT-FOR-US: Cash Mod module of phpbb2 -CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) +CVE-2004-1534 NOT-FOR-US: ZoneAlarm -CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) +CVE-2004-1533 NOT-FOR-US: DMS POP3 -CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) +CVE-2004-1532 NOT-FOR-US: AppServ -CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) +CVE-2004-1531 NOT-FOR-US: Invision Power Board -CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) +CVE-2004-1530 NOT-FOR-US: PHP-Nuke -CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) +CVE-2004-1529 NOT-FOR-US: PHP-Nuke -CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) +CVE-2004-1528 NOT-FOR-US: PHP-Nuke -CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) +CVE-2004-1527 NOT-FOR-US: MSIE -CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) +CVE-2004-1526 NOT-FOR-US: Hired Team -CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) +CVE-2004-1525 NOT-FOR-US: Hired Team -CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) +CVE-2004-1524 NOT-FOR-US: Hired Team -CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) +CVE-2004-1523 NOT-FOR-US: Hired Team -CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) +CVE-2004-1522 NOT-FOR-US: Army Men RTS -CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) +CVE-2004-1521 NOT-FOR-US: Eudora -CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) +CVE-2004-1520 NOT-FOR-US: IPSwitch IMail -CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) +CVE-2004-1519 NOT-FOR-US: phpBugTracker -CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) +CVE-2004-1518 NOT-FOR-US: Phorum -CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) +CVE-2004-1517 NOT-FOR-US: Zone Labs IMsecure -CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) +CVE-2004-1516 NOT-FOR-US: phpWebSite -CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) +CVE-2004-1515 NOT-FOR-US: vBulletin -CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) +CVE-2004-1514 NOT-FOR-US: 04Webserver -CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) +CVE-2004-1513 NOT-FOR-US: 04Webserver -CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) +CVE-2004-1512 NOT-FOR-US: 04Webserver -CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) +CVE-2004-1511 NOT-FOR-US: Hotfoon -CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) +CVE-2004-1510 - webcalendar 0.9.45-1 -CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) +CVE-2004-1509 - webcalendar 0.9.45-1 -CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) +CVE-2004-1508 - webcalendar 0.9.45-1 -CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) +CVE-2004-1507 - webcalendar 0.9.45-1 -CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) +CVE-2004-1506 - webcalendar 0.9.45-1 -CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) +CVE-2004-1505 NOT-FOR-US: JAF -CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) +CVE-2004-1504 NOT-FOR-US: JAF -CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) +CVE-2004-1503 NOT-FOR-US: Sun JRE -CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) +CVE-2004-1502 NOT-FOR-US: 602 Lan Suite -CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) +CVE-2004-1501 NOT-FOR-US: 602 Lan Suite -CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) +CVE-2004-1500 NOT-FOR-US: Lithtech -CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) +CVE-2004-1499 NOT-FOR-US: HELM -CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) +CVE-2004-1498 NOT-FOR-US: HELM -CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) +CVE-2004-1497 NOT-FOR-US: Web Forums Server -CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) +CVE-2004-1496 NOT-FOR-US: Web Forums Server -CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) +CVE-2004-1495 NOT-FOR-US: WinRAR -CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) +CVE-2004-1494 NOT-FOR-US: XDICT -CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) +CVE-2004-1493 NOT-FOR-US: Master of Orion -CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) +CVE-2004-1492 NOT-FOR-US: Master of Orion -CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...) +CVE-2004-1491 NOT-FOR-US: Opera -CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) +CVE-2004-1490 NOT-FOR-US: Opera -CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...) +CVE-2004-1489 NOT-FOR-US: Opera -CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...) +CVE-2004-1488 - wget 1.9.1-11 -CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...) +CVE-2004-1487 - wget 1.9.1-11 CVE-2004-9999 REJECTED CVE-2004-9998 REJECTED -CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...) +CVE-2004-1486 NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux -CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...) +CVE-2004-1485 - inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped) - atftp <not-affected> (atftp checks h_length) - netkit-tftp <not-affected> (netkit-tftp not vulnerable) - tftp-hpa <not-affected> (bug #295297; not exploitable) NOTE: The address length comes from libc, not the network. -CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...) +CVE-2004-1484 - socat 1.4.0.3-1 -CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) +CVE-2004-1483 NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series -CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...) +CVE-2004-1482 NOT-FOR-US: BNC irc proxy -CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...) +CVE-2004-1481 NOT-FOR-US: Real -CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...) +CVE-2004-1480 NOT-FOR-US: HP StorageWorks Command View XP CVE-2004-1479 REJECTED -CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...) +CVE-2004-1478 NOT-FOR-US: JRun -CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) +CVE-2004-1477 NOT-FOR-US: JRun -CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...) +CVE-2004-1476 - xine-lib 1-rc6 - vlc <not-affected> (affected part of xine-lib code copy not present) - libcdio 0.69 -CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...) +CVE-2004-1475 - xine-lib 1-rc6 - vlc <not-affected> (affected part of xine-lib code copy not present) -CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) +CVE-2004-1474 NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances -CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) +CVE-2004-1473 NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances -CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) +CVE-2004-1472 NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances -CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...) +CVE-2004-1471 - cvs 1:1.12.9 -CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...) +CVE-2004-1470 NOT-FOR-US: snipsnap -CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...) +CVE-2004-1469 NOT-FOR-US: SUS -CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...) +CVE-2004-1468 - webmin 1.160 - usermin 1.090 -CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...) +CVE-2004-1467 - egroupware 1.0.00.004 -CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...) +CVE-2004-1466 - gallery 1.4.4-pl2 -CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...) +CVE-2004-1465 NOT-FOR-US: WinZip -CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...) +CVE-2004-1464 NOT-FOR-US: Cisco -CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) +CVE-2004-1463 - moin 1.2.3-1 -CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...) +CVE-2004-1462 - moin 1.2.3-1 -CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...) +CVE-2004-1461 NOT-FOR-US: Cisco -CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...) +CVE-2004-1460 NOT-FOR-US: Cisco -CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...) +CVE-2004-1459 NOT-FOR-US: Cisco -CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...) +CVE-2004-1458 NOT-FOR-US: Cisco -CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...) +CVE-2004-1457 NOT-FOR-US: Novell -CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...) +CVE-2004-1456 - cvstrac 1.1.4-1 -CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...) +CVE-2004-1455 - xine-lib 1-rc5-1.1 - vlc <not-affected> (vulnerable component of xine-lib code copy not present) -CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) +CVE-2004-1454 NOT-FOR-US: Cisco -CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...) +CVE-2004-1453 - glibc 2.3.5 (bug #272210; unimportant) NOTE: according to GOTO Masanori this is not a security problem NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html NOTE: Although not a real issue we should play safe with 2.3.5, where the code NOTE: was reorganized -CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...) +CVE-2004-1452 NOT-FOR-US: Gentoo specific -CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...) +CVE-2004-1451 - mozilla 2:1.6-1 -CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) +CVE-2004-1450 - mozilla 2:1.7.1-1 -CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...) +CVE-2004-1449 - mozilla 2:1.7-1 -CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...) +CVE-2004-1448 NOT-FOR-US: Jetbox One -CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...) +CVE-2004-1447 NOT-FOR-US: Jetbox One -CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...) +CVE-2004-1446 NOT-FOR-US: ScreenOS -CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...) +CVE-2004-1445 - nessus-core 2.0.12-1 -CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) +CVE-2004-1444 - roundup 0.7.3-1 -CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) +CVE-2004-1443 - imp3 3.2.5-1 -CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) +CVE-2004-1442 NOT-FOR-US: db2www -CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...) +CVE-2004-1441 NOT-FOR-US: Board Power -CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...) +CVE-2004-1440 - putty 0.56-1 -CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...) +CVE-2004-1439 NOT-FOR-US: BlackJumboDog -CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...) +CVE-2004-1438 - subversion 1.0.6-1 -CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...) +CVE-2004-1437 - pavuk 0.9pl28-3.1 -CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...) +CVE-2004-1436 NOT-FOR-US: Cisco -CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) +CVE-2004-1435 NOT-FOR-US: Cisco -CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) +CVE-2004-1434 NOT-FOR-US: Cisco -CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) +CVE-2004-1433 NOT-FOR-US: Cisco -CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) +CVE-2004-1432 NOT-FOR-US: Cisco -CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) +CVE-2004-1431 NOT-FOR-US: FormMail.php != nms-formmail -CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...) +CVE-2004-1430 NOT-FOR-US: Arcade.php -CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...) +CVE-2004-1429 NOT-FOR-US: ArGoSoft -CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) +CVE-2004-1428 NOT-FOR-US: ArGoSoft -CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog ...) +CVE-2004-1427 NOT-FOR-US: KorWeblog -CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) +CVE-2004-1426 NOT-FOR-US: KorWeblog -CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) +CVE-2004-1425 - moodle 1.4.3-1 -CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...) +CVE-2004-1424 - moodle 1.4.3-1 -CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...) +CVE-2004-1423 NOT-FOR-US: PHP-Calendar -CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) +CVE-2004-1422 NOT-FOR-US: WHM AutoPilot -CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ...) +CVE-2004-1421 NOT-FOR-US: WHM AutoPilot -CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) +CVE-2004-1420 NOT-FOR-US: WHM AutoPilot -CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and ...) +CVE-2004-1419 NOT-FOR-US: ZeroBoard -CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) +CVE-2004-1418 NOT-FOR-US: WPKontakt -CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...) +CVE-2004-1417 NOT-FOR-US: PsychoStats -CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...) +CVE-2004-1416 NOT-FOR-US: RealOne IE plugin -CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...) +CVE-2004-1415 NOT-FOR-US: 2Bgal -CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...) +CVE-2004-1414 NOT-FOR-US: Gadu-Gadu -CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...) +CVE-2004-1413 NOT-FOR-US: Kayako -CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) +CVE-2004-1412 NOT-FOR-US: Kayako -CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...) +CVE-2004-1411 NOT-FOR-US: Gadu-Gadu -CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...) +CVE-2004-1410 NOT-FOR-US: Gadu-Gadu -CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...) +CVE-2004-1409 NOT-FOR-US: Image Gallery Web Application -CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...) +CVE-2004-1408 NOT-FOR-US: Image Gallery Web Application -CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...) +CVE-2004-1407 NOT-FOR-US: Image Gallery Web Application -CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) +CVE-2004-1406 NOT-FOR-US: Ikonboard -CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) +CVE-2004-1405 - mediawiki 1.4.9 (bug #276057) -CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) +CVE-2004-1404 NOT-FOR-US: Attachment Mod for phpBB -CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...) +CVE-2004-1403 NOT-FOR-US: GNUBoard -CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) +CVE-2004-1402 NOT-FOR-US: iWebNegar -CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...) +CVE-2004-1401 NOT-FOR-US: Asp-rider -CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...) +CVE-2004-1400 NOT-FOR-US: ASP Calendar -CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) +CVE-2004-1399 NOT-FOR-US: Attachment Mod for phpBB -CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...) +CVE-2004-1398 NOT-FOR-US: MacOSX -CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...) +CVE-2004-1397 - usemod-wiki 1.0-6 -CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...) +CVE-2004-1396 NOT-FOR-US: Winamp -CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) +CVE-2004-1395 NOT-FOR-US: Lithtech engine -CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...) +CVE-2004-1394 NOT-FOR-US: Solaris -CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...) +CVE-2004-1393 NOT-FOR-US: Solaris -CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...) +CVE-2004-1392 - php4 4:4.3.10-3 -CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) +CVE-2004-1391 NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP -CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...) +CVE-2004-1390 NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP -CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...) +CVE-2004-1389 NOT-FOR-US: Veritas NetBackup Administrative Assistant -CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...) +CVE-2004-1388 - gpsd 2.7-4 -CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) +CVE-2004-1387 - apache 1.3.33-3 -CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...) +CVE-2004-1386 NOT-FOR-US: TikiWiki -CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...) +CVE-2004-1385 - phpgroupware 0.9.16.005-1 (unimportant) NOTE: path disclosure only, path is known on Debian anyway -CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...) +CVE-2004-1384 - phpgroupware 0.9.16.005-1 -CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) +CVE-2004-1383 - phpgroupware 0.9.16.005-1 -CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...) +CVE-2004-1382 - glibc 2.3.2.ds1-19 -CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...) +CVE-2004-1381 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...) +CVE-2004-1380 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...) +CVE-2004-1379 {DSA-657-1} - xine-lib 1-rc6a-1 -CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...) +CVE-2004-1378 - jabber 1.4.3-3 (unimportant) NOTE: We do not ship jadc2s. -CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...) +CVE-2004-1377 - a2ps 1:4.13b-4.3 (bug #286387; bug #286385) -CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) +CVE-2004-1376 NOT-FOR-US: MSIE -CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) +CVE-2004-1375 NOT-FOR-US: HP-UX -CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...) +CVE-2004-1374 NOT-FOR-US: NetBSD -CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...) +CVE-2004-1373 NOT-FOR-US: Shoutcast -CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...) +CVE-2004-1372 NOT-FOR-US: IBM DB2 -CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...) +CVE-2004-1371 NOT-FOR-US: Oracle -CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...) +CVE-2004-1370 NOT-FOR-US: Oracle -CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...) +CVE-2004-1369 NOT-FOR-US: Oracle -CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...) +CVE-2004-1368 NOT-FOR-US: Oracle -CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...) +CVE-2004-1367 NOT-FOR-US: Oracle -CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...) +CVE-2004-1366 NOT-FOR-US: Oracle -CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...) +CVE-2004-1365 NOT-FOR-US: Oracle -CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...) +CVE-2004-1364 NOT-FOR-US: Oracle -CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...) +CVE-2004-1363 NOT-FOR-US: Oracle -CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...) +CVE-2004-1362 NOT-FOR-US: Oracle -CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...) +CVE-2004-1361 NOT-FOR-US: Windows -CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...) +CVE-2004-1360 NOT-FOR-US: Solaris -CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...) +CVE-2004-1359 NOT-FOR-US: Solaris -CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...) +CVE-2004-1358 NOT-FOR-US: Solaris -CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...) +CVE-2004-1357 NOT-FOR-US: ssh on Solaris -CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...) +CVE-2004-1356 NOT-FOR-US: Solaris -CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...) +CVE-2004-1355 NOT-FOR-US: Solaris -CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...) +CVE-2004-1354 NOT-FOR-US: Solaris -CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...) +CVE-2004-1353 NOT-FOR-US: Solaris -CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...) +CVE-2004-1352 NOT-FOR-US: Solaris -CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...) +CVE-2004-1351 NOT-FOR-US: Solaris -CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...) +CVE-2004-1350 NOT-FOR-US: Sun Java System Web Proxy Server -CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...) +CVE-2004-1349 - gzip <not-affected> (gzip on Solaris) -CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...) +CVE-2004-1348 NOT-FOR-US: Solaris -CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) +CVE-2004-1347 - xfree86 <not-affected> (xdm on Solaris) - xorg-x11 <not-affected> (xdm on Solaris) -CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...) +CVE-2004-1346 NOT-FOR-US: Solaris -CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) +CVE-2004-1345 NOT-FOR-US: Sun StorEdge Enterprise Storage Manager CVE-2004-1344 REJECTED -CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) +CVE-2004-1343 {DSA-715-1} - cvs 1:1.12.9-12 -CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...) +CVE-2004-1342 {DSA-715-1} - cvs 1:1.12.9-12 -CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...) +CVE-2004-1341 {DSA-711-1} - info2www 1.2.2.9-23 (bug #281655) -CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...) +CVE-2004-1340 {DSA-659-1} - libpam-radius-auth 1.3.16-1.1 -CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...) +CVE-2004-1339 NOT-FOR-US: oracle -CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) +CVE-2004-1338 NOT-FOR-US: oracle -CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) +CVE-2004-1337 - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.11) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) +CVE-2004-1336 - tetex-bin 2.0.2-25 -CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) +CVE-2004-1335 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-9 -CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) +CVE-2004-1334 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 <not-affected> -CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) +CVE-2004-1333 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-9 -CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) +CVE-2004-1332 NOT-FOR-US: hpux -CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) +CVE-2004-1331 NOT-FOR-US: microsoft -CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...) +CVE-2004-1330 NOT-FOR-US: AIX -CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...) +CVE-2004-1329 NOT-FOR-US: AIX -CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) +CVE-2004-1328 NOT-FOR-US: hpux -CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...) +CVE-2004-1327 NOT-FOR-US: Crystal FTP client -CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) +CVE-2004-1326 NOT-FOR-US: Ultrix -CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...) +CVE-2004-1325 NOT-FOR-US: Microsoft -CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...) +CVE-2004-1324 NOT-FOR-US: Microsoft -CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) +CVE-2004-1323 NOT-FOR-US: Netbsd -CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) +CVE-2004-1322 NOT-FOR-US: Cisco -CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) +CVE-2004-1321 NOT-FOR-US: Asante FM2008 -CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) +CVE-2004-1320 NOT-FOR-US: Asante FM2008 -CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...) +CVE-2004-1319 NOT-FOR-US: MSIE -CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...) +CVE-2004-1318 {DSA-627-1} - namazu2 2.0.14-1 -CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...) +CVE-2004-1317 - netcat <not-affected> (only affects netcat in Windows) -CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...) +CVE-2004-1316 - mozilla 2:1.7.5-1 (bug #288047) -CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...) +CVE-2004-1315 - phpbb2 2.0.10-3 -CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) +CVE-2004-1314 NOT-FOR-US: MacOS -CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) +CVE-2004-1313 NOT-FOR-US: My Firewall Plus -CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) +CVE-2004-1312 NOT-FOR-US: Microsoft -CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) +CVE-2004-1311 - mplayer 1.0~pre6a-1 -CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) +CVE-2004-1310 - mplayer 1.0~pre6a-1 -CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) +CVE-2004-1309 - mplayer 1.0~pre6a-1 -CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) +CVE-2004-1308 {DSA-617-1} - tiff 3.6.1-4 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...) +CVE-2004-1307 - tiff 3.7.0 (low) - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...) +CVE-2004-1306 NOT-FOR-US: Windows -CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) +CVE-2004-1305 NOT-FOR-US: Microsoft -CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) +CVE-2004-1304 - file 4.12 -CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) +CVE-2004-1303 NOT-FOR-US: Yanf -CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) +CVE-2004-1302 NOT-FOR-US: YAMT -CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) +CVE-2004-1301 NOT-FOR-US: xlreader -CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) +CVE-2004-1300 - xine-lib 1-rc8-1 - vlc <not-affected> (vulnerable component of xine-lib code copy not present) -CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) +CVE-2004-1299 NOT-FOR-US: vilistextum -CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) +CVE-2004-1298 NOT-FOR-US: vb2c -CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) +CVE-2004-1297 - unrtf 0.19.3-1.1 (bug #287038) -CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...) +CVE-2004-1296 - groff 1.18.1.1-5 -CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) +CVE-2004-1295 - uml-utilities <not-affected> (uml_net is only executable by users in group uml-net) -CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) +CVE-2004-1294 - tnftp 20050625-0.1 (bug #285902; medium) -CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) +CVE-2004-1293 NOT-FOR-US: rtf2latex2e -CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) +CVE-2004-1292 NOT-FOR-US: ringtonetools -CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) +CVE-2004-1291 NOT-FOR-US: qwik-smtpd -CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) +CVE-2004-1290 NOT-FOR-US: pgn2web -CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) +CVE-2004-1289 {DSA-625-1} - pcal 4.8.0-1 -CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) +CVE-2004-1288 NOT-FOR-US: o3read -CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) +CVE-2004-1287 {DSA-623-1} - nasm 0.98.38-1.1 (bug #285889) -CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) +CVE-2004-1286 NOT-FOR-US: NapShare -CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) +CVE-2004-1285 NOT-FOR-US: mplayer -CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) +CVE-2004-1284 NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions - mpg123 0.59r-20 (bug #287043) -CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) +CVE-2004-1283 NOT-FOR-US: mview -CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) +CVE-2004-1282 {DSA-632-1} - linpopup 1.2.0-7 -CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) +CVE-2004-1281 NOT-FOR-US: junkie -CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) +CVE-2004-1280 NOT-FOR-US: junkie -CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) +CVE-2004-1279 NOT-FOR-US: jpegtoavi -CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) +CVE-2004-1278 NOT-FOR-US: jcabc2ps -CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) +CVE-2004-1277 NOT-FOR-US: IglooFTP -CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) +CVE-2004-1276 NOT-FOR-US: IglooFTP -CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) +CVE-2004-1275 NOT-FOR-US: html2hdml -CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) +CVE-2004-1274 NOT-FOR-US: greed NOTE: not the game in debian, the file download tool -CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) +CVE-2004-1273 NOT-FOR-US: greed NOTE: not the game in debian, the file download tool -CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) +CVE-2004-1272 - filter 2.4.2-1.1 -CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) +CVE-2004-1271 NOT-FOR-US: dxfscope -CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) +CVE-2004-1270 - cups 1.1.22-2 - cupsys 1.1.22-2 -CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) +CVE-2004-1269 - cups 1.1.22-2 - cupsys 1.1.22-2 -CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) +CVE-2004-1268 - cups 1.1.22-2 - cupsys 1.1.22-2 -CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) +CVE-2004-1267 - cups 1.1.22-2 - cupsys 1.1.22-2 -CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) +CVE-2004-1266 NOT-FOR-US: csv2xml -CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) +CVE-2004-1265 NOT-FOR-US: Convex -CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) +CVE-2004-1264 {DSA-644-1} - chbg 1.5-4 -CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) +CVE-2004-1263 NOT-FOR-US: ChangePassword -CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) +CVE-2004-1262 NOT-FOR-US: bsb2ppm -CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) +CVE-2004-1261 NOT-FOR-US: asp2php -CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) +CVE-2004-1260 NOT-FOR-US: abctab2ps -CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) +CVE-2004-1259 NOT-FOR-US: abcpp -CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) +CVE-2004-1258 - abcm2ps 4.8.5-1 -CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) +CVE-2004-1257 NOT-FOR-US: abc2mtex -CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) +CVE-2004-1256 - abcmidi 20050101-1 -CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) +CVE-2004-1255 NOT-FOR-US: 2fax -CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) +CVE-2004-1254 NOT-FOR-US: WinRAR CVE-2004-1253 RESERVED @@ -3212,7 +3212,7 @@ CVE-2004-1246 RESERVED CVE-2004-1245 RESERVED -CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...) +CVE-2004-1244 NOT-FOR-US: Microsoft CVE-2004-1243 REJECTED @@ -3226,111 +3226,111 @@ CVE-2004-1239 REJECTED CVE-2004-1238 REJECTED -CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...) +CVE-2004-1237 - linux-2.6 <not-affected> (Apparently Red Hat specific) -CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) +CVE-2004-1236 NOT-FOR-US: Netscape Directory Server on HP-UX -CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...) +CVE-2004-1235 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high) -CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) +CVE-2004-1234 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26) -CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) +CVE-2004-1233 NOT-FOR-US: Gadu-Gadu -CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) +CVE-2004-1232 NOT-FOR-US: Gadu-Gadu -CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) +CVE-2004-1231 NOT-FOR-US: Gadu-Gadu -CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...) +CVE-2004-1230 NOT-FOR-US: Gadu-Gadu -CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) +CVE-2004-1229 NOT-FOR-US: Gadu-Gadu -CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) +CVE-2004-1228 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...) +CVE-2004-1227 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...) +CVE-2004-1226 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...) +CVE-2004-1225 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...) +CVE-2004-1224 - mtr 0.67-1 -CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...) +CVE-2004-1223 NOT-FOR-US: F-Secure Policy Manager -CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) +CVE-2004-1222 NOT-FOR-US: weblibs.pl -CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) +CVE-2004-1221 NOT-FOR-US: weblibs.pl -CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...) +CVE-2004-1220 NOT-FOR-US: Battlefield 1942, Battlefield Vietnam -CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...) +CVE-2004-1219 NOT-FOR-US: paFileDB -CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...) +CVE-2004-1218 NOT-FOR-US: Remote Execute -CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) +CVE-2004-1217 NOT-FOR-US: Hosting Controller -CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) +CVE-2004-1216 NOT-FOR-US: Kreed -CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...) +CVE-2004-1215 NOT-FOR-US: Kreed -CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...) +CVE-2004-1214 NOT-FOR-US: Kreed -CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...) +CVE-2004-1213 NOT-FOR-US: Advanced Guestbook -CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) +CVE-2004-1212 NOT-FOR-US: Blog Torrent -CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a ...) +CVE-2004-1211 NOT-FOR-US: Mercury Mail -CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) +CVE-2004-1210 NOT-FOR-US: IpCop -CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...) +CVE-2004-1209 NOT-FOR-US: Verisign Payflow Link -CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...) +CVE-2004-1208 NOT-FOR-US: Orbz -CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...) +CVE-2004-1207 NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter -CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...) +CVE-2004-1206 NOT-FOR-US: pnTresMailer -CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...) +CVE-2004-1205 NOT-FOR-US: pnTresMailer -CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) +CVE-2004-1204 NOTE: at best a local DOS by the user running fluxbox. NOTE: Where's the security hole? - fluxbox 0.9.11-1 -CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) +CVE-2004-1203 NOT-FOR-US: phpCMS -CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) +CVE-2004-1202 NOT-FOR-US: phpCMS -CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...) +CVE-2004-1201 NOT-FOR-US: Opera -CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...) +CVE-2004-1200 NOTE: memory leak, doubt it's usefully exploitable NOTE: did not followup -CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...) +CVE-2004-1199 NOT-FOR-US: Safari -CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) +CVE-2004-1198 NOT-FOR-US: MSIE -CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) +CVE-2004-1197 NOT-FOR-US: inShop -CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) +CVE-2004-1196 NOT-FOR-US: Insite Inmail -CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...) +CVE-2004-1195 NOT-FOR-US: Star Wars Battlefront -CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) +CVE-2004-1194 NOT-FOR-US: Star Wars Battlefront -CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to ...) +CVE-2004-1193 NOT-FOR-US: Prevex Home -CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) +CVE-2004-1192 NOT-FOR-US: Citadel/UX -CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) +CVE-2004-1191 NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed [sarge] - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-6 - linux-2.6 <not-affected> (fixed before initial upload) - linux-2.6.24 <not-affected> (fixed before initial upload) -CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) +CVE-2004-1190 NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c NOTE: has a misleading entry titled "Fix exploitable hole" NOTE: http://www.securityfocus.com/advisories/7579 @@ -3340,164 +3340,164 @@ CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 d NOTE: 2.6.10 is actually fixed, but 2.6.8 is not - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) +CVE-2004-1189 {DSA-629-1} - krb5 1.3.6-1 -CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) +CVE-2004-1188 - xine-lib 1-rc8-1 - mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch) -CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) +CVE-2004-1187 - xine-lib 1-rc8-1 - mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch) -CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...) +CVE-2004-1186 {DSA-654-1} - enscript 1.6.4-6 -CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...) +CVE-2004-1185 {DSA-654-1} - enscript 1.6.4-6 -CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...) +CVE-2004-1184 {DSA-654-1} - enscript 1.6.4-6 -CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...) +CVE-2004-1183 {DSA-626-1} - tiff 3.6.1-5 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" ...) +CVE-2004-1182 {DSA-634-1} - hylafax 1:4.2.1-1 -CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...) +CVE-2004-1181 {DSA-622-1} - htmlheadline <removed> -CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...) +CVE-2004-1180 {DSA-678-1} - netkit-rwho 0.17-8 -CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...) +CVE-2004-1179 {DSA-615-1} - debmake 3.7.7 CVE-2004-1178 RESERVED -CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...) +CVE-2004-1177 {DSA-674-1} - mailman 2.1.5-5 -CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...) +CVE-2004-1176 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute ...) +CVE-2004-1175 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...) +CVE-2004-1174 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) +CVE-2004-1173 NOT-FOR-US: MSIE -CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) +CVE-2004-1172 NOT-FOR-US: Veritas Backup Exec -CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) +CVE-2004-1171 - kdelibs 4:3.3.1-2 - kdebase 4:3.3.1-3 -CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...) +CVE-2004-1170 {DSA-612-1} - a2ps 1:4.13b-4.2 (bug #283134) -CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) +CVE-2004-1169 - maxdb-7.5.00 7.5.00.19-1 -CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...) +CVE-2004-1168 - maxdb-7.5.00 7.5.00.19-1 -CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...) +CVE-2004-1167 NOT-FOR-US: gentoo mirrorselect -CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...) +CVE-2004-1166 NOT-FOR-US: Microsoft -CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...) +CVE-2004-1165 {DSA-631-1} - kdelibs 4:3.3.2-1 -CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...) +CVE-2004-1164 NOT-FOR-US: Cisco -CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...) +CVE-2004-1163 NOT-FOR-US: Cisco -CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...) +CVE-2004-1162 - scponly 4.0-1 -CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) +CVE-2004-1161 - rssh 2.2.3-1 -CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...) +CVE-2004-1160 NOT-FOR-US: Netscape CVE-2004-1159 REJECTED -CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...) +CVE-2004-1158 - kdelibs 4:3.3.1-3 - kdebase 4:3.3.1-4 -CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...) +CVE-2004-1157 NOT-FOR-US: Opera -CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...) +CVE-2004-1156 - mozilla 2:1.7.6-1 - mozilla-firefox 1.0.1 -CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) +CVE-2004-1155 NOT-FOR-US: Microsoft MSIE -CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) +CVE-2004-1154 {DSA-701-1} - samba 3.0.10-1 -CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) +CVE-2004-1153 NOT-FOR-US: Adobe Acrobat Reader -CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...) +CVE-2004-1152 NOT-FOR-US: Adobe Acrobat Reader -CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) +CVE-2004-1151 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 -CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...) +CVE-2004-1150 NOT-FOR-US: Winamp -CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) +CVE-2004-1149 NOT-FOR-US: Computer Associates eTrust EZ Antivirus -CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) +CVE-2004-1148 - phpmyadmin 2:2.6.1-rc1-1 -CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) +CVE-2004-1147 - phpmyadmin 2:2.6.1-rc1-1 -CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) +CVE-2004-1146 - cvstrac 1.1.5 -CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) +CVE-2004-1145 - kdelibs 4:3.3.2-1 -CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) +CVE-2004-1144 NOTE: amd64 specific - kernel-source-2.4.27 2.4.27-9 -CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...) +CVE-2004-1143 - mailman 2.1.5-5 -CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) +CVE-2004-1142 {DSA-613-1} - ethereal 0.10.8-1 -CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...) +CVE-2004-1141 - ethereal 0.10.8-1 -CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) +CVE-2004-1140 - ethereal 