diff options
| author | Joey Hess <joeyh@debian.org> | 2005-06-11 01:04:55 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-06-11 01:04:55 +0000 |
| commit | a579ac1ed8f21aa4f12bb53e59921f7d15e8f93e (patch) | |
| tree | 67ba829baa132d0395160961dd11fe0b11483f12 /data | |
| parent | da0c8a75e21debc4c2bd63a8c2a8732f82012db2 (diff) | |
Rename sarge-checks data to something not specific to sarge, since we're
working on etch now. Sorry for the probable annoyance, but it had to be
done.
Also, my cron jobs have been updated to use this directory and to check
against testing, not sarge.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1220 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CAN/Makefile | 5 | ||||
| -rw-r--r-- | data/CAN/list | 15182 | ||||
| -rw-r--r-- | data/CVE/1999.list | 2010 | ||||
| -rw-r--r-- | data/CVE/2002.list | 954 | ||||
| -rw-r--r-- | data/CVE/2003.list | 199 | ||||
| -rw-r--r-- | data/CVE/2004.list | 160 | ||||
| -rw-r--r-- | data/CVE/Makefile | 5 | ||||
| -rw-r--r-- | data/DSA/list | 2037 | ||||
| -rw-r--r-- | data/Makefile | 3 | ||||
| -rw-r--r-- | data/README | 42 | ||||
| -rw-r--r-- | data/announce | 133 | ||||
| -rwxr-xr-x | data/checklist | 201 | ||||
| -rw-r--r-- | data/elf-vuln | 35 | ||||
| -rw-r--r-- | data/resources | 9 | ||||
| -rw-r--r-- | data/testing-security | 93 | ||||
| -rwxr-xr-x | data/updatelist | 142 |
16 files changed, 21210 insertions, 0 deletions
diff --git a/data/CAN/Makefile b/data/CAN/Makefile new file mode 100644 index 0000000000..12fd0fcb7c --- /dev/null +++ b/data/CAN/Makefile @@ -0,0 +1,5 @@ +update: + rm -f full-can.html + wget --quiet http://www.cve.mitre.org/cve/candidates/downloads/full-can.html + ../updatelist full-can.html ../DSA/list list > list.new + mv -f list.new list diff --git a/data/CAN/list b/data/CAN/list new file mode 100644 index 0000000000..099fc57d3b --- /dev/null +++ b/data/CAN/list @@ -0,0 +1,15182 @@ +CAN-2005-1934 [Unspecified gaim DoS vulnerability] + - gaim 1:1.3.1-1 +CAN-2005-XXXX [Multiple buffer and integer overflows in strace] + NOTE: For full details download the sources and see the changelog entry + NOTE: from 2005-05-31 Dmitry V. Levin <ldv@altlinux.org> + - strace 4.5.12-1 +CAN-2005-XXXX [Local privilege escalation through insufficient DRM range checks] + - kernel-source-2.6.8 (unfixed) +CAN-2005-1930 + NOTE: reserved +CAN-2005-1929 + NOTE: reserved +CAN-2005-1928 + NOTE: reserved +CAN-2005-1927 + NOTE: reserved +CAN-2005-1926 + NOTE: reserved +CAN-2005-1925 + NOTE: reserved +CAN-2005-1924 + NOTE: reserved +CAN-2005-1923 + NOTE: reserved +CAN-2005-1922 + NOTE: reserved +CAN-2005-1921 + NOTE: reserved +CAN-2005-1920 + NOTE: reserved +CAN-2005-1919 + NOTE: reserved +CAN-2005-1918 + NOTE: reserved +CAN-2005-1917 + NOTE: reserved +CAN-2005-1916 + NOTE: reserved +CAN-2005-1915 + NOTE: reserved +CAN-2005-1914 + NOTE: reserved +CAN-2005-1913 + NOTE: reserved +CAN-2005-1912 + NOTE: reserved +CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) + - leafnode 1.11.3.rel-1 +CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) + NOTE: not-for-us (WWWeb Concepts Events System) +CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) + NOTE: not-for-us (602LAN SUITE) +CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) + NOTE: not-for-us (Perception LiteWeb) +CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) + NOTE: not-for-us (livingmailing) +CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) + NOTE: not-for-us (Kaspersky) +CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) + NOTE: not-for-us (JiRo's Upload Systems) +CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) + NOTE: not-for-us (SPA-PRO Mail) +CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) + NOTE: not-for-us (SPA-PRO Mail) +CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) + NOTE: not-for-us (Sawmill) +CAN-2005-1900 (Multiple unknown vulnerabilities in Sawmill before 7.1.6 allow remote ...) + NOTE: not-for-us (Sawmill) +CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) + NOTE: not-for-us (RakNet) +CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) + NOTE: not-for-us (phpThumb) +CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) + NOTE: not-for-us (FlexCast) +CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) + NOTE: not-for-us (Mortiforo) +CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) + NOTE: not-for-us (Sun ONE) +CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) + NOTE: not-for-us (MediaWiki not yet in Debian) + TODO: track ITP: #217571 +CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) + NOTE: not-for-us (Solaris) +CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) + NOTE: not-for-us (YaPiG) +CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) + NOTE: not-for-us (YaPiG) +CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) + NOTE: not-for-us (YaPiG) +CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) + NOTE: not-for-us (YaPiG) +CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) + NOTE: not-for-us (YaPiG) +CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) + NOTE: not-for-us (YaPiG) +CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) + NOTE: not-for-us (everybuddy) +CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) + NOTE: not-for-us (LutelWall) +CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) + NOTE: not-for-us (GIPTables) +CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) + NOTE: not-for-us (Lpanel) +CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) + NOTE: not-for-us (CuteNews) +CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) + NOTE: not-for-us (Exhibit Engine) +CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) + NOTE: not-for-us (Dzip) +CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) + NOTE: not-for-us (Crob) +CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) + NOTE: not-for-us (WebSphere) +CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) + - drupal 4.5.3-1 +CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) + NOTE: not-for-us (Popper) +CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) + NOTE: not-for-us (MWChat) +CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) + NOTE: not-for-us (I-Man) +CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) + NOTE: not-for-us (Symantec) +CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) + NOTE: not-for-us (Calendarix) +CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) + NOTE: not-for-us (Calendarix) +CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) + NOTE: not-for-us (Calendarix) +CAN-2003-1218 + NOTE: reserved +CAN-2003-1217 + NOTE: reserved +CAN-2005-1863 + NOTE: reserved +CAN-2005-1862 + NOTE: reserved +CAN-2005-1861 + NOTE: reserved +CAN-2005-1860 + NOTE: reserved +CAN-2005-1859 + NOTE: reserved +CAN-2005-1857 + NOTE: reserved +CAN-2005-1856 + NOTE: reserved +CAN-2005-1855 + NOTE: reserved +CAN-2005-1854 + NOTE: reserved +CAN-2005-1853 + NOTE: reserved +CAN-2005-1852 + NOTE: reserved +CAN-2005-1851 + NOTE: reserved +CAN-2005-1850 + NOTE: reserved +CAN-2005-1849 + NOTE: reserved +CAN-2005-1848 + NOTE: reserved +CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) + NOTE: not-for-us (YaMT) +CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) + NOTE: not-for-us (YaMT) +CAN-2005-1845 + NOTE: reserved +CAN-2005-1844 + NOTE: reserved +CAN-2005-1843 + NOTE: reserved +CAN-2005-1842 + NOTE: reserved +CAN-2005-1841 + NOTE: reserved +CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory] + - fuse 2.3.0-1 +CAN-2005-XXXX [Directory traversal in zoo] + - zoo (unfixed; bug #306164) +CAN-2005-XXXX [Cross Site Scripting in websieve] + - websieve (unfixed; bug #311838) +CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) + NOTE: not-for-us (phpCMS) +CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) + NOTE: not-for-us (Liberum) +CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) + NOTE: not-for-us (Liberum) +CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...) + NOTE: not-for-us (Fortinet firewall) +CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (NEXTWEB) +CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) + NOTE: not-for-us (NEXTWEB) +CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) + NOTE: not-for-us (NEXTWEB) +CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) + NOTE: not-for-us (MyBB) +CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) + NOTE: not-for-us (MyBB) +CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) + NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such + NOTE: behaviour, seems like a broken PAM setup on the submitter's side +CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) + NOTE: not-for-us (SoftICE) +CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) + NOTE: not-for-us (D-Link hardware issue) +CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) + NOTE: not-for-us (D-Link hardware issue) +CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) + NOTE: not-for-us (HP Radia) +CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) + NOTE: not-for-us (HP Radia) +CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) + - mailutils 1:0.6.1-2 +CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) + NOTE: not-for-us (Qualiteam X-Cart) +CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) + NOTE: not-for-us (Qualiteam X-Cart) +CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) + NOTE: not-for-us (PowerDownload) +CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) + NOTE: not-for-us (Zeroboard) +CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) + NOTE: not-for-us (NikoSoft WebMail) +CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) + NOTE: not-for-us (NewLife Blogger) +CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) + NOTE: not-for-us (Hummingbird Connectivity) +CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) + NOTE: not-for-us (PicoWebServer) +CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) + NOTE: not-for-us (FutureSoft TFTP Server) +CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) + NOTE: not-for-us (FutureSoft TFTP Server) +CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) + NOTE: not-for-us (MyBB) +CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) + NOTE: Not in Sarge + - wordpress 1.5.1.2-1 +CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Sony hardware issue) +CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) + NOTE: not-for-us (Stronghold game) +CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) + NOTE: not-for-us (PHPMailer) +CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) + NOTE: not-for-us (PeerCast) +CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) + NOTE: not-for-us (Online Solutions for Educators) +CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) + NOTE: not-for-us (Net Portal Dynamic System) +CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) + NOTE: not-for-us (Net Portal Dynamic System) +CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) + NOTE: not-for-us (Nortel hardware) +CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) + NOTE: not-for-us (Nokia hardware) +CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) + NOTE: not-for-us (Jaws glossary gadget) +CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) + NOTE: not-for-us (FreeStyle Wiki) +CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) + NOTE: not-for-us (ServersCheck) +CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) + NOTE: Cryptographic attack on AES, cannot be fixed +CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) + - ettercap 1:0.7.1-1.1 +CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) + NOTE: not-for-us (ClamAV on Mac OS X) +CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) + NOTE: not-for-us (India Software Solution shopping cart) +CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) + NOTE: not-for-us (Hosting Controller) +CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) + NOTE: not-for-us (phpStat) +CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) + NOTE: not-for-us (FunkyASP) +CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) + NOTE: not-for-us (ZonGG) +CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) + NOTE: not-for-us (Hosting Controller) +CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) + NOTE: not-for-us (BookReview) +CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) + NOTE: not-for-us (BookReview) +CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) + NOTE: not-for-us (MailEnable) +CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) + NOTE: not-for-us (Active News Manager) +CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) + NOTE: not-for-us (C'Nedra) +CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) + NOTE: not-for-us (Terminator game) +CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) + - davfs2 (unfixed; bug #310757) +CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) + NOTE: not-for-us (Listserv) +CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) + NOTE: not-for-us (Terminator game) +CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) + NOTE: not-for-us (HPUX) +CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) + NOTE: not-for-us (Avast) +CAN-2005-1769 + NOTE: reserved +CAN-2005-1768 + NOTE: reserved +CAN-2005-1767 + NOTE: reserved +CAN-2005-1766 + NOTE: reserved +CAN-2005-1765 [Unspecified DoS vulnerability on amd64] + NOTE: reserved + - kernel-source-2.6.8 (unfixed) +CAN-2005-1764 [Unspecified DoS vulnerability on amd64] + NOTE: reserved + - kernel-source-2.6.8 (unfixed) +CAN-2005-1763 [Unprivileged write into kernel memory on amd64] + NOTE: reserved + - kernel-source-2.6.8 (unfixed) +CAN-2005-1762 [Unspecified DoS vulnerability on amd64] + NOTE: reserved + - kernel-source-2.6.8 (unfixed) +CAN-2005-1761 + NOTE: reserved +CAN-2005-1760 + NOTE: reserved +CAN-2005-1759 + NOTE: reserved +CAN-2005-1758 + NOTE: reserved +CAN-2005-1757 + NOTE: reserved +CAN-2005-1756 + NOTE: reserved +CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) + - shtool (unfixed; bug #311206) +CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies +CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies +CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) + NOTE: not-for-us (Oracle) +CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) + NOTE: not-for-us (CVSup third party modules) +CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) + NOTE: not-for-us (PJ CGI Nero) +CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) + NOTE: not-for-us (Informix Dynamic Server) +CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) + - phpbb2 2.0.6d-2 +CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (SurfNOW) +CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) + NOTE: not-for-us (WebWeaver) +CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) + NOTE: not-for-us (Web Blog) +CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) + NOTE: not-for-us (BlackICE) +CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...) + NOTE: not-for-us (BlackICE) +CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) + - gallery 1.4.4-pl1-1 +CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) + NOTE: not-for-us (Nextplace) +CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) + NOTE: not-for-us (Intra Forum) +begin claimed by jmm +CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) + NOTE: not-for-us (Borland Web Server) +CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Reptile Web Server) +CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) + NOTE: not-for-us (Tiny Server) +CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Tiny Server) +CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Tiny Server) +CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) + NOTE: not-for-us (Tiny Server) +CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) + NOTE: not-for-us (Oracle) +CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) + NOTE: not-for-us (ProxyNow!) +CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) + NOTE: not-for-us (BremsServer) +CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) + NOTE: not-for-us (BremsServer) +CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) + NOTE: not-for-us (Serv-U FTP Server) +CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) + NOTE: not-for-us (Phorum) +CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + NOTE: not-for-us (Q-Shop) +CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) + NOTE: not-for-us (Q-Shop) +CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) + NOTE: not-for-us (Finjan SurfinGate) +CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) + NOTE: not-for-us (Novell NetWare) +CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) + NOTE: not-for-us (Novell