0.10.8-1 -CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...) +CVE-2004-1139 - ethereal 0.10.8-1 -CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...) +CVE-2004-1138 - vim 1:6.3-046+0sarge1 -CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) +CVE-2004-1137 - linux-2.6 <not-affected> (Fixed before upload into the archive) - kernel-source-2.4.27 2.4.27-7 -CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...) +CVE-2004-1136 NOT-FOR-US: CuteFTP -CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...) +CVE-2004-1135 NOT-FOR-US: WS-Ftpd -CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) +CVE-2004-1134 NOT-FOR-US: Microsoft -CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) +CVE-2004-1133 NOT-FOR-US: Microsoft CVE-2004-1132 RESERVED -CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...) +CVE-2004-1131 NOT-FOR-US: SCO -CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...) +CVE-2004-1130 NOT-FOR-US: CMailServer -CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) +CVE-2004-1129 NOT-FOR-US: CMailServer -CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...) +CVE-2004-1128 NOT-FOR-US: CMailServer -CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...) +CVE-2004-1127 - opendchub 0.7.14-1.1 (bug #284350; bug #283061) CVE-2004-1126 RESERVED -CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) +CVE-2004-1125 {DSA-621-1 DSA-619-1} - xpdf 3.00-11 - cupsys 1.1.22-2 @@ -3505,193 +3505,193 @@ CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3 - tetex-bin 2.0.2-25 - gpdf 2.8.2-1 - koffice 1:1.3.5-1 -CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...) +CVE-2004-1124 NOT-FOR-US: UnixWare -CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) +CVE-2004-1123 NOT-FOR-US: Darwin Streaming Server -CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) +CVE-2004-1122 NOT-FOR-US: Safari -CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) +CVE-2004-1121 NOT-FOR-US: Safari -CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) +CVE-2004-1120 {DSA-663-1} - prozilla 1:1.3.7.3-1 -CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) +CVE-2004-1119 NOT-FOR-US: Winamp -CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...) +CVE-2004-1118 NOT-FOR-US: WodFtpDLX.ocx ActiveX component -CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...) +CVE-2004-1117 NOT-FOR-US: ChessBrain -CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) +CVE-2004-1116 NOT-FOR-US: GIMPS -CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...) +CVE-2004-1115 - setiathome <not-affected> (Gentoo-specific vulnerability) -CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...) +CVE-2004-1114 NOT-FOR-US: Skype -CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...) +CVE-2004-1113 - sqlgrey 1.2.0 -CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) +CVE-2004-1112 NOT-FOR-US: Cisco -CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...) +CVE-2004-1111 NOT-FOR-US: Cisco -CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) +CVE-2004-1110 - mtink 1.0.5 NOTE: debian not vulnerable except in edge case -CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...) +CVE-2004-1109 NOT-FOR-US: Kerio Personal Firewall -CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...) +CVE-2004-1108 NOT-FOR-US: Gentoolkit -CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...) +CVE-2004-1107 NOT-FOR-US: Portage -CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...) +CVE-2004-1106 {DSA-642-1} - gallery 1.4.4-pl4-1 -CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...) +CVE-2004-1105 NOT-FOR-US: Nortel Networks Contivity VPN Client -CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) +CVE-2004-1104 NOT-FOR-US: Microsoft -CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...) +CVE-2004-1103 NOT-FOR-US: MailPost -CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) +CVE-2004-1102 NOT-FOR-US: MailPost -CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...) +CVE-2004-1101 NOT-FOR-US: MailPost -CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...) +CVE-2004-1100 NOT-FOR-US: MailPost -CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) +CVE-2004-1099 NOT-FOR-US: Cisco -CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) +CVE-2004-1098 - mime-tools 5.415-1 -CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...) +CVE-2004-1097 - cherokee <not-affected> (Fixed before upload into archive) -CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) +CVE-2004-1096 - libarchive-zip-perl 1.14-1 -CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) +CVE-2004-1095 {DSA-608-1} - zgv 5.7-1.3 (bug #284124) -CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version ...) +CVE-2004-1094 NOT-FOR-US: RealPlayer -CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) +CVE-2004-1093 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) +CVE-2004-1092 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) +CVE-2004-1091 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) +CVE-2004-1090 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...) +CVE-2004-1089 NOT-FOR-US: Apple MacOS -CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...) +CVE-2004-1088 NOT-FOR-US: Apple MacOS -CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...) +CVE-2004-1087 NOT-FOR-US: Apple MacOS -CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...) +CVE-2004-1086 NOT-FOR-US: Apple MacOS -CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...) +CVE-2004-1085 NOT-FOR-US: Apple MacOS -CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...) +CVE-2004-1084 NOT-FOR-US: Apple MacOS -CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...) +CVE-2004-1083 NOT-FOR-US: Apple MacOS -CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...) +CVE-2004-1081 NOT-FOR-US: Apple MacOS -CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...) +CVE-2004-1082 NOT-FOR-US: Apple MacOS -CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) +CVE-2004-1080 NOT-FOR-US: Microsoft -CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) +CVE-2004-1079 - ncpfs 2.2.5-2 -CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...) +CVE-2004-1078 NOT-FOR-US: Citrix -CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...) +CVE-2004-1077 NOT-FOR-US: Citrix -CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...) +CVE-2004-1076 {DSA-609-1} - atari800 1.3.2-1 -CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) +CVE-2004-1075 - zope-zwiki 0.37.0-1 -CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) +CVE-2004-1074 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-7 -CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) +CVE-2004-1073 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 -CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) +CVE-2004-1072 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 -CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) +CVE-2004-1071 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 -CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...) +CVE-2004-1070 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 -CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...) +CVE-2004-1069 - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 <not-affected> (2.6 only issue) [sarge] - kernel-source-2.6.8 2.6.8-11 -CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) +CVE-2004-1068 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9) - kernel-source-2.4.27 2.4.27-7 [sarge] - kernel-source-2.6.8 2.6.8-11 -CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...) +CVE-2004-1067 - cyrus21-imapd <not-affected> (Only affected 2.2 series) -CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) +CVE-2004-1066 NOT-FOR-US: FreeBSD -CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...) +CVE-2004-1065 - php4 4:4.3.10-1 -CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...) +CVE-2004-1064 - php4 4:4.3.10-1 -CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...) +CVE-2004-1063 - php4 4:4.3.10-1 -CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...) +CVE-2004-1062 - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771) -CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...) +CVE-2004-1061 - bugzilla 2.16.7-2 -CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) +CVE-2004-1060 NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors -CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) +CVE-2004-1059 - mnogosearch 3.2.18-2.2 -CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) +CVE-2004-1058 {DSA-1018-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...) +CVE-2004-1057 - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-10 -CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) +CVE-2004-1056 - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-8 [sarge] - kernel-source-2.6.8 2.6.8-11 -CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2004-1055 - phpmyadmin 2:2.6.0-pl3-1 -CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) +CVE-2004-1054 NOT-FOR-US: AIX -CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) +CVE-2004-1053 NOT-FOR-US: fetch on FreeBSD -CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) +CVE-2004-1052 {DSA-595-1} - bnc <removed> -CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...) +CVE-2004-1051 {DSA-596-2} - sudo 1.6.8p3-1 -CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...) +CVE-2004-1050 NOT-FOR-US: Microsoft -CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...) +CVE-2004-1049 NOT-FOR-US: Microsoft CVE-2004-1048 RESERVED @@ -3703,7 +3703,7 @@ CVE-2004-1045 RESERVED CVE-2004-1044 RESERVED -CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) +CVE-2004-1043 NOT-FOR-US: MSIE CVE-2004-1042 RESERVED @@ -3711,109 +3711,109 @@ CVE-2004-1041 RESERVED CVE-2004-1040 RESERVED -CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...) +CVE-2004-1039 NOT-FOR-US: SCO UnixWare -CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...) +CVE-2004-1038 NOT-FOR-US: IEEE1394 specification bug, physical security -CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...) +CVE-2004-1037 - twiki 20030201-6 -CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...) +CVE-2004-1036 - squirrelmail 2:1.4.3a-3 -CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...) +CVE-2004-1035 - up-imapproxy 1.2.2+1.2.3rc2-1 -CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...) +CVE-2004-1034 - kaffeine 0.4.3.1-3 - gxine 0.4-rc1 -CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...) +CVE-2004-1033 - fcron 2.9.5.1-1 -CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) +CVE-2004-1032 - fcron 2.9.5.1-1 -CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) +CVE-2004-1031 - fcron 2.9.5.1-1 -CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) +CVE-2004-1030 - fcron 2.9.5.1-1 -CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) +CVE-2004-1029 NOT-FOR-US: Sun JRE -CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) +CVE-2004-1028 NOT-FOR-US: AIX -CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...) +CVE-2004-1027 {DSA-652-1} - arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable) -CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) +CVE-2004-1026 {DSA-628-1 DSA-618-1} - imlib 1.9.14-17.1 (bug #284925) - imlib+png2 1.9.14-16.1 - imlib2 1.1.2-2.1 -CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...) +CVE-2004-1025 {DSA-618-1} - imlib 1.9.14-17.1 (bug #284925) - imlib+png2 1.9.14-16.1 CVE-2004-1024 RESERVED -CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) +CVE-2004-1023 NOT-FOR-US: Kerio -CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) +CVE-2004-1022 NOT-FOR-US: Kerio -CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...) +CVE-2004-1021 NOT-FOR-US: MacOS -CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...) +CVE-2004-1020 - php4 4:4.3.10-1 -CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) +CVE-2004-1019 - php4 4:4.3.10-1 -CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...) +CVE-2004-1018 - php4 4:4.3.10-1 - php3 3:3.0.18-29 -CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) +CVE-2004-1017 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} - linux-2.6 <not-affected> (2.4 specific vulnerability) -CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) +CVE-2004-1016 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-7 -CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) +CVE-2004-1015 - cyrus-imapd <not-affected> (cyrus-imapd not vulnerable) - cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable) -CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...) +CVE-2004-1014 {DSA-606-1} - nfs-utils 1:1.0.6-3.1 -CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...) +CVE-2004-1013 {DSA-597-1} - cyrus-imapd 1.5.19-20 - cyrus21-imapd 2.1.17-1 -CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) +CVE-2004-1012 {DSA-597-1} - cyrus-imapd 1.5.19-20 - cyrus21-imapd 2.1.17-1 -CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) +CVE-2004-1011 - cyrus-imapd <not-affected> (cyrus-imapd not vulnerable) - cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable) -CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...) +CVE-2004-1010 {DSA-624-1} - zip 2.30-8 -CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) +CVE-2004-1009 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...) +CVE-2004-1008 - putty 0.56-1 -CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...) +CVE-2004-1007 - bogofilter 0.92.8-1 -CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) +CVE-2004-1006 {DSA-584-1} - dhcp 2.0pl5-19.1 -CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...) +CVE-2004-1005 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) +CVE-2004-1004 {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) +CVE-2004-1003 NOT-FOR-US: Trend ScanMail -CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...) +CVE-2004-1002 - ppp 2.4.2+20040428-3 -CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) +CVE-2004-1001 {DSA-585-1} NOTE: Fixed in shadow 1:4.0.3-30.3 for the first time. NOTE: Apparently, the fix was lost somehow, see #309587. @@ -3821,233 +3821,233 @@ CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0. NOTE: version 1:4.0.3-35. - shadow 1:4.0.3-35 [sarge] - shadow 1:4.0.3-31sarge5 (bug #309587) -CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...) +CVE-2004-1000 {DSA-630-1} - lintian 1.23.6 (bug #286379; low) -CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...) +CVE-2004-0999 {DSA-608-1} - zgv 5.7-1.3 (bug #284124) NOTE: changelog says he only patched 1095, but diff comparison NOTE: shows 0999 was also fixed. -CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...) +CVE-2004-0998 {DSA-616-1} - netkit-telnet-ssl 0.17.24+0.1-6 -CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...) +CVE-2004-0997 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (fixed before first upload) -CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) +CVE-2004-0996 {DSA-610-1} - cscope 15.5-1.1 (bug #282815) NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. CVE-2004-0995 REJECTED -CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) +CVE-2004-0994 {DSA-614-1} NOTE: only indication that it's this CVE is in the debian package changelog - xzgv 0.8-3 -CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) +CVE-2004-0993 {DSA-604-1} - hpsockd 0.14 -CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...) +CVE-2004-0992 NOT-FOR-US: Proxytunnel -CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) +CVE-2004-0991 - mpg123 0.59r-19 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) -CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) +CVE-2004-0990 {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} - libgd2 2.0.30-1 - libgd 1.8.4-36.1 -CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...) +CVE-2004-0989 {DSA-582-1} - libxml 1:1.8.17-9 - libxml2 2.6.11-5 -CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...) +CVE-2004-0988 NOT-FOR-US: Apple -CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...) +CVE-2004-0987 {DSA-598-1} - yardradius 1.0.20-15 -CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...) +CVE-2004-0986 {DSA-580-1} - iptables 1.2.11-4 -CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...) +CVE-2004-0985 NOT-FOR-US: windows -CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...) +CVE-2004-0984 - mailutils 1:0.5-4 -CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) +CVE-2004-0983 {DSA-586-1} - ruby1.8 1.8.1+1.8.2pre2-4 - ruby1.6 1.6.8-12 - ruby <removed> -CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) +CVE-2004-0982 {DSA-578-1} - mpg123 0.59r-18 NOTE: Original fix in -17 was incomplete -CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...) +CVE-2004-0981 {DSA-593-1} - imagemagick 6:6.0.6.2-1.5 (bug #278401) - graphicsmagick 1.1.7-1 -CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...) +CVE-2004-0980 {DSA-592-1} - ez-ipupdate 3.0.11b8-8 -CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) +CVE-2004-0979 NOT-FOR-US: windows -CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...) +CVE-2004-0978 NOT-FOR-US: windows -CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...) +CVE-2004-0977 {DSA-577-1} - postgresql 7.4.6-1 -CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...) +CVE-2004-0976 {DSA-620-1} - perl 5.8.4-4 -CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) +CVE-2004-0975 {DSA-603-1} - openssl 0.9.7e-3 NOTE: -1 claimed to include it, but it was missing -CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...) +CVE-2004-0974 - netatalk 1.6.4a-1 (low) CVE-2004-0973 REJECTED -CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) +CVE-2004-0972 {DSA-583-1} - lvm10 1:1.0.8-8 -CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) +CVE-2004-0971 NOTE: Not shipped in the krb5 binary package - krb5 <unfixed> (bug #278271; unimportant) - arla 0.36.2-11 -CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...) +CVE-2004-0970 {DSA-588-1} - gzip 1.3.5-8 (bug #259043; bug #257314; medium) -CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...) +CVE-2004-0969 - groff 1.18.1.1-2 -CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...) +CVE-2004-0968 {DSA-636-1} - glibc 2.3.2.ds1-19 -CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...) +CVE-2004-0967 - gs-common 0.3.6-0.1 - gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant) NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary -CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) +CVE-2004-0966 - gettext 0.14.1-6 -CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) +CVE-2004-0965 NOT-FOR-US: HP-UX -CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) +CVE-2004-0964 {DSA-587-1} - zinf <not-affected> (According to DSA-587 not affected, as module was rewritten) - freeamp <removed> -CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...) +CVE-2004-0963 NOT-FOR-US: windows -CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) +CVE-2004-0962 NOT-FOR-US: Apple Remote Desktop Client -CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...) +CVE-2004-0961 - freeradius 1.0.1 -CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) +CVE-2004-0960 - freeradius 1.0.1 -CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...) +CVE-2004-0959 - php4 4:4.3.9 -CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...) +CVE-2004-0958 - php4 4:4.3.9 -CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) +CVE-2004-0957 {DSA-707-1} - mysql-dfsg-4.1 4.1.10a-6 - mysql-dfsg 4.0.24-5 -CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...) +CVE-2004-0956 - mysql-dfsg <not-affected> (Not vulnerable, http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge) CVE-2004-0955 REJECTED CVE-2004-0954 REJECTED -CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) +CVE-2004-0953 - jabber <not-affected> (Jabber version 2 is vulnerable, we have an older version that seems not) -CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...) +CVE-2004-0952 NOT-FOR-US: HP-UX -CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...) +CVE-2004-0951 NOT-FOR-US: HP-UX -CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) +CVE-2004-0950 NOT-FOR-US: NetOp Host -CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) +CVE-2004-0949 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9) CVE-2004-0948 REJECTED -CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) +CVE-2004-0947 {DSA-652-1} NOTE: see http://lwn.net/Alerts/110733/ - arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable) -CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) +CVE-2004-0946 - nfs-utils <not-affected> (does not apply per maintainer) -CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) +CVE-2004-0945 NOT-FOR-US: Mitel 3300 Integrated Communications Platform -CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) +CVE-2004-0944 NOT-FOR-US: Mitel 3300 Integrated Communications Platform CVE-2004-0943 REJECTED -CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) +CVE-2004-0942 - apache2 2.0.52-2 -CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) +CVE-2004-0941 {DSA-602-1 DSA-601-1} - libgd2 2.0.33-1.1 - libgd 1.8.4-36.1 -CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...) +CVE-2004-0940 {DSA-594-1} - apache 1.3.33-2 -CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) +CVE-2004-0939 NOT-FOR-US: Neoteris Instant Virtual Extranet -CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) +CVE-2004-0938 - freeradius 1.0.1 -CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) +CVE-2004-0937 NOT-FOR-US: Sophos Anti-Virus -CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...) +CVE-2004-0936 NOT-FOR-US: RAV antivirus -CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...) +CVE-2004-0935 NOT-FOR-US: Eset anti-virus -CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...) +CVE-2004-0934 NOT-FOR-US: Kaspersky antivirus -CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...) +CVE-2004-0933 NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus -CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) +CVE-2004-0932 NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers -CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...) +CVE-2004-0931 - maxdb-7.5.00 7.5.00.18 -CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...) +CVE-2004-0930 - samba 3.0.8-1 -CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...) +CVE-2004-0929 - tiff3g <removed> -CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...) +CVE-2004-0928 NOT-FOR-US: Macromedia -CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...) +CVE-2004-0927 NOT-FOR-US: MacOS -CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) +CVE-2004-0926 NOT-FOR-US: MacOS -CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...) +CVE-2004-0925 NOT-FOR-US: MacOS -CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...) +CVE-2004-0924 NOT-FOR-US: MacOS -CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) +CVE-2004-0923 {DSA-566-1} - cupsys 1.1.20final+rc1-9 - cups 1.1.20final+rc1-9 -CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) +CVE-2004-0922 NOT-FOR-US: MacOS -CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) +CVE-2004-0921 NOT-FOR-US: MacOS -CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...) +CVE-2004-0920 NOT-FOR-US: norton -CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...) +CVE-2004-0919 NOT-FOR-US: FreeBSD -CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...) +CVE-2004-0918 {DSA-576-1} - squid 2.5.7 -CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...) +CVE-2004-0917 NOT-FOR-US: Vignette Application Portal -CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...) +CVE-2004-0916 {DSA-574-1} - cabextract 1.1-1 -CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...) +CVE-2004-0915 {DSA-605-1} - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237) -CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) +CVE-2004-0914 {DSA-607-1} NOTE: Previous -9 fix had some issues of its own - xfree86 4.3.0.dfsg.1-14 (bug #309143) @@ -4057,74 +4057,74 @@ CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used - lesstif2 1:0.93.94-11.2 - openmotif 2.2.3-1.1 (bug #309819; medium) [sarge] - openmotif <no-dsa> (Non-free) -CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) +CVE-2004-0913 {DSA-572-1} - ecartis 1.0.0+cvs.20030911-8 CVE-2004-0912 RESERVED -CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) +CVE-2004-0911 {DSA-569-1 DSA-556-1} - netkit-telnet-ssl 0.17.24+0.1-4 - netkit-telnet 0.17-26 CVE-2004-0910 REJECTED -CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) +CVE-2004-0909 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) +CVE-2004-0908 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...) +CVE-2004-0907 - mozilla-firefox <not-affected> (non-Debian packaging issue) -CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) +CVE-2004-0906 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) +CVE-2004-0905 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...) +CVE-2004-0904 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...) +CVE-2004-0903 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...) +CVE-2004-0902 - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 -CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...) +CVE-2004-0901 NOT-FOR-US: Microsoft -CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) +CVE-2004-0900 NOT-FOR-US: Microsoft -CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) +CVE-2004-0899 NOT-FOR-US: Microsoft CVE-2004-0898 RESERVED -CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...) +CVE-2004-0897 NOT-FOR-US: Windows CVE-2004-0896 RESERVED CVE-2004-0895 RESERVED -CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...) +CVE-2004-0894 NOT-FOR-US: Microsoft -CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...) +CVE-2004-0893 NOT-FOR-US: Microsoft -CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...) +CVE-2004-0892 NOT-FOR-US: Microsoft -CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...) +CVE-2004-0891 - gaim 1:1.0.2 CVE-2004-0890 REJECTED -CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...) +CVE-2004-0889 - xpdf 3.00-10 (medium) -CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) +CVE-2004-0888 {DSA-599-1 DSA-581-1 DSA-573-1} - koffice 1:1.3.4-1 - tetex-bin 2.0.2-23 @@ -4136,34 +4136,34 @@ CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other package NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6. NOTE: In version 1.1.20final+rc1-10, the dormant code in the source NOTE: package was fixed. -CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) +CVE-2004-0887 {DSA-1018-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.6.8 2.6.8-10 -CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) +CVE-2004-0886 {DSA-567-1} - kdegraphics 3.3.2-1 - tiff 3.6.1-2 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) +CVE-2004-0885 - apache2 2.0.52-2 - libapache-mod-ssl 2.8.20-1 -CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) +CVE-2004-0884 {DSA-568-1 DSA-563-3} - cyrus-sasl <removed> - cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553) -CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) +CVE-2004-0883 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10) - kernel-source-2.4.27 2.4.27-6 [sarge] - kernel-source-2.6.8 2.6.8-13 -CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...) +CVE-2004-0882 NOTE: details http://security.e-matters.de/advisories/132004.html - samba 3.0.7 -CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) +CVE-2004-0881 {DSA-553-1} - getmail 3.2.5-1 -CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...) +CVE-2004-0880 {DSA-553-1} - getmail 3.2.5-1 CVE-2004-0879 @@ -4174,31 +4174,31 @@ CVE-2004-0877 RESERVED CVE-2004-0876 RESERVED -CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) +CVE-2004-0875 - phpgroupware 0.9.16.002 CVE-2004-0874 REJECTED -CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...) +CVE-2004-0873 NOT-FOR-US: apple -CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...) +CVE-2004-0872 NOT-FOR-US: Opera -CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...) +CVE-2004-0871 NOTE: upstream knows about the problem, no fix expected NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html NOTE: fix doesn't look likely any time soon -CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...) +CVE-2004-0870 NOTE: upstream knows about the problem, no fix expected NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html NOTE: fix doesn't look likely any time soon -CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...) +CVE-2004-0869 NOT-FOR-US: MSIE CVE-2004-0868 REJECTED -CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...) +CVE-2004-0867 - mozilla-firefox 0.9.3 -CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...) +CVE-2004-0866 NOT-FOR-US: MSIE CVE-2004-0865 RESERVED @@ -4226,334 +4226,334 @@ CVE-2004-0854 REJECTED CVE-2004-0853 REJECTED -CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) +CVE-2004-0852 {DSA-611-1} - htget <removed> -CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...) +CVE-2004-0851 {DSA-559-1} - net-acct 0.71-7 -CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...) +CVE-2004-0850 - star 1.5a46 -CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) +CVE-2004-0849 NOT-FOR-US: GNU Radius -CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...) +CVE-2004-0848 NOT-FOR-US: microsoft -CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) +CVE-2004-0847 NOT-FOR-US: microsoft -CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) +CVE-2004-0846 NOT-FOR-US: microsoft -CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...) +CVE-2004-0845 NOT-FOR-US: microsoft -CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) +CVE-2004-0844 NOT-FOR-US: microsoft -CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...) +CVE-2004-0843 NOT-FOR-US: microsoft -CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...) +CVE-2004-0842 NOT-FOR-US: microsoft -CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...) +CVE-2004-0841 NOT-FOR-US: microsoft -CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...) +CVE-2004-0840 NOT-FOR-US: microsoft -CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) +CVE-2004-0839 NOT-FOR-US: microsoft -CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...) +CVE-2004-0837 {DSA-562-2} - mysql <removed> -CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) +CVE-2004-0836 {DSA-562-2} - mysql <removed> -CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...) +CVE-2004-0835 {DSA-562-2} - mysql <removed> -CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...) +CVE-2004-0834 - speedtouch 1.3.1 -CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...) +CVE-2004-0833 {DSA-554-1} - sendmail 8.13.1-13 -CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...) +CVE-2004-0832 - squid 2.5.6-8 -CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) +CVE-2004-0831 NOT-FOR-US: McAfee -CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...) +CVE-2004-0830 NOT-FOR-US: Microsoft -CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) +CVE-2004-0829 - samba 2.2.11 -CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) +CVE-2004-0828 NOTE: not-fos-us (AIX) -CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...) +CVE-2004-0827 {DSA-547-1} - imagemagick 5:6.0.7.1-1 -CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) +CVE-2004-0826 NOT-FOR-US: netscape NSS -CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...) +CVE-2004-0825 NOT-FOR-US: Apple -CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...) +CVE-2004-0824 NOT-FOR-US: Apple -CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...) +CVE-2004-0823 NOT-FOR-US: Apple -CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...) +CVE-2004-0822 NOT-FOR-US: Apple -CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...) +CVE-2004-0821 NOT-FOR-US: Apple -CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...) +CVE-2004-0820 NOT-FOR-US: winamp -CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) +CVE-2004-0819 NOT-FOR-US: openbsd CVE-2004-0818 REJECTED -CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) +CVE-2004-0817 {DSA-548-2} - imlib+png2 1.9.14-16.2 - imlib 1.9.14-17 (bug #285025) -CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) +CVE-2004-0816 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8) - kernel-source-2.4.27 <not-affected> (2.6 specific issue) -CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) +CVE-2004-0815 {DSA-600-1} - samba 3.0.6-1 (bug #274342) -CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...) +CVE-2004-0814 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9) [sarge] - kernel-source-2.6.8 2.6.8-8 - kernel-source-2.4.27 2.4.27-7 -CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...) +CVE-2004-0813 - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10) - kernel-source-2.4.27 <not-affected> (Only an issue with botched permissions) -CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...) +CVE-2004-0812 - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.0-test10) - kernel-source-2.4.27 <not-affected> (2.4 not support for amd64) -CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...) +CVE-2004-0811 - apache2 2.0.52 -CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...) +CVE-2004-0810 NOT-FOR-US: Netopia Timbuktu -CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...) +CVE-2004-0809 {DSA-558-1} - apache2 2.0.51-1 - libapache-mod-dav 1.0.3-10 -CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...) +CVE-2004-0808 - samba 3.0.7 -CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...) +CVE-2004-0807 - samba 3.0.7 -CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...) +CVE-2004-0806 - cdrtools 4:2.0+a34-2 -CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) +CVE-2004-0805 {DSA-564-1} - mpg123 0.59r-16 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) -CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) +CVE-2004-0804 {DSA-567-1} - kdegraphics 3.3.2-1 - tiff 3.6.1-2 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) +CVE-2004-0803 {DSA-567-1} - kdegraphics 3.3.2-1 - tiff 3.6.1-2 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) +CVE-2004-0802 {DSA-552-1} - imlib2 1.1.0-12.4 -CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) +CVE-2004-0801 - foomatic-filters 3.0.2 -CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) +CVE-2004-0800 NOT-FOR-US: Solaris -CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) +CVE-2004-0799 NOT-FOR-US: Ipswitch WhatsUp Gold -CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...) +CVE-2004-0798 NOT-FOR-US: Ipswitch WhatsUp Gold -CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) +CVE-2004-0797 - zlib 1:1.2.1.1-6 [woody] - zlib <not-affected> (zlib 1.1 is not affected) -CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...) +CVE-2004-0796 - spamassassin 2.64 -CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) +CVE-2004-0795 NOT-FOR-US: IBM DB2 DB2RCMD.EXE -CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...) +CVE-2004-0794 {DSA-551-1} - lukemftpd 1.1-2.2 (bug #266370) -CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...) +CVE-2004-0793 - bsdmainutils 6.0.15 -CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) +CVE-2004-0792 {DSA-538} - rsync 2.6.2-3 -CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) +CVE-2004-0791 - kernel-source-2.4.27 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort) - linux-2.6 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort) -CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) +CVE-2004-0790 - kernel-source-2.6.8 2.6.8-16 (bug #305664) - kernel-source-2.4.27 2.4.27-10 (bug #305664) -CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...) +CVE-2004-0789 NOT-FOR-US: DNS impleementations not in Debian -CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...) +CVE-2004-0788 {DSA-549-1 DSA-546-1} - gtk+2.0 2.4.9-2 - gdk-pixbuf 0.22.0-7 -CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) +CVE-2004-0787 NOT-FOR-US: OpenCA -CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...) +CVE-2004-0786 - apache <not-affected> (not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge) - apache2 2.0.51 -CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...) +CVE-2004-0785 - gaim 1:0.82 -CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...) +CVE-2004-0784 - gaim 1:0.82 -CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) +CVE-2004-0783 {DSA-549-1} - gtk+2.0 2.4.9-2 -CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) +CVE-2004-0782 {DSA-549-1 DSA-546-1} - gtk+2.0 2.4.9-2 - gdk-pixbuf 0.22.0-7 -CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...) +CVE-2004-0781 {DSA-541} - icecast-server 1:1.3.12-8 -CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...) +CVE-2004-0780 NOT-FOR-US: Solaris -CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) +CVE-2004-0779 - mozilla 2:1.7 - mozilla-firefox 0.9 -CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...) +CVE-2004-0778 - cvs 1:1.12.9 -CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) +CVE-2004-0777 - courier 0.45.6-1 (medium; bug #266723) NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite NOTE: mentioned in the bug report. CVE-2004-0776 RESERVED -CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) +CVE-2004-0775 NOT-FOR-US: Windows -CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...) +CVE-2004-0774 NOT-FOR-US: Real Helix server CVE-2004-0773 RESERVED -CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT ...) +CVE-2004-0772 {DSA-543-1} - krb5 1.3.4-3 -CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...) +CVE-2004-0771 - lha 1.14i-9 (bug #279870) -CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...) +CVE-2004-0770 - dgen 1.23-6 -CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...) +CVE-2004-0769 - lha 1.14i-9 (bug #279870) -CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...) +CVE-2004-0768 {DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 -CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) +CVE-2004-0767 NOT-FOR-US: NGSEC StackDefender -CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) +CVE-2004-0766 NOT-FOR-US: NGSEC StackDefender -CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...) +CVE-2004-0765 - mozilla 2:1.7 - mozilla-firefox 0.9 -CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) +CVE-2004-0764 - mozilla 2:1.7 - mozilla-firefox 0.9 -CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...) +CVE-2004-0763 - mozilla-firefox 0.9.3 -CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) +CVE-2004-0762 - mozilla 2:1.7 - mozilla-firefox 0.9 -CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) +CVE-2004-0761 - mozilla 2:1.7 - mozilla-firefox 0.9 -CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...) +CVE-2004-0760 - mozilla 2:1.7.2 - mozilla-firefox 0.9.3 -CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...) +CVE-2004-0759 - mozilla 2:1.7 -CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...) +CVE-2004-0758 - mozilla 2:1.7.2 - mozilla-firefox 0.9.3 -CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) +CVE-2004-0757 - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0756 REJECTED -CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) +CVE-2004-0755 {DSA-537} - ruby1.8 1.8.1+1.8.2pre1-4 - ruby <removed> -CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) +CVE-2004-0754 - gaim 1:0.82.1-1 -CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...) +CVE-2004-0753 {DSA-546-1} - gdk-pixbuf 0.22.0-7 -CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...) +CVE-2004-0752 - openoffice.org 1.1.2-4 -CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...) +CVE-2004-0751 - apache2 2.0.50-11 -CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) +CVE-2004-0750 NOT-FOR-US: Red Hat specific -CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...) +CVE-2004-0749 - subversion 1.0.9-2 -CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) +CVE-2004-0748 - apache2 2.0.51 -CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...) +CVE-2004-0747 [sarge] - apache2 <not-affected> - apache2 2.0.51 -CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) +CVE-2004-0746 [sarge] - kdelibs 4:3.2.3-3.sarge.1 - kdelibs 4:3.3 -CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...) +CVE-2004-0745 - lha 1.14i-10 (bug #279870) -CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...) +CVE-2004-0744 NOT-FOR-US: MacOS -CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...) +CVE-2004-0743 NOT-FOR-US: MacOS -CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...) +CVE-2004-0742 NOT-FOR-US: Sun Java System Portal Server -CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...) +CVE-2004-0741 NOT-FOR-US: LionMax Software WWW File Share Pro -CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...) +CVE-2004-0740 NOT-FOR-US: Lexmark -CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) +CVE-2004-0739 NOT-FOR-US: Whisper FTP Surfer -CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...) +CVE-2004-0738 NOT-FOR-US: phpnuke -CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...) +CVE-2004-0737 NOT-FOR-US: phpnuke -CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...) +CVE-2004-0736 NOT-FOR-US: phpnuke -CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...) +CVE-2004-0735 NOT-FOR-US: various windows games -CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...) +CVE-2004-0734 NOT-FOR-US: Web_Store.cgi -CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) +CVE-2004-0733 NOT-FOR-US: OllyDbg -CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...) +CVE-2004-0732 NOT-FOR-US: phpnuke -CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...) +CVE-2004-0731 NOT-FOR-US: phpnuke -CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...) +CVE-2004-0730 - phpbb2 2.0.10 -CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) +CVE-2004-0729 - phpbb2 2.0.10 -CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...) +CVE-2004-0728 NOT-FOR-US: Microsoft -CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) +CVE-2004-0727 NOT-FOR-US: Microsoft -CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...) +CVE-2004-0726 NOT-FOR-US: Microsoft -CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...) +CVE-2004-0725 - moodle 1.4 -CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...) +CVE-2004-0724 NOT-FOR-US: Half Life -CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) +CVE-2004-0723 NOT-FOR-US: Microsoft -CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...) +CVE-2004-0722 - mozilla 2:1.6 -CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) +CVE-2004-0721 [sarge] - kdebase 4:3.2.3-1.sarge.1 [sarge] - kdelibs 4:3.2.3-3.sarge.1 - kdelibs 4:3.3.0-1 - kdebase 4:3.3.0-1 -CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...) +CVE-2004-0720 NOT-FOR-US: Safari -CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) +CVE-2004-0719 NOT-FOR-US: Microsoft -CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) +CVE-2004-0718 {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent NOTE: upstream versions became vulnerable again, see @@ -4561,80 +4561,80 @@ CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) . NOTE: and were fixed again, it got CVE-2005-1937 for the reversion - mozilla 2:1.7.10-1 (medium) - mozilla-firefox 1.0.6-1 (medium) -CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) +CVE-2004-0717 NOT-FOR-US: opera 7.50 -CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) +CVE-2004-0716 NOT-FOR-US: HP-UX -CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...) +CVE-2004-0715 NOT-FOR-US: BEA WebLogic Server and WebLogic Express -CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) +CVE-2004-0714 NOT-FOR-US: Cisco -CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...) +CVE-2004-0713 NOT-FOR-US: BEA WebLogic Server and WebLogic Express -CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...) +CVE-2004-0712 NOT-FOR-US: BEA WebLogic Server -CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...) +CVE-2004-0711 NOT-FOR-US: BEA WebLogic Server -CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) +CVE-2004-0710 NOT-FOR-US: Cisco -CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...) +CVE-2004-0709 NOT-FOR-US: HP OpenView Select Access -CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) +CVE-2004-0708 - moin 1.2.2 -CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) +CVE-2004-0707 - bugzilla 2.16.7-0.1 -CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...) +CVE-2004-0706 [woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable) [sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable) - bugzilla 2.18-1 -CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2004-0705 - bugzilla 2.16.7-0.1 -CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...) +CVE-2004-0704 - bugzilla 2.16.7-0.1 -CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...) +CVE-2004-0703 [woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable) [sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable) - bugzilla 2.18-1 -CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...) +CVE-2004-0702 [woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable) [sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable) - bugzilla 2.18-1 -CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...) +CVE-2004-0701 NOT-FOR-US: Solaris -CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...) +CVE-2004-0700 {DSA-532} - libapache-mod-ssl 2.8.19-1 -CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...) +CVE-2004-0699 NOT-FOR-US: Check Point VPN -CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...) +CVE-2004-0698 NOT-FOR-US: WebSTAR -CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...) +CVE-2004-0697 NOT-FOR-US: WebSTAR -CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...) +CVE-2004-0696 NOT-FOR-US: WebSTAR -CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...) +CVE-2004-0695 NOT-FOR-US: WebSTAR -CVE-2004-0694 (Buffer overflow in LHA 1.14 and earlier allows remote attackers to ...) +CVE-2004-0694 - lha 1.14i-10 (bug #279870) -CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...) +CVE-2004-0693 {DSA-542-1} - qt-x11-free 3:3.3.3-4 - qt-copy <removed> -CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...) +CVE-2004-0692 {DSA-542-1} - qt-x11-free 3:3.3.3-4 - qt-copy <removed> -CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...) +CVE-2004-0691 {DSA-542-1} - qt-x11-free 3:3.3.3-4 - qt-copy <removed> -CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...) +CVE-2004-0690 [sarge] - kdelibs 4:3.2.3-3.sarge.1 - kdelibs 4:3.3.0-1 -CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) +CVE-2004-0689 {DSA-539} - kdelibs 4:3.3.0-1 -CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...) +CVE-2004-0688 {DSA-561-1 DSA-560-1} NOTE: Matej Vela has checked that these are backported to lesstif1 as well - lesstif1-1 1:0.93.94-10 @@ -4642,7 +4642,7 @@ CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in [sarge] - openmotif <no-dsa> (Non-free) - xfree86 4.3.0.dfsg.1-8 - xorg-x11 <not-affected> (Fixed before introduction into archive) -CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) +CVE-2004-0687 {DSA-561-1 DSA-560-1} NOTE: Matej Vela has checked that these are backported to lesstif1 as well - lesstif1-1 1:0.93.94-10 @@ -4650,572 +4650,572 @@ CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in .. [sarge] - openmotif <no-dsa> (Non-free) - xfree86 4.3.0.dfsg.1-8 - xorg-x11 <not-affected> (Fixed before introduction into archive) -CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) +CVE-2004-0686 - samba 3.0.5 (bug #260839; bug #260838) -CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) +CVE-2004-0685 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 -CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) +CVE-2004-0684 NOT-FOR-US: WebSphere Edge Server -CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...) +CVE-2004-0683 NOT-FOR-US: Norton -CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...) +CVE-2004-0682 NOT-FOR-US: Comersus Cart -CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2004-0681 NOT-FOR-US: Comersus Cart -CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...) +CVE-2004-0680 NOT-FOR-US: Zoom DSL modem -CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...) +CVE-2004-0679 NOT-FOR-US: UnrealIRCd -CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...) +CVE-2004-0678 NOT-FOR-US: 12Planet Chat Server -CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...) +CVE-2004-0677 NOT-FOR-US: Fastream NETFile FTP Server -CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...) +CVE-2004-0676 NOT-FOR-US: Fastream NETFile FTP Server -CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...) +CVE-2004-0675 NOT-FOR-US: c32web.exe -CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...) +CVE-2004-0674 NOT-FOR-US: Enterasys XSR-1800 series Security Routers -CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...) +CVE-2004-0673 NOT-FOR-US: SCI Photo Chat Server -CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) +CVE-2004-0672 NOT-FOR-US: Netegrity IdentityMinder Web Edition -CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...) +CVE-2004-0671 NOT-FOR-US: Brightmail Spamfilter -CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...) +CVE-2004-0670 NOT-FOR-US: Rompager -CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...) +CVE-2004-0669 NOT-FOR-US: Lotus -CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...) +CVE-2004-0668 NOT-FOR-US: Lotus -CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...) +CVE-2004-0667 NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable. - kernel-patch-adamantix 1.6 -CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...) +CVE-2004-0666 NOT-FOR-US: popclient -CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...) +CVE-2004-0665 NOT-FOR-US: csFAQ -CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...) +CVE-2004-0664 NOT-FOR-US: PowerPortal -CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) +CVE-2004-0663 NOT-FOR-US: PowerPortal -CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) +CVE-2004-0662 NOT-FOR-US: PowerPortal -CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...) +CVE-2004-0661 NOT-FOR-US: D-Link AirPlus DI-614+ -CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) +CVE-2004-0660 NOT-FOR-US: CuteNews -CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...) +CVE-2004-0659 - mplayer <not-affected> (fixed before upload in archive; 1.0pre5) -CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...) +CVE-2004-0658 - linux-2.6 <not-affected> (Invalid, according to Ben Collins) - kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins) -CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...) +CVE-2004-0657 - ntp 4.0 -CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...) +CVE-2004-0656 - pure-ftpd 1.0.19-1 -CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...) +CVE-2004-0655 NOT-FOR-US: Gentoo specific -CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...) +CVE-2004-0654 NOT-FOR-US: Solaris -CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...) +CVE-2004-0653 NOT-FOR-US: Solaris -CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) +CVE-2004-0652 NOT-FOR-US: BEA WebLogic Server and WebLogic Express -CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) +CVE-2004-0651 NOT-FOR-US: Sun JRE -CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) +CVE-2004-0650 NOT-FOR-US: Cisco -CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) +CVE-2004-0649 {DSA-530} - l2tpd 0.70-pre20031121-2 -CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...) +CVE-2004-0648 - mozilla 2:1.7.1 - mozilla-firefox 0.9.2 - mozilla-thunderbird 0.7.2 -CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...) +CVE-2004-0647 - shorewall 2.0.3a -CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...) +CVE-2004-0646 NOT-FOR-US: JRun -CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) +CVE-2004-0645 {DSA-579-1 DSA-550-1} - abiword 2.0.8 - wv 1.0.2-0.1 (bug #264972) NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660 -CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...) +CVE-2004-0644 {DSA-543-1} - krb5 1.3.4-3 -CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT ...) +CVE-2004-0643 {DSA-543-1} - krb5 1.3.4-3 -CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 ...) +CVE-2004-0642 {DSA-543-1} - krb5 1.3.4-3 -CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...) +CVE-2004-0641 NOT-FOR-US: Thomson hardware ADSL router -CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...) +CVE-2004-0640 {DSA-529} - netkit-telnet-ssl 0.17.24+0.1-2 -CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...) +CVE-2004-0639 {DSA-535} - squirrelmail 2:1.4.3a-0.1 -CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...) +CVE-2004-0638 NOT-FOR-US: Oracle -CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...) +CVE-2004-0637 NOT-FOR-US: Oracle -CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...) +CVE-2004-0636 NOT-FOR-US: AOL Instant Messenger -CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...) +CVE-2004-0635 {DSA-528} - ethereal 0.10.5-1 -CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...) +CVE-2004-0634 - ethereal 0.10.5 [woody] - ethereal <not-affected> (Not vulnerable according to DSA-528) -CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...) +CVE-2004-0633 - ethereal 0.10.5 [woody] - ethereal <not-affected> (Not vulnerable according to DSA-528) -CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...) +CVE-2004-0632 NOT-FOR-US: adobe reader -CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...) +CVE-2004-0631 NOT-FOR-US: adobe acrobat -CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...) +CVE-2004-0630 NOT-FOR-US: adobe acrobat -CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) +CVE-2004-0629 NOT-FOR-US: adobe acrobat -CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) +CVE-2004-0628 - mysql <not-affected> (Apparently 3.2 not exploitable, see #330164) - mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164) - mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3) - mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0) -CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) +CVE-2004-0627 - mysql <not-affected> (Apparently 3.2 not exploitable, see #330164) - mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164) - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium) - mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive) -CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) +CVE-2004-0626 [sarge] - kernel-source-2.6.8 2.6.8-1 - kernel-source-2.4.27 <not-affected> - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8) -CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) +CVE-2004-0625 NOT-FOR-US: Infinity WEB -CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic ...) +CVE-2004-0624 NOT-FOR-US: Artmedic links -CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) +CVE-2004-0623 {DSA-590-1} - gnats 4.0-6.1 -CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does ...) +CVE-2004-0622 NOT-FOR-US: MacOS -CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...) +CVE-2004-0621 NOT-FOR-US: Newsletter ZWS -CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...) +CVE-2004-0620 NOT-FOR-US: vBulletin -CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...) +CVE-2004-0619 NOT-FOR-US: Linux Broadcom 5820 cryptonet driver NOTE: does not seem to be part of linux kernel or other package -CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...) +CVE-2004-0618 NOT-FOR-US: freebsd -CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...) +CVE-2004-0617 NOT-FOR-US: ArbitroWeb -CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...) +CVE-2004-0616 NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router -CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) +CVE-2004-0615 NOT-FOR-US: D-Link DI-614+ SOHO router -CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...) +CVE-2004-0614 NOT-FOR-US: osTicket -CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) +CVE-2004-0613 NOT-FOR-US: osTicket -CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...) +CVE-2004-0612 NOT-FOR-US: ZoneAlarm Pro -CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...) +CVE-2004-0611 NOT-FOR-US: Netgear FVS318 VPN Router -CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...) +CVE-2004-0610 NOT-FOR-US: Microsoft MN-500 Wireless Router -CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) +CVE-2004-0609 - rssh 2.2.1 -CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) +CVE-2004-0608 NOT-FOR-US: Unreal Engine -CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...) +CVE-2004-0607 - ipsec-tools 0.3.3-1 -CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...) +CVE-2004-0606 NOT-FOR-US: Infoblox DNS One -CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) +CVE-2004-0605 NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug". -CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) +CVE-2004-0604 NOT-FOR-US: giFT-FastTrack not in debian -CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...) +CVE-2004-0603 - gzip <not-affected> (Gentoo-specific bug in gzip introduced by botched security fix) -CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...) +CVE-2004-0602 NOT-FOR-US: FreeBSD -CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...) +CVE-2004-0601 - distcc 2.18.1-4 -CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...) +CVE-2004-0600 - samba 3.0.5 (bug #260838) -CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) +CVE-2004-0599 {DSA-571-1 DSA-570-1 DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 -CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) +CVE-2004-0598 {DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 -CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...) +CVE-2004-0597 {DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 -CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...) +CVE-2004-0596 - linux-2.6 <not-affected> (Fixed before upload into archive) -CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...) +CVE-2004-0595 {DSA-669-1 DSA-531} - php3 3:3.0.18-27 - php4 4:4.3.8-1 -CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...) +CVE-2004-0594 {DSA-669-1 DSA-531} - php4 4:4.3.8-1 -CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...) +CVE-2004-0593 NOT-FOR-US: Sygate Enforcer -CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...) +CVE-2004-0592 NOT-FOR-US: linux 2.4 with usagi patches -CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...) +CVE-2004-0591 {DSA-533} - courier 0.45.4-4 -CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...) +CVE-2004-0590 - freeswan 2.04-10 - openswan 2.2.0 -CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...) +CVE-2004-0589 NOT-FOR-US: Cisco -CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...) +CVE-2004-0588 - usermin 1.090-1 -CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...) +CVE-2004-0587 - qla2x00 7.01.01-1 -CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...) +CVE-2004-0586 NOT-FOR-US: Windows CVE-2004-0585 REJECTED -CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...) +CVE-2004-0584 - imp3 3.2.4 -CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) +CVE-2004-0583 {DSA-526} - usermin 1.090-1 - webmin 1.150-1 -CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...) +CVE-2004-0582 {DSA-526} - usermin 1.090-1 - webmin 1.150-1 -CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) +CVE-2004-0581 NOT-FOR-US: Mandrake script -CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...) +CVE-2004-0580 NOT-FOR-US: Linksys routers -CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) +CVE-2004-0579 {DSA-522} - super 3.23.0-1 -CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) +CVE-2004-0578 NOT-FOR-US: Wingate -CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) +CVE-2004-0577 NOT-FOR-US: Wingate -CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) +CVE-2004-0576 NOT-FOR-US: GNU radius -CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) +CVE-2004-0575 NOT-FOR-US: Windows -CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...) +CVE-2004-0574 NOT-FOR-US: Windows -CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...) +CVE-2004-0573 NOT-FOR-US: Windows -CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...) +CVE-2004-0572 NOT-FOR-US: Windows -CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...) +CVE-2004-0571 NOT-FOR-US: Microsoft CVE-2004-0570 RESERVED -CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...) +CVE-2004-0569 NOT-FOR-US: Windows -CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...) +CVE-2004-0568 NOT-FOR-US: HyperTerminal -CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) +CVE-2004-0567 NOT-FOR-US: Windows -CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) +CVE-2004-0566 NOT-FOR-US: Windows -CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...) +CVE-2004-0565 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 - linux-2.6 <not-affected> (fixed before first upload) -CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) +CVE-2004-0564 {DSA-557-1} - rp-pppoe 3.5-4 (bug #343264) -CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...) +CVE-2004-0563 {DSA-555-1} - freenet6 1.0-2.2 CVE-2004-0562 REJECTED -CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...) +CVE-2004-0561 {DSA-638-1} - gopher 3.0.6 NOTE: removed, deprecated in favor of pygopherd -CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...) +CVE-2004-0560 {DSA-638-1} - gopher 3.0.6 NOTE: removed, deprecated in favor of pygopherd -CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...) +CVE-2004-0559 {DSA-544-1} - webmin 1.160-1 - usermin 1.090-1 -CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...) +CVE-2004-0558 {DSA-545-1} - cups 1.1.20final+rc1-6 - cupsys 1.1.20final+rc1-6 -CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) +CVE-2004-0557 {DSA-565-1} - sox 12.17.4-9 (bug #262083) CVE-2004-0556 REJECTED -CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) +CVE-2004-0555 {DSA-643-1} - queue 1.30.1-5 -CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...) +CVE-2004-0554 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 - linux-2.6 2.6.12-1 (bug #261521) CVE-2004-0553 RESERVED -CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...) +CVE-2004-0552 NOT-FOR-US: Sophos Small Business Suite -CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...) +CVE-2004-0551 NOT-FOR-US: Cisco -CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) +CVE-2004-0550 NOT-FOR-US: Real Player -CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...) +CVE-2004-0549 NOT-FOR-US: Windows -CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...) +CVE-2004-0548 - aspell 0.50.5-3 -CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) +CVE-2004-0547 {DSA-516} - postgresql 07.03.0200-3 CVE-2004-0546 RESERVED -CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...) +CVE-2004-0545 NOT-FOR-US: AIX -CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) +CVE-2004-0544 NOT-FOR-US: AIX -CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) +CVE-2004-0543 NOT-FOR-US: Oracle -CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) +CVE-2004-0542 - php4 <not-affected> (Only affects Windows) -CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) +CVE-2004-0541 - squid 2.5.5-5 -CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) +CVE-2004-0540 NOT-FOR-US: Windows -CVE-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...) +CVE-2004-0539 NOT-FOR-US: MacOS -CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...) +CVE-2004-0538 NOT-FOR-US: MacOS -CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) +CVE-2004-0537 NOT-FOR-US: Opera -CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) +CVE-2004-0536 - tripwire 2.3.1.2.0-2.1 -CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) +CVE-2004-0535 - kernel-source-2.4.27 2.4.27-1 - linux-2.6 <not-affected> (fixed before first upload; 2.6.6) -CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) +CVE-2004-0534 NOT-FOR-US: Business Objects WebIntelligence -CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...) +CVE-2004-0533 NOT-FOR-US: Business Objects WebIntelligence CVE-2004-0532 RESERVED CVE-2004-0531 RESERVED -CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) +CVE-2004-0530 - php4 <not-affected> (Slackware specific rpath issue) -CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) +CVE-2004-0529 NOT-FOR-US: cPanel is not our cpanel -CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...) +CVE-2004-0528 NOT-FOR-US: Netscape Navigator 7.1 -CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...) +CVE-2004-0527 - kdebase 2.2.3 -CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...) +CVE-2004-0526 NOT-FOR-US: Windows -CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...) +CVE-2004-0525 NOT-FOR-US: iLO -CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...) +CVE-2004-0524 NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian -CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) +CVE-2004-0523 {DSA-520} - krb5 1.3.3-2 -CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...) +CVE-2004-0522 {DSA-512} - gallery 1.4.3-pl2-1 -CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...) +CVE-2004-0521 {DSA-535} - squirrelmail 2:1.4.3a-0.1 -CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) +CVE-2004-0520 {DSA-535} - squirrelmail 2:1.4.3a-0.1 -CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) +CVE-2004-0519 {DSA-535} - squirrelmail 2:1.4.3a-0.1 -CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) +CVE-2004-0518 NOT-FOR-US: MacOS -CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...) +CVE-2004-0517 NOT-FOR-US: MacOS -CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...) +CVE-2004-0516 NOT-FOR-US: MacOS -CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) +CVE-2004-0515 NOT-FOR-US: MacOS -CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) +CVE-2004-0514 NOT-FOR-US: MacOS -CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...) +CVE-2004-0513 NOT-FOR-US: MacOS -CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) +CVE-2004-0512 NOT-FOR-US: SCO MMDF -CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) +CVE-2004-0511 NOT-FOR-US: SCO MMDF -CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...) +CVE-2004-0510 NOT-FOR-US: SCO MMDF CVE-2004-0509 RESERVED CVE-2004-0508 RESERVED -CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...) +CVE-2004-0507 - ethereal 0.10.4 -CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...) +CVE-2004-0506 - ethereal 0.10.4 -CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) +CVE-2004-0505 - ethereal 0.10.4 -CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...) +CVE-2004-0504 - ethereal 0.10.4 -CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...) +CVE-2004-0503 NOT-FOR-US: Microsoft -CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) +CVE-2004-0502 NOT-FOR-US: Microsoft -CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...) +CVE-2004-0501 NOT-FOR-US: Microsoft -CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) +CVE-2004-0500 - gaim 1:0.81-3 CVE-2004-0499 REJECTED -CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...) +CVE-2004-0498 NOT-FOR-US: StoneSoft firewall engine -CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...) +CVE-2004-0497 - kernel-source-2.4.27 2.4.27-1 - linux-2.6 <not-affected> (fixed before first upload; 2.6.8) -CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) +CVE-2004-0496 NOTE: fixed in 2.6.7 -CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...) +CVE-2004-0495 - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc1) -CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...) +CVE-2004-0494 - gnome-vfs 1.0.1 -CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...) +CVE-2004-0493 - apache2 2.0.50-1 -CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...) +CVE-2004-0492 {DSA-525} - apache 1.3.31-2 -CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...) +CVE-2004-0491 NOTE: appears redhat specific -CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...) +CVE-2004-0490 NOT-FOR-US: cPanel is not our cpanel -CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) +CVE-2004-0489 NOT-FOR-US: MacOS -CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...) +CVE-2004-0488 {DSA-532} - apache2 2.0.50-1 - libapache-mod-ssl 2.8.19-1 -CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...) +CVE-2004-0487 NOT-FOR-US: Norton -CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) +CVE-2004-0486 NOT-FOR-US: MacOS -CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...) +CVE-2004-0485 NOT-FOR-US: MacOS -CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...) +CVE-2004-0484 NOT-FOR-US: Microsoft -CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) +CVE-2004-0483 NOT-FOR-US: IRIX -CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...) +CVE-2004-0482 NOT-FOR-US: OpenBSD -CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...) +CVE-2004-0481 NOT-FOR-US: the KCMS on Solaris -CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...) +CVE-2004-0480 NOT-FOR-US: Lotus Notes -CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...) +CVE-2004-0479 NOT-FOR-US: Microsoft -CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...) +CVE-2004-0478 NOTE: only a Mozilla DOS -CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...) +CVE-2004-0477 NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router -CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...) +CVE-2004-0476 NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router -CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) +CVE-2004-0475 NOT-FOR-US: Microsoft -CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...) +CVE-2004-0474 NOT-FOR-US: Help Center (HelpCtr.exe) -CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...) +CVE-2004-0473 NOT-FOR-US: opera CVE-2004-0472 REJECTED -CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) +CVE-2004-0471 NOT-FOR-US: BEA WebLogic -CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) +CVE-2004-0470 NOT-FOR-US: BEA WebLogic -CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) +CVE-2004-0469 NOT-FOR-US: Check Point VPN -CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) +CVE-2004-0468 NOT-FOR-US: Juniper JUNOS -CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...) +CVE-2004-0467 NOT-FOR-US: Juniper JUNOS -CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...) +CVE-2004-0466 NOT-FOR-US: WebConnect -CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...) +CVE-2004-0465 NOT-FOR-US: WebConnect CVE-2004-0464 REJECTED CVE-2004-0463 REJECTED -CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...) +CVE-2004-0462 NOT-FOR-US: Multiple embedded hardware vendors -CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) +CVE-2004-0461 - dhcp3 3.0.1 -CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) +CVE-2004-0460 - dhcp3 3.0.1 -CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...) +CVE-2004-0459 NOT-FOR-US: DOS in 802.11 protocol -CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...) +CVE-2004-0458 {DSA-503} - mah-jong 1.6.2-1 -CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...) +CVE-2004-0457 {DSA-540} - mysql-dfsg 4.0.20-11 - mysql <removed> -CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...) +CVE-2004-0456 {DSA-527} - pavuk 0.9pl28-3 (bug #264684) -CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) +CVE-2004-0455 {DSA-523} - www-sql 0.5.7-18 -CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...) +CVE-2004-0454 {DSA-524} - rlpr 2.02-7.1 (bug #255402) -CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...) +CVE-2004-0453 - vice 1.14-2 -CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) +CVE-2004-0452 {DSA-1678-1 DSA-620-1} - perl 5.8.4-5 -CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) +CVE-2004-0451 {DSA-521} - sup 1.8-11 -CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...) +CVE-2004-0450 {DSA-513} - log2mail 0.2.8-3 CVE-2004-0449 REJECTED -CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) +CVE-2004-0448 {DSA-510} - jftpgw 0.13.4-1 -CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) +CVE-2004-0447 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26) CVE-2004-0446 RESERVED -CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...) +CVE-2004-0445 NOT-FOR-US: Norton -CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...) +CVE-2004-0444 NOT-FOR-US: Norton CVE-2004-0443 RESERVED @@ -5229,555 +5229,555 @@ CVE-2004-0439 RESERVED CVE-2004-0438 RESERVED -CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...) +CVE-2004-0437 NOT-FOR-US: Titan FTP Server CVE-2004-0436 RESERVED -CVE-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...) +CVE-2004-0435 NOT-FOR-US: FreeBSD -CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...) +CVE-2004-0434 {DSA-504} - heimdal 0.6.2-1 -CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...) +CVE-2004-0433 - mplayer 1.0~pre6a-1 - xine-lib 1-rc4 -CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) +CVE-2004-0432 - proftpd 1.2.9-4 -CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...) +CVE-2004-0431 NOT-FOR-US: Apple QuickTime -CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) +CVE-2004-0430 NOT-FOR-US: MacOS -CVE-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) +CVE-2004-0429 NOT-FOR-US: RAdmin for Mac OS X -CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) +CVE-2004-0428 NOT-FOR-US: Mac OS X) -CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) +CVE-2004-0427 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6) - kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26) -CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) +CVE-2004-0426 {DSA-499} - rsync 2.6.1-1 -CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...) +CVE-2004-0425 NOT-FOR-US: windows -CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) +CVE-2004-0424 NOTE: fixed after 2.6.4/2.4.26 kernel -CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) +CVE-2004-0423 - ssmtp <unfixed> (unimportant) NOTE: bug still exists in the ssmtp source, but is only activated if NOTE: --enable-logfile is used in ./configure NOTE: The package doesn't enable that flag so it is safe. -CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...) +CVE-2004-0422 {DSA-500} - flim 1:1.14.6+0.20040415-1 -CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...) +CVE-2004-0421 {DSA-498} - libpng 1.0.15-5 - libpng3 1.2.5.0-6 -CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...) +CVE-2004-0420 NOT-FOR-US: windows -CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...) +CVE-2004-0419 [sarge] - xfree86 <not-affected> (vulnerable code not present) - xdm <not-affected> (vulnerable code not present) -CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) +CVE-2004-0418 {DSA-519} - cvs 1:1.12.9-1 -CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...) +CVE-2004-0417 {DSA-519} - cvs 1:1.12.9-1 -CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...) +CVE-2004-0416 {DSA-519} - cvs 1:1.12.9-1 -CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) +CVE-2004-0415 - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc6) -CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) +CVE-2004-0414 {DSA-517} - cvs 1:1.12.9-1 -CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...) +CVE-2004-0413 - subversion 1.0.5-1 -CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) +CVE-2004-0412 - mailman 2.1.4-5 -CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...) +CVE-2004-0411 {DSA-518} - kdelibs 4:3.2.3 CVE-2004-0410 REJECTED -CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) +CVE-2004-0409 {DSA-493} - xchat 2.0.8-1 -CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...) +CVE-2004-0408 {DSA-494} - ident2 1.04-2 -CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) +CVE-2004-0407 NOT-FOR-US: ColdFusion CVE-2004-0406 REJECTED -CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) +CVE-2004-0405 {DSA-486} - cvs 1:1.12.5-4 (medium) -CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...) +CVE-2004-0404 {DSA-488} - logcheck 1.1.1-13.2 -CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...) +CVE-2004-0403 - ipsec-tools 0.3.1-3 -CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...) +CVE-2004-0402 {DSA-508} - xpcd 2.08-10 -CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...) +CVE-2004-0401 - libtasn1 0.1.2-2 -CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...) +CVE-2004-0400 {DSA-502 DSA-501} - exim 3.36-11 - exim4 4.33-1 - exim-tls <removed> -CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) +CVE-2004-0399 {DSA-502 DSA-501} - exim 3.36-11 - exim4 4.33-1 - exim-tls <removed> -CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...) +CVE-2004-0398 {DSA-507 DSA-506} - cadaver 0.22.1-3 - neon 0.24.6.dfsg-1 -CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...) +CVE-2004-0397 - subversion 1.0.3-1 (bug #249791) -CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) +CVE-2004-0396 {DSA-505} - cvs 1:1.12.5-6 -CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...) +CVE-2004-0395 {DSA-509} - gatos 0.0.5-12 -CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) +CVE-2004-0394 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch -CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...) +CVE-2004-0393 {DSA-524} - rlpr 2.02-7.1 (bug #255402) -CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) +CVE-2004-0392 - apache 1.3.31-2 -CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) +CVE-2004-0391 NOT-FOR-US: Cisco -CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) +CVE-2004-0390 NOT-FOR-US: SCO OpenServer -CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) +CVE-2004-0389 NOT-FOR-US: RealNetworks Helix Universal Server -CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) +CVE-2004-0388 {DSA-483} - mysql-dfsg 4.0.18-6 -CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...) +CVE-2004-0387 NOT-FOR-US: RealPlayer plugin -CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...) +CVE-2004-0386 - mplayer 1.0~pre6a-1 -CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...) +CVE-2004-0385 NOT-FOR-US: Oracle 9i Application Server Web Cache CVE-2004-0384 RESERVED -CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...) +CVE-2004-0383 NOT-FOR-US: Mail for Mac OS X -CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...) +CVE-2004-0382 NOT-FOR-US: CUPS printing system in Mac OS X -CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) +CVE-2004-0381 {DSA-483} - mysql-dfsg 4.0.18-4 -CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...) +CVE-2004-0380 NOT-FOR-US: Microsoft Outlook Express -CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) +CVE-2004-0379 NOT-FOR-US: Microsoft SharePoint Portal Server 2001 CVE-2004-0378 REJECTED -CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) +CVE-2004-0377 - perl <not-affected> (Win32 specific) -CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) +CVE-2004-0376 {DSA-473} - oftpd 20040304-1 (bug #353882) -CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) +CVE-2004-0375 NOT-FOR-US: Symantec Norton Internet Security -CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...) +CVE-2004-0374 {DSA-471} - interchange 5.0.1-1 CVE-2004-0373 RESERVED -CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...) +CVE-2004-0372 {DSA-477} - xine-ui 0.99.1-1 -CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...) +CVE-2004-0371 {DSA-476} - heimdal 0.6.1-1 -CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) +CVE-2004-0370 NOT-FOR-US: KAME -CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) +CVE-2004-0369 NOT-FOR-US: Entrust LibKmp ISAKMP library -CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) +CVE-2004-0368 NOT-FOR-US: CDE -CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) +CVE-2004-0367 - ethereal 0.10.3 (bug #239576) [woody] - ethereal <not-affected> (Not vulnerable per DSA-511) -CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...) +CVE-2004-0366 {DSA-469} - pam-pgsql 0.5.2-7.1 NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9 -CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...) +CVE-2004-0365 - ethereal 0.10.3 (bug #239576) [woody] - ethereal <not-affected> (Not vulnerable per DSA-511) -CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...) +CVE-2004-0364 NOT-FOR-US: WrapNISUM ActiveX -CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...) +CVE-2004-0363 NOT-FOR-US: SymSpamHelper ActiveX -CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...) +CVE-2004-0362 NOT-FOR-US: ISS Protocol Analysis Module -CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...) +CVE-2004-0361 NOT-FOR-US: safari -CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) +CVE-2004-0360 NOT-FOR-US: solaris -CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...) +CVE-2004-0359 NOT-FOR-US: Invision Power Board -CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) +CVE-2004-0358 NOT-FOR-US: VirtuaNews Admin Panel -CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...) +CVE-2004-0357 NOT-FOR-US: SL Mail Pro -CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...) +CVE-2004-0355 NOT-FOR-US: Invision Power Board -CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...) +CVE-2004-0354 NOT-FOR-US: GNU Anubis -CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...) +CVE-2004-0353 NOT-FOR-US: GNU Anubis -CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...) +CVE-2004-0352 NOT-FOR-US: Cisco -CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) +CVE-2004-0351 NOT-FOR-US: Spider Sales -CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...) +CVE-2004-0350 NOT-FOR-US: Spider Sales -CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...) +CVE-2004-0349 NOT-FOR-US: GWeb HTTP Server -CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...) +CVE-2004-0348 NOT-FOR-US: SpiderSales -CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...) +CVE-2004-0346 - proftpd 1.2.9 -CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...) +CVE-2004-0345 NOT-FOR-US: Red Faction -CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...) +CVE-2004-0344 NOT-FOR-US: YaBB SE -CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) +CVE-2004-0343 NOT-FOR-US: YaBB SE -CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...) +CVE-2004-0342 NOT-FOR-US: WFPTD -CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) +CVE-2004-0341 NOT-FOR-US: WFPTD -CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...) +CVE-2004-0340 NOT-FOR-US: WFPTD -CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...) +CVE-2004-0339 - phpbb2 2.0.6d -CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...) +CVE-2004-0338 NOT-FOR-US: Invision Board Forum -CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) +CVE-2004-0337 NOT-FOR-US: 602LAN SUITE -CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...) +CVE-2004-0335 NOT-FOR-US: 602LAN SUITE -CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic ...) +CVE-2004-0334 NOT-FOR-US: AXIS 2100 -CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...) +CVE-2004-0333 - uudeview 0.5.20 (medium) -CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...) +CVE-2004-0332 NOT-FOR-US: extremail -CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) +CVE-2004-0331 NOT-FOR-US: Dell OpenManage Web Server -CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...) +CVE-2004-0330 NOT-FOR-US: Serv-U -CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...) +CVE-2004-0329 NOT-FOR-US: FreeChat -CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...) +CVE-2004-0328 NOT-FOR-US: Gigabyte Broadband Router -CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...) +CVE-2004-0327 NOT-FOR-US: PhpNewsManager -CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) +CVE-2004-0326 NOT-FOR-US: GateKeeper Pro -CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) +CVE-2004-0325 NOT-FOR-US: TypSoft -CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...) +CVE-2004-0324 NOT-FOR-US: confirm 0.70 -CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...) +CVE-2004-0323 NOT-FOR-US: xmb 1.8 final sp2 -CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...) +CVE-2004-0322 NOT-FOR-US: xmb 1.8 final sp2 -CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) +CVE-2004-0321 NOT-FOR-US: Team Factor -CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...) +CVE-2004-0319 NOT-FOR-US: ezBoard -CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...) +CVE-2004-0318 NOT-FOR-US: Load Sharing Facility -CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...) +CVE-2004-0317 NOT-FOR-US: Load Sharing Facility -CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...) +CVE-2004-0316 NOT-FOR-US: Avirt -CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) +CVE-2004-0315 NOT-FOR-US: Avirt -CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...) +CVE-2004-0314 NOT-FOR-US: WebzEdit -CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...) +CVE-2004-0313 NOT-FOR-US: PSOProxy -CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...) +CVE-2004-0312 NOT-FOR-US: LINKSYS -CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) +CVE-2004-0311 NOT-FOR-US: APC -CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...) +CVE-2004-0310 NOT-FOR-US: LiveJournal -CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...) +CVE-2004-0308 NOT-FOR-US: cisco -CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...) +CVE-2004-0305 NOT-FOR-US: WebCortex WebStores -CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) +CVE-2004-0304 NOT-FOR-US: WebCortex WebStores -CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...) +CVE-2004-0303 NOT-FOR-US: OWLS 1.0 -CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) +CVE-2004-0302 NOT-FOR-US: OWLS 1.0 -CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) +CVE-2004-0301 NOT-FOR-US: Online Store Kit -CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...) +CVE-2004-0300 NOT-FOR-US: Online Store Kit -CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) +CVE-2004-0299 NOT-FOR-US: smallftpd; -CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...) +CVE-2004-0298 NOT-FOR-US: CesarFTP; Win32 -CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) +CVE-2004-0296 NOT-FOR-US: Broker FTP 6.1.0.0; Win32 -CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) +CVE-2004-0295 NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32 -CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...) +CVE-2004-0294 NOT-FOR-US: yabb; -CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...) +CVE-2004-0293 NOT-FOR-US: ShopCartCGI 2.3; -CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...) +CVE-2004-0292 NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32 -CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...) +CVE-2004-0291 NOT-FOR-US: YaBB; -CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...) +CVE-2004-0290 NOT-FOR-US: Purge Jihad; -CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) +CVE-2004-0289 NOT-FOR-US: SignatureDB; -CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) +CVE-2004-0288 - mnogosearch 3.2.18 NOTE: it's not quite clear which version exactly fixes the problem; NOTE: I checked the source code of the most recent version and compared NOTE: it with the problematic section described in the advisory NOTE: (http://marc.info/?l=bugtraq&m=107695139930726&w=2) NOTE: and I can confirm the buffer overflow is fixed there -CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...) +CVE-2004-0287 NOT-FOR-US: Xlight FTP server 1.52; -CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) +CVE-2004-0286 NOT-FOR-US: RobotFTP; -CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...) +CVE-2004-0285 NOT-FOR-US: PHP scripts -CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) +CVE-2004-0284 NOT-FOR-US: MSIE bugs -CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...) +CVE-2004-0283 NOT-FOR-US: mailmgr; -CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...) +CVE-2004-0282 NOT-FOR-US: Crob FTP; -CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...) +CVE-2004-0281 NOT-FOR-US: Caucho Technology Resin; -CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...) +CVE-2004-0280 NOT-FOR-US: Caucho Technology Resin; -CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) +CVE-2004-0279 NOT-FOR-US: AIMSniff; -CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...) +CVE-2004-0278 NOT-FOR-US: Ratbag game engine; -CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) +CVE-2004-0277 NOT-FOR-US: Dream FTP; -CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...) +CVE-2004-0275 NOT-FOR-US: BosDates; -CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) +CVE-2004-0272 NOT-FOR-US: MaxWebPortal; -CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...) +CVE-2004-0271 NOT-FOR-US: MaxWebPortal; -CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) +CVE-2004-0269 NOT-FOR-US: PHP-Nuke; -CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...) +CVE-2004-0268 NOT-FOR-US: EvolutionX; -CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...) +CVE-2004-0267 NOT-FOR-US: eTrust InoculateIT; -CVE-2004-0266 (SQL injection vulnerability in the "public message" capability ...) +CVE-2004-0266 NOT-FOR-US: PHP-Nuke; -CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...) +CVE-2004-0265 NOT-FOR-US: PHP-Nuke; -CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...) +CVE-2004-0264 NOT-FOR-US: PalmOS -CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...) +CVE-2004-0262 NOT-FOR-US: The Palace; -CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) +CVE-2004-0260 NOT-FOR-US: CactuShop; -CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...) +CVE-2004-0259 NOT-FOR-US: formmail.php; -CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...) +CVE-2004-0258 NOT-FOR-US: RealPlayer -CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...) +CVE-2004-0255 NOT-FOR-US: Xlight; -CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) +CVE-2004-0254 NOT-FOR-US: Discuz; -CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...) +CVE-2004-0253 NOT-FOR-US: IBM Cloudscape -CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...) +CVE-2004-0252 NOT-FOR-US: TYPSoft FTP Server -CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) +CVE-2004-0251 NOT-FOR-US: rxgoogle.cgi -CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...) +CVE-2004-0250 NOT-FOR-US: PhotoPost PHP Pro -CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...) +CVE-2004-0249 NOT-FOR-US: PHPX -CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...) +CVE-2004-0248 NOT-FOR-US: PHPX -CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...) +CVE-2004-0247 NOT-FOR-US: Chaser -CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) +CVE-2004-0246 NOT-FOR-US: Les Commentaires -CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) +CVE-2004-0245 NOT-FOR-US: Web Crossing -CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) +CVE-2004-0244 NOT-FOR-US: Cisco -CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) +CVE-2004-0243 NOT-FOR-US: AIX -CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) +CVE-2004-0242 NOT-FOR-US: X-Cart 3.4.3 -CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) +CVE-2004-0241 NOT-FOR-US: X-Cart 3.4.3 -CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...) +CVE-2004-0240 NOT-FOR-US: X-Cart 3.4.3 -CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) +CVE-2004-0239 NOT-FOR-US: PhotoPost PHP Pro -CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...) +CVE-2004-0238 - overkill 0.16-7 -CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) +CVE-2004-0237 NOT-FOR-US: Aprox PHP Portal -CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) +CVE-2004-0236 NOT-FOR-US: thePHOTOtool -CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) +CVE-2004-0235 {DSA-515} - lha 1.14i-8 -CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...) +CVE-2004-0234 {DSA-515} - lha 1.14i-8 -CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...) +CVE-2004-0233 NOT-FOR-US: utempter -CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) +CVE-2004-0232 {DSA-497} - mc 1:4.6.0-4.6.1-pre1-2 -CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) +CVE-2004-0231 {DSA-497} - mc 1:4.6.0-4.6.1-pre1-2 -CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...) +CVE-2004-0230 - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) - linux-2.6.24 <removed> (unimportant) NOTE: the attack works with a certain non-negligible probability, but even NOTE: when successful, it only causes a TCP disconnect, which will (in most NOTE: circumstances) be reestablished right away, causing essentially no impact -CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) +CVE-2004-0229 - linux-2.6 2.6.6-1 - linux-2.6.24 <not-affected> -CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) +CVE-2004-0228 - kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq) - linux-2.6 <not-affected> (fixed before first upload; 2.6.8) -CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...) +CVE-2004-0227 - zoneminder 1.22.3-1 NOTE: fixed in 1.19.2, which was released before initial upload of 1.22.3 -CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) +CVE-2004-0226 {DSA-497} - mc 1:4.6.0-4.6.1-pre1-2 CVE-2004-0225 RESERVED -CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...) +CVE-2004-0224 - courier 0.45.1-1 CVE-2004-0223 RESERVED -CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...) +CVE-2004-0222 NOT-FOR-US: isakmpd in OpenBSD -CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) +CVE-2004-0221 NOT-FOR-US: isakmpd in OpenBSD -CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) +CVE-2004-0220 NOT-FOR-US: isakmpd in OpenBSD -CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) +CVE-2004-0219 NOT-FOR-US: isakmpd in OpenBSD -CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) +CVE-2004-0218 NOT-FOR-US: isakmpd in OpenBSD -CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...) +CVE-2004-0217 NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat -CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...) +CVE-2004-0216 NOT-FOR-US: MSIE bug -CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...) +CVE-2004-0215 NOT-FOR-US: MS-Outlook-Express -CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) +CVE-2004-0214 NOT-FOR-US: MSIE bug -CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...) +CVE-2004-0213 NOT-FOR-US: Windows bug -CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) +CVE-2004-0212 NOT-FOR-US: Windows bug -CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...) +CVE-2004-0211 NOT-FOR-US: Windows bug -CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...) +CVE-2004-0210 NOT-FOR-US: Windows bug -CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...) +CVE-2004-0209 NOT-FOR-US: Windows bug -CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...) +CVE-2004-0208 NOT-FOR-US: Windows bug -CVE-2004-0207 ("Shatter" style vulnerability in the Window Management application ...) +CVE-2004-0207 NOT-FOR-US: Windows bug -CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) +CVE-2004-0206 NOT-FOR-US: Windows bug -CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...) +CVE-2004-0205 NOT-FOR-US: Windows bug -CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...) +CVE-2004-0204 NOT-FOR-US: Visual Studio bug -CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...) +CVE-2004-0203 NOT-FOR-US: Exchange bug -CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...) +CVE-2004-0202 NOT-FOR-US: DirectX -CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...) +CVE-2004-0201 NOT-FOR-US: Windows HTML Help -CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...) +CVE-2004-0200 NOT-FOR-US: famous Windows GDI+ JPEG parsing bug -CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...) +CVE-2004-0199 NOT-FOR-US: Windows bug CVE-2004-0198 RESERVED -CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...) +CVE-2004-0197 NOT-FOR-US: MSJet bug CVE-2004-0196 RESERVED CVE-2004-0195 RESERVED -CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) +CVE-2004-0192 NOT-FOR-US: Symantec Gateway Security CVE-2004-0187 REJECTED -CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) +CVE-2004-0184 {DSA-478} - tcpdump 3.7.2-4 -CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) +CVE-2004-0183 {DSA-478} - tcpdump 3.7.2-4 -CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...) +CVE-2004-0182 - mailman <not-affected> (RedHat specific bug) -CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...) +CVE-2004-0181 - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre5) -CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) +CVE-2004-0180 {DSA-486} - cvs 1:1.12.5-4 (medium) -CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) +CVE-2004-0179 {DSA-487} - neon 0.24.5-1 -CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) +CVE-2004-0178 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - linux-2.6 <not-affected> (fixed before first upload; 2.6.8) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3) -CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...) +CVE-2004-0177 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - linux-2.6 <not-affected> (fixed before first upload; 2.6.8) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4) -CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...) +CVE-2004-0176 {DSA-511} - ethereal 0.10.3-1 (bug #239576) -CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) +CVE-2004-0175 {CVE-2000-0992} - openssh 1:3.9p1-1 (low; bug #270770) [sarge] - openssh <no-dsa> (Minor issue) @@ -5785,50 +5785,50 @@ CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 NOTE: The "SUID/SGID across trust boundaries" issue remains, but is NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992. NOTE: jmm: 3.9p1 thus marked as fixed version -CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...) +CVE-2004-0174 - apache 1.3.29.0.2-5 -CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) +CVE-2004-0172 - ltrace <not-affected> (Not setuid/setgid in Debian) CVE-2004-0170 RESERVED -CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...) +CVE-2004-0168 NOT-FOR-US: CoreFoundation for Mac OS X -CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...) +CVE-2004-0166 NOT-FOR-US: Safari -CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...) +CVE-2004-0164 - ipsec-tools 0.3.3-1 NOTE: not mentioned in the changelog, so I don't know which version exactly fixes NOTE: the problem, but the patch that fixes the bug is applied: NOTE: http://marc.info/?l=bugtraq&m=107411758202662&w=2 -CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) +CVE-2004-0163 NOT-FOR-US: Sygate Secure Enterprise -CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2004-0162 NOT-FOR-US: general MIME bug with security gateways -CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2004-0161 NOT-FOR-US: general MIME bug with security gateways -CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) +CVE-2004-0158 {DSA-445} - lbreakout2 2.4 -CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...) +CVE-2004-0157 {DSA-484} - xonix 1.4-21 -CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...) +CVE-2004-0156 {DSA-485} - ssmtp 2.60.7 -CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) +CVE-2004-0155 - ipsec-tools 0.2.5-2 -CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) +CVE-2004-0154 - nfs-utils 1:1.0.5-3 -CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...) +CVE-2004-0153 {DSA-468} - emil 2.1.0-beta9-14 -CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) +CVE-2004-0152 {DSA-468} - emil 2.1.0-beta9-14 -CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) +CVE-2004-0151 {DSA-462} - xitalk 1.1.11-11 -CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...) +CVE-2004-0149 {DSA-451} - xboing 2.4-26.1 (bug #174924) CVE-2004-0147 @@ -5839,7 +5839,7 @@ CVE-2004-0145 REJECTED CVE-2004-0144 REJECTED -CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) +CVE-2004-0143 NOT-FOR-US: Nokia mobile phones CVE-2004-0142 REJECTED @@ -5847,66 +5847,66 @@ CVE-2004-0141 REJECTED CVE-2004-0140 REJECTED -CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) +CVE-2004-0139 NOT-FOR-US: SGI IRIX -CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...) +CVE-2004-0138 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (fixed before first upload) -CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) +CVE-2004-0137 NOT-FOR-US: IRIX init -CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) +CVE-2004-0136 NOT-FOR-US: IRIX -CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...) +CVE-2004-0135 NOT-FOR-US: IRIX -CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...) +CVE-2004-0134 NOT-FOR-US: IRIX -CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) +CVE-2004-0133 - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2) - linux-2.6 <not-affected> (fixed before first upload; 2.6.5) -CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...) +CVE-2004-0132 NOT-FOR-US: ezContents -CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) +CVE-2004-0130 NOT-FOR-US: phpGedView -CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...) +CVE-2004-0127 NOT-FOR-US: phpGedView -CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...) +CVE-2004-0125 NOT-FOR-US: FreeBSD jail -CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...) +CVE-2004-0124 NOT-FOR-US: Windows bug -CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT ...) +CVE-2004-0123 NOT-FOR-US: Windows bug -CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...) +CVE-2004-0120 NOT-FOR-US: Windows bug -CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...) +CVE-2004-0119 NOT-FOR-US: Windows bug -CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...) +CVE-2004-0118 NOT-FOR-US: Windows bug -CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) +CVE-2004-0117 NOT-FOR-US: Windows bug -CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...) +CVE-2004-0116 NOT-FOR-US: Windows bug -CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...) +CVE-2004-0112 - openssl 0.9.7d-1 -CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) +CVE-2004-0110 {DSA-455} - libxml 1:1.8.17-5 - libxml2 2.6.6-1 -CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) +CVE-2004-0109 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4) - linux-2.6 <not-affected> (fixed before first upload; 2.6.6) -CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...) +CVE-2004-0107 - sysstat 5.0.2-1 -CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) +CVE-2004-0106 {DSA-443} - xfree86 4.3.0-2 -CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...) +CVE-2004-0105 {DSA-449} - metamail 2.7-45.2 -CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...) +CVE-2004-0104 {DSA-449} - metamail 2.7-45.2 -CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) +CVE-2004-0103 {DSA-432} - crawl 1:4.0.0beta26-4 CVE-2004-0102 @@ -5917,113 +5917,113 @@ CVE-2004-0100 RESERVED CVE-2004-0098 REJECTED -CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) +CVE-2004-0097 {DSA-448} - pwlib 1.5.2-4 -CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...) +CVE-2004-0092 NOT-FOR-US: Safari -CVE-2004-0091 (** DISPUTED ** ...) +CVE-2004-0091 NOT-FOR-US: vBulletin -CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...) +CVE-2004-0090 NOT-FOR-US: MacOS -CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) +CVE-2004-0088 NOT-FOR-US: MacOS -CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) +CVE-2004-0087 NOT-FOR-US: MacOS -CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...) +CVE-2004-0086 NOT-FOR-US: MacOS -CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) +CVE-2004-0085 NOT-FOR-US: MacOS -CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...) +CVE-2004-0084 {DSA-443} - xfree86 4.3.0-2 -CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...) +CVE-2004-0083 {DSA-443} - xfree86 4.3.0-2 -CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...) +CVE-2004-0081 {DSA-465} - openssl 0.9.6d-1 -CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...) +CVE-2004-0079 {DSA-465} - openssl 0.9.7d-1 - openssl096 0.9.6m-1 CVE-2004-0076 REJECTED -CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) +CVE-2004-0074 - xsok <not-affected> (Not vulnerable. See bug #278777) -CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) ...) +CVE-2004-0073 NOT-FOR-US: EasyDynamicPages -CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) +CVE-2004-0072 NOT-FOR-US: Accipiter Direct Server 6.0 -CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...) +CVE-2004-0071 NOT-FOR-US: PHP Man Page Lookup 1.2.0 -CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...) +CVE-2004-0069 NOT-FOR-US: HD Soft Windows FTP Server 1.6 -CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...) +CVE-2004-0067 NOT-FOR-US: phpGedView -CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) +CVE-2004-0066 NOT-FOR-US: phpGedView -CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) +CVE-2004-0065 NOT-FOR-US: phpGedView -CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...) +CVE-2004-0064 NOT-FOR-US: SuSE YaST -CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...) +CVE-2004-0062 NOT-FOR-US: FishCart -CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) +CVE-2004-0061 NOT-FOR-US: WWW File Share Pro 2.42 -CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) +CVE-2004-0060 NOT-FOR-US: WWW File Share Pro 2.42 -CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...) +CVE-2004-0059 NOT-FOR-US: WWW File Share Pro 2.42 -CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...) +CVE-2004-0058 NOT-FOR-US: Antivir -CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) +CVE-2004-0057 {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. -CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...) +CVE-2004-0056 NOT-FOR-US: Nortel Networks products -CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) +CVE-2004-0055 {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. -CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) +CVE-2004-0054 NOT-FOR-US: Cisco -CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2004-0053 NOT-FOR-US: Multiple security gateways MIME parsing stuff -CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2004-0052 NOT-FOR-US: Multiple security gateways MIME parsing stuff -CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2004-0051 NOT-FOR-US: Multiple security gateways MIME parsing stuff -CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...) +CVE-2004-0050 NOT-FOR-US: Verity Ultraseek CVE-2004-0048 RESERVED -CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) +CVE-2004-0047 {DSA-430} - trr19 1.0beta5-17.1 (bug #264702) -CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) +CVE-2004-0046 NOT-FOR-US: SnapStream PVS LITE -CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...) +CVE-2004-0043 NOT-FOR-US: Yahoo Instant Messenger -CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...) +CVE-2004-0042 - vsftpd 2.0.1-1 NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html -CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce ...) +CVE-2004-0041 {DSA-421} - mod-auth-shadow 1.4-1 -CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...) +CVE-2004-0039 NOT-FOR-US: Check Point Firewall -CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) +CVE-2004-0038 NOT-FOR-US: McAfee -CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...) +CVE-2004-0037 NOT-FOR-US: FistClass Desktop Client -CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) +CVE-2004-0034 NOT-FOR-US: Phorum -CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) ...) +CVE-2004-0030 NOT-FOR-US: PHPGEDVIEW -CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) +CVE-2004-0029 NOT-FOR-US: Lotus Notes Domino CVE-2004-0027 RESERVED @@ -6045,203 +6045,203 @@ CVE-2004-0019 RESERVED CVE-2004-0018 RESERVED -CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...) +CVE-2004-0017 {DSA-419} - phpgroupware 0.9.14.007-4 -CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) +CVE-2004-0014 {DSA-412} - nd 0.8.2-1 CVE-2004-0012 REJECTED -CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) +CVE-2004-0010 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7) -CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...) +CVE-2004-0008 {DSA-434} - gaim 1:0.75-2 -CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) +CVE-2004-0007 {DSA-434} - gaim 1:0.75-2 -CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) +CVE-2004-0006 {DSA-434} - gaim 1:0.75-2 -CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) +CVE-2004-0005 {DSA-434} - gaim 1:0.75-2 -CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) +CVE-2004-0003 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4) -CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...) +CVE-2004-0002 NOT-FOR-US: FreeBSD netinet -CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...) +CVE-2004-0356 NOT-FOR-US: windows mta -CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in ...) +CVE-2004-0347 NOT-FOR-US: juniper router -CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive ...) +CVE-2004-0336 NOT-FOR-US: windows mta -CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) ...) +CVE-2004-0320 NOT-FOR-US: ncipher hardware -CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe ...) +CVE-2004-0309 NOT-FOR-US: windows firewall -CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...) +CVE-2004-0307 NOT-FOR-US: cisco -CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD ...) +CVE-2004-0306 NOT-FOR-US: cisco -CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) ...) +CVE-2004-0297 NOT-FOR-US: windows mta -CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...) +CVE-2004-0276 NOT-FOR-US: monkeyd, not in debian -CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can ...) +CVE-2004-0274 - eggdrop 1.6.17 -CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...) +CVE-2004-0273 NOT-FOR-US: realone player -CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...) +CVE-2004-0270 - clamav 0.80 -CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...) +CVE-2004-0263 - php4 4.3.9 -CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...) +CVE-2004-0261 NOT-FOR-US: openjournal, not in debian -CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...) +CVE-2004-0257 NOT-FOR-US: open/netbsd -CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to ...) +CVE-2004-0256 - libtool 1.5.6 -CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for ...) +CVE-2004-0194 NOT-FOR-US: acroread -CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...) +CVE-2004-0193 NOT-FOR-US: realsecure/blackice -CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ...) +CVE-2004-0191 - mozilla 2:1.7.3 -CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext ...) +CVE-2004-0190 NOT-FOR-US: symantec -CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...) +CVE-2004-0189 {DSA-474} - squid 2.5.5-1 -CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...) +CVE-2004-0188 {DSA-461} - calife 2.8.6-1 (bug #235157) -CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...) +CVE-2004-0186 {DSA-463} - samba 3.0.2-2 -CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp ...) +CVE-2004-0185 {DSA-457} - wu-ftpd 2.6.2-17.1 -CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...) +CVE-2004-0173 NOT-FOR-US: apache/cygwin -CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...) +CVE-2004-0171 NOT-FOR-US: freebsd/os x -CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...) +CVE-2004-0169 NOT-FOR-US: os x -CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly ...) +CVE-2004-0167 NOT-FOR-US: os x -CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon ...) +CVE-2004-0165 NOT-FOR-US: os x -CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...) +CVE-2004-0160 {DSA-446} - synaesthesia 2.1-3 NOTE: synaesthesia is no longer setuid in Debian. -CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...) +CVE-2004-0159 {DSA-447} - hsftp 1.15-1 -CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...) +CVE-2004-0150 {DSA-458-3} - python2.2 2.2.2 -CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...) +CVE-2004-0148 {DSA-457} - wu-ftpd 2.6.2-17.1 -CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...) +CVE-2004-0131 NOT-FOR-US: gnu radiusd, not in debian -CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...) +CVE-2004-0129 - phpmyadmin 2:2.6.0-pl2 -CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration ...) +CVE-2004-0128 NOT-FOR-US: phpgedview, not in debian -CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...) +CVE-2004-0126 NOT-FOR-US: freebsd -CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain ...) +CVE-2004-0122 NOT-FOR-US: microsoft -CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not ...) +CVE-2004-0121 NOT-FOR-US: microsoft -CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 ...) +CVE-2004-0115 NOT-FOR-US: microsoft -CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for ...) +CVE-2004-0114 NOT-FOR-US: bsd -CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...) +CVE-2004-0113 - apache2 2.0.52 -CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...) +CVE-2004-0111 {DSA-464} - gdk-pixbuf 0.22.0-3 -CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...) +CVE-2004-0108 {DSA-460} - sysstat 5.0.2-1 -CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...) +CVE-2004-0099 NOT-FOR-US: freebsd -CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...) +CVE-2004-0096 - libapache-mod-python 2:2.7.10 -CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a ...) +CVE-2004-0095 NOT-FOR-US: mcafee -CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...) +CVE-2004-0094 {DSA-443} - xfree86 4.2.1-6 -CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...) +CVE-2004-0093 {DSA-443} - xfree86 4.2.1-6 -CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...) +CVE-2004-0089 NOT-FOR-US: os x -CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...) +CVE-2004-0082 - samba 3.0.7 -CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...) +CVE-2004-0080 NOT-FOR-US: debian uses different login -CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...) +CVE-2004-0078 - mutt 1.5.6-20040722+1 -CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...) +CVE-2004-0077 {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3) - kernel-source-2.2.20 <removed> -CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...) +CVE-2004-0075 - kernel-source-2.4.24 2.4.24-3 NOTE: fixed in 2.4.26-pre3 -CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents ...) +CVE-2004-0070 NOT-FOR-US: ezcontents, commercial -CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...) +CVE-2004-0068 NOT-FOR-US: phpdig, not in debian -CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...) +CVE-2004-0063 NOT-FOR-US: ncipher hsm -CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote ...) +CVE-2004-0049 NOT-FOR-US: real helix -CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control ...) +CVE-2004-0045 - inn2 2.4.1+20040820 [woody] - inn2 <not-affected> -CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password ...) +CVE-2004-0044 NOT-FOR-US: cisco -CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through ...) +CVE-2004-0040 NOT-FOR-US: checkpoint -CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...) +CVE-2004-0036 NOT-FOR-US: vbulletin, commercial -CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and ...) +CVE-2004-0035 NOT-FOR-US: phorum, not in debian -CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain ...) +CVE-2004-0033 NOT-FOR-US: phpgedview, not in debian -CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW ...) +CVE-2004-0032 NOT-FOR-US: phpgedview, not in debian -CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...) +CVE-2004-0031 NOT-FOR-US: phpgedview, not in debian -CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...) +CVE-2004-0028 {DSA-420} - jitterbug 1.6.2-4.5 -CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the "save ...) +CVE-2004-0016 {DSA-419} - phpgroupware 0.9.14.007-4 -CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before ...) +CVE-2004-0015 {DSA-418} - vbox3 0.1.8 -CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...) +CVE-2004-0013 {DSA-414} - jabber 1.4.3-1 -CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute ...) +CVE-2004-0011 {DSA-416} - fsp 2.81.b18-1 -CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...) +CVE-2004-0009 - apache-ssl 1.3.31 -CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...) +CVE-2004-0004 NOT-FOR-US: openca, not in debian -CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace ...) +CVE-2004-0001 - kernel-image-2.6.8-9-amd64-generic <unfixed> |