NetWare) +CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) + NOTE: not-for-us (Novell NetWare) +CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) + NOTE: not-for-us (Novell NetWare) +CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) + NOTE: not-for-us (Freesco) +CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) + NOTE: not-for-us (GeoHttpServer) +CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) + NOTE: not-for-us (GeoHttpServer) +CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) + NOTE: not-for-us (Need for Speed game) +CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) + NOTE: not-for-us (Banner engine) +CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) + TODO: check these packages, whether they create tempfiles with the current PID: + TODO: fvwm, fvwm-gnome, x-base-clients, lvm10 +CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) + NOTE: not-for-us (Mephistoles) +CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) + - honeyd 0.8-1 +CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) + NOTE: not-for-us (WebcamXP) +CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) + - phpbb2 2.0.8a-1 +CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) + - phpbb2 2.0.8a-1 +CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) + NOTE: not-for-us (Yahoo Messenger) +CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) + NOTE: not-for-us (Yahoo Messenger) +CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] + - moodle 1.4.4.dfsg.1-3 +CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] + - mutt (unfixed; bug #311296) +CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] + NOTE: viewFile.php has been removed along with other files in -26, so Debian is + NOTE: no longer affected. + - gforge 3.1-26 +CAN-2005-XXXX [osh buffer overflow] + - osh 1.7-13 +CAN-2005-XXXX [xile buffer overrun in terminal code] + - zile 2.0.4-2 +CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...) + NOTE: not-for-us (ezwdc NewsletterEz) +CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...) + NOTE: not-for-us (Halo) +CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) + NOTE: fixproc not installed in Debian package +CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) + - imagemagick 6:6.0.6.2-2.4 +CAN-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...) + NOTE: not-for-us (Iron Bars Shell) +CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) + NOTE: not-for-us (PROMS) +CAN-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) + NOTE: not-for-us (PROMS) +CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...) + NOTE: not-for-us (PROMS) +CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...) + NOTE: not-for-us (PROMS) +CAN-2005-1733 (Cookie Cart stores the password file under the web document root with ...) + NOTE: not-for-us (Cookie Cart) +CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) + NOTE: not-for-us (Cookie Cart) +CAN-2005-1731 + NOTE: reserved +CAN-2005-1730 + NOTE: reserved +CAN-2005-1729 + NOTE: reserved +CAN-2005-1728 + NOTE: reserved +CAN-2005-1727 + NOTE: reserved +CAN-2005-1726 + NOTE: reserved +CAN-2005-1725 + NOTE: reserved +CAN-2005-1724 + NOTE: reserved +CAN-2005-1723 + NOTE: reserved +CAN-2005-1722 + NOTE: reserved +CAN-2005-1721 + NOTE: reserved +CAN-2005-1720 + NOTE: reserved +CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) + NOTE: not-for-us (avast! antivirus) +CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) + NOTE: not-for-us (War Times) +CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...) + NOTE: not-for-us (Zyxel hardware) +CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...) + NOTE: not-for-us (TOPo) +CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...) + NOTE: not-for-us (TOPo) +CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...) + NOTE: not-for-us (SurgeMail) +CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...) + NOTE: not-for-us (Gibraltar Firewall) + TODO: check, whether gibraltar-bootcd is in any way related/affected +CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...) + NOTE: not-for-us (Blue Coat) +CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) + NOTE: not-for-us (Blue Coat) +CAN-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...) + NOTE: not-for-us (Blue Coat) +CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) + NOTE: not-for-us (Gentoo) +CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) + - mailscanner (unfixed; bug #310774) +CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) + - gdb 6.3-6 +CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) + - gdb 6.3-6 +CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) + NOTE: not-for-us (Warrior Kings: Battles) +CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) + NOTE: not-for-us (Warrior Kings: Battles) +CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) + NOTE: not-for-us (PortailPHP) +CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) + NOTE: not-for-us (CA Antivirus) +CAN-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...) + NOTE: Not in sarge due to RC bugs + - gxine (unfixed; bug #310712) +CAN-2005-1691 + NOTE: reserved +CAN-2005-1690 + NOTE: reserved +CAN-2005-1689 + NOTE: reserved +CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) + NOTE: Removed from Sarge due to intransparent handling of security issues by upstream + - wordpress 1.5.1-1 +CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) + NOTE: Removed from Sarge due to intransparent handling of security issues by upstream + - wordpress 1.5.1-1 +CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) + NOTE: Only exploitable under rare circumstances + - gedit 2.10.3-1 +CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) + NOTE: not-for-us (episodex) +CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) + NOTE: not-for-us (episodex) +CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...) + NOTE: not-for-us (Solstice Internet Mail Server) +CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...) + NOTE: not-for-us (phpATM) +CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...) + NOTE: not-for-us (D-Link hardware) +CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) + - picasm 1.12c-1 +CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) + NOTE: not-for-us (Groove) +CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) + NOTE: not-for-us (Groove) +CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...) + NOTE: not-for-us (Groove) +CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) + NOTE: not-for-us (Groove) +CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...) + NOTE: not-for-us (Help Center Live) +CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...) + NOTE: not-for-us (Help Center Live) +CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...) + NOTE: not-for-us (Help Center Live) +CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...) + NOTE: not-for-us (Yahoo Messenger) +CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) + NOTE: not-for-us (Extreme BlackDiamond hardware) +CAN-2005-1669 + NOTE: reserved +CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) + NOTE: not-for-us (YusASP Web Asset Manager) +CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) + NOTE: not-for-us (DataTrac Activity Console) +CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...) + NOTE: not-for-us (Orenosv) +CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...) + NOTE: not-for-us (Jeuce Personal Web Server) +CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...) + NOTE: not-for-us (Jeuce Personal Web Server) +CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...) + NOTE: not-for-us (Jeuce Personal Web Server) +CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...) + NOTE: not-for-us (EZGuestbook) +CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...) + NOTE: not-for-us (MyServer) +CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...) + NOTE: not-for-us (MyServer) +CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) + NOTE: not-for-us (Mercur Messaging) +CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...) + NOTE: not-for-us (Mercur Messaging) +CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) + NOTE: not-for-us (Hosting Controller) +CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) + - rsync 2.6.1-1 +CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...) + NOTE: not-for-us (InoculateIT) +CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...) + NOTE: not-for-us (Microsoft) +CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) + NOTE: not-for-us (Microsoft) +CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Matrix FTP Server) +CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...) + NOTE: not-for-us (Sophos) +CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...) + NOTE: not-for-us (SandSurfer) +CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) + NOTE: not-for-us (Sambar) +CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) + NOTE: not-for-us (phpcodeCabinet) +CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...) + NOTE: not-for-us (JShop) +CAN-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...) + NOTE: not-for-us (Opera) +CAN-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...) + NOTE: not-for-us (Sami FTP Server) +CAN-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...) + NOTE: not-for-us (Sami FTP Server) +CAN-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...) + NOTE: not-for-us (Red-Alert) +CAN-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...) + NOTE: not-for-us (Red-Alert) +CAN-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...) + NOTE: not-for-us (Red-Alert) +CAN-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...) + NOTE: not-for-us (Nadeo) +CAN-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...) + NOTE: not-for-us (Jelsoft Bulletin) +CAN-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Sophos) +CAN-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...) + NOTE: not-for-us (Dream FTP) +CAN-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...) + - kernel-patch-vserver 1.9.4-1 +CAN-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...) + NOTE: not-for-us (Mambo) +CAN-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...) + NOTE: not-for-us (Macallan) +CAN-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) + NOTE: not-for-us (VisualShapers) +CAN-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...) + NOTE: not-for-us (Monkey) +CAN-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...) + NOTE: not-for-us (Oracle) +CAN-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...) + NOTE: not-for-us (Crob) +CAN-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...) + NOTE: not-for-us (Crob) +CAN-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...) + NOTE: not-for-us (Crob) +CAN-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) + NOTE: not-for-us (Mambo) +CAN-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...) + NOTE: not-for-us (Mambo) +CAN-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...) + NOTE: not-for-us (Monkey) +CAN-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) + NOTE: not-for-us (Mambo) +CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...) + NOTE: not-for-us (Caucho Technology Resin) +CAN-2005-XXXX [Two DoS condition in ekg] + - ekg 1:1.5+20050411-3 +CAN-2005-XXXX [lcrash affected by libbfd integer overflows] + - lcrash 7.0.0.pre.cvs.20050322-3 +CAN-2005-XXXX [Multiple security problems in lbreakout2] + - lbreakout2 2.5.2-2 +CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) + NOTE: not-for-us (Woppoware) +CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) + NOTE: not-for-us (Woppoware) +CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) + NOTE: not-for-us (Woppoware) +CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) + NOTE: not-for-us (Woppoware) +CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) + NOTE: not-for-us (Windows) +CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) + NOTE: not-for-us (GASoft) +CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) + NOTE: not-for-us (GASoft) +CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) + NOTE: not-for-us (Fastream NETFile) +CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) + NOTE: not-for-us (Keyvan1 Gallery) +CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) + NOTE: not-for-us (Livre d'Or) +CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) + NOTE: not-for-us (Zoidcom) +CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) + NOTE: not-for-us (Woltlab Burning Board) +CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) + NOTE: not-for-us (Ignition Project) +CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) + NOTE: not-for-us (Ignition Project) +CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) + NOTE: not-for-us (Sigma) +CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) + NOTE: not-for-us (SafeHTML) +CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) + NOTE: not-for-us (NPDS) +CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...) + TODO: mysql-dfsg-4.1 should be already be fixed as well, double check + - mysql-dfsg 4.0.12-2 +CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) + NOTE: not-for-us (JGS-Portal) +CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) + NOTE: not-for-us (JGS-Portal) +CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) + NOTE: not-for-us (JGS-Portal) +CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) + - cheetah 0.9.16-1 + NOTE: testing approval is waiting on verification that the fix works. + NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html +CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) + NOTE: not-for-us (Booby) +CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) + NOTE: not-for-us (phpbb attachment mod) +CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) + NOTE: not-for-us (Photopost) +CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...) + NOTE: not-for-us (WebAPP) +CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) + NOTE: The 1.x version in Sarge and sid is not vulnerable +CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) + NOTE: not-for-us (Pico Server) +CAN-2005-1625 + NOTE: reserved +CAN-2005-1624 + NOTE: reserved +CAN-2005-1623 + NOTE: reserved +CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) + NOTE: not-for-us (MetaCart) +CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) + NOTE: not-for-us (Postnuke mod) +CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) + NOTE: not-for-us (Skull-Splitter Guestbook) +CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...) + NOTE: not-for-us (PHPMyChat) +CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) + NOTE: not-for-us (Yahoo Messenger) +CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) + NOTE: not-for-us (Willings WebCAM) +CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) + NOTE: not-for-us (Ultimate PHP Board) +CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) + NOTE: not-for-us (Ultimate PHP Board) +CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) + NOTE: not-for-us (Ultimate PHP Board) +CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...) + NOTE: not-for-us (OpenBB) +CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...) + NOTE: not-for-us (OpenBB) +CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...) + NOTE: not-for-us (Web Crossing) +CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) + NOTE: not-for-us (Tru-Zone NukeET) +CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) + NOTE: not-for-us (Sun StorEdge 6130 Arrays) +CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...) + NOTE: not-for-us (Spidean AutoTheme 1.7 and AT-Lite for PostNuke) +CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...) + NOTE: not-for-us (Remote Cart) +CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) + NOTE: not-for-us (H-Sphere Winbox) +CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...) + NOTE: not-for-us (guestbook for SiteStudio) +CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) + NOTE: not-for-us (phpATM) +CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...) + NOTE: not-for-us ( NiteEnterprises Remote File Manager) +CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) + NOTE: not-for-us (Net56 Browser Based File Manager) +CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...) + NOTE: not-for-us ( MRO Maximo Self Service) +CAN-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) + NOTE: not-for-us (LibTomCrypt) +CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...) + NOTE: not-for-us (Kryloff Technologies Subject Search Server) +CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...) + NOTE: not-for-us (Fusion SBX) +CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...) + NOTE: not-for-us (CodeThat ShoppingCart) +CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...) + NOTE: not-for-us (CodeThat ShoppingCart) +CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...) + NOTE: not-for-us (CodeThat ShoppingCart) +CAN-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...) + NOTE: not-for-us (BirdBlog) +CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...) + NOTE: not-for-us (Solaris) +CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...) + NOTE: not-for-us (Altiris Client Service for Windows) +CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...) + NOTE: not-for-us (Altiris Client Service for Windows) +CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) + NOTE: not-for-us (LedForums) +CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (HTTP Commander) +CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] + - clamav 0.85.1-1 +CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] + - libxpm4 (unfixed; bug #308783) +CAN-2005-1589 [Local privilege escalation in the Linux kernel's pktcdvd ioctl] + NOTE: According to Horms from kernel team 2.6.8 not affected + - kernel-source-2.6.11 2.6.11-5 +CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...) + NOTE: not-for-us (Quick.cart) +CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...) + NOTE: not-for-us (Quick.cart) +CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...) + NOTE: not-for-us (Quick.Forum) +CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...) + NOTE: not-for-us (Quick.Forum) +CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) + NOTE: not-for-us (Quick.Forum) +CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...) + NOTE: not-for-us (1Two News) +CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...) + NOTE: not-for-us (1Two News) +CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...) + NOTE: not-for-us (bug_list.php +CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) + NOTE: not-for-us (BoastMachine) +CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) + NOTE: not-for-us (Apple) +CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...) + NOTE: not-for-us (EnCase) +CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...) + NOTE: not-for-us (APG Classmaster) +CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) + NOTE: appears windows specific +CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) + NOTE: appears windows specific +CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...) + NOTE: not-for-us (Windows) +CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...) + NOTE: not-for-us (ASP Virtual News Manager) +CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (ShowOff) +CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...) + NOTE: not-for-us (ShowOff) +CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...) + NOTE: for-for-us (bttlxeForum) +CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...) + NOTE: not-for-us (DirectTopics) +CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...) + NOTE: not-for-us (DirectTopics) +CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...) + NOTE: not-for-us (DirectTopics) +CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) + NOTE: not-for-us (Acrowave AAP-3100AR wireless router) +CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) + - bugzilla (unfixed; bug #308789) + NOTE: only affects sid +CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) + - bugzilla 2.16.7-7sarge1 +CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...) + - bugzilla 2.16.7-7sarge1 +CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) + NOTE: not-for-us (Nexusway) +CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) + NOTE: not-for-us (Nexusway) +CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...) + NOTE: not-for-us (Nexusway) +CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...) + NOTE: not-for-us (WebApp Guestbook PRO) +CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...) + NOTE: not-for-us (Gamespy cd-key validation system) +CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) + NOTE: not-for-us (JRun) +CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) + NOTE: not-for-us (WowBB) +CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) + NOTE: not-for-us (GeoVision Digital Video Surveillance System) +CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...) + NOTE: not-for-us (GeoVision Digital Video Surveillance System) +CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...) + NOTE: not-for-us (Sophos Anti-Virus) +CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...) + NOTE: not-for-us (easy message board) +CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) + NOTE: not-for-us (easy message board) +CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...) + NOTE: not-for-us (Advanced Guestbook) +CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) + NOTE: not-for-us (Bakbone Netvault) +CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) + - ht 0.8.0-2 +CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) + - ht 0.8.0-3 +CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...) + NOTE: CVE info about vulnerable version number is bogus + - tiff 3.7.2-3 + NOTE: tiff3g not in testing +CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) + NOTE: not-for-us (Novell Zenworks) +CAN-2005-1542 + NOTE: reserved +CAN-2005-1541 + NOTE: reserved +CAN-2005-1540 + NOTE: reserved +CAN-2005-1539 + NOTE: reserved +CAN-2005-1538 + NOTE: reserved +CAN-2005-1537 + NOTE: reserved +CAN-2005-1536 + NOTE: reserved +CAN-2005-1535 + NOTE: reserved +CAN-2005-1534 + NOTE: reserved +CAN-2005-1533 + NOTE: reserved +CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) + - mozilla-firefox 1.0.4 + - mozilla-browser 2:1.7.8 +CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) + - mozilla-firefox 1.0.4 + - mozilla-browser 2:1.7.8 +CAN-2005-1530 + NOTE: reserved +CAN-2005-1529 + NOTE: reserved +CAN-2005-1528 + NOTE: reserved +CAN-2005-1527 + NOTE: reserved +CAN-2005-1526 + NOTE: reserved +CAN-2005-1525 + NOTE: reserved +CAN-2005-1524 + NOTE: reserved +CAN-2005-1523 [GNU Mailutils 0.6 imap4d Format String Vulnerability] + {DSA-732-1} + - mailutils 1:0.6.1-3 +CAN-2005-1522 [GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability] + {DSA-732-1} + - mailutils 1:0.6.1-3 +CAN-2005-1521 [GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability] + {DSA-732-1} + - mailutils 1:0.6.1-3 +CAN-2005-1520 [GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability] + {DSA-732-1} + - mailutils 1:0.6.1-3 +CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) + - squid 2.5.9-9 +CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...) + NOTE: not-for-us (Solaris) +CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...) + NOTE: not-for-us (Cisco) +CAN-2005-XXXX [Buffer overflow in libotr] + - libotr 2.0.2-1 +CAN-2005-XXXX [vpnc: config file path security hole] + NOTE: no bug ever filed for this + - vpnc 0.3.2+SVN20050326-2 +CAN-2005-XXXX [Several buffer overflows in termpkg] + NOTE: Not in Sarge + - termpkg 3.3-2 +CAN-2005-XXXX [Integer overflow in binutils' ELF parsing] + - binutils 2.15-6 +CAN-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] + - kmd 0.9.19-1.1 +CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] + NOTE: Source package has been renamed from unrar to unrar-free + - unrar-free 1:0.0.1-2 +CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) + NOTE: not-for-us (PwsPHP) +CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...) + NOTE: not-for-us (PwsPHP) +CAN-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (PwsPHP) +CAN-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...) + NOTE: not-for-us (PwsPHP) +CAN-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...) + NOTE: not-for-us (PwsPHP) +CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) + NOTE: not-for-us (WebSTAR) +CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...) + NOTE: not-for-us (CJ Ultra Plus) +CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...) + NOTE: not-for-us (MacOS) +CAN-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...) + NOTE: not-for-us (GameSpy SDK CD-Key Validation Toolkit) +CAN-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...) + NOTE: not-for-us (MidiCart) +CAN-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...) + NOTE: not-for-us (MidiCart) +CAN-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (MidiCart) +CAN-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...) + NOTE: not-for-us (myBloggie) +CAN-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...) + NOTE: not-for-us (myBloggie) +CAN-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...) + NOTE: not-for-us (myBloggie) +CAN-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...) + NOTE: not-for-us (myBloggie) +CAN-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...) + NOTE: not-for-us (Oracle) +CAN-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...) + NOTE: not-for-us (Oracle) +CAN-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...) + NOTE: not-for-us (MegaBook) +CAN-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...) + NOTE: not-for-us (SimpleCam) +CAN-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...) + NOTE: not-for-us (Gossamer Threads Links) +CAN-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...) + NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2) +CAN-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...) + NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2) +CAN-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...) + NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2) +CAN-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...) + NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2) +CAN-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...) + NOTE: not-for-us (FishCart) +CAN-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...) + NOTE: not-for-us (FishCart) +CAN-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...) + NOTE: not-for-us (Golden FTP Server Pro) +CAN-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) + NOTE: not-for-us (Golden FTP Server Pro) +CAN-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...) + NOTE: not-for-us (ArticleLive) +CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...) + NOTE: not-for-us (ArticleLive) +CAN-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...) + NOTE: not-for-us (ASP Inline Corporate Calendar) +CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...) + NOTE: not-for-us (RaidenFTPD) +CAN-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...) + NOTE: not-for-us (JGS-Portal) +CAN-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...) + NOTE: not-for-us (DMail) +CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...) + NOTE: not-for-us (DMail) +CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...) + NOTE: not in testing + NOTE: non-free + NOTE: minor issues + - qmail-src 1.03-38 +CAN-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...) + - qmail-src 1.03-38 +CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...) + - qmail-src 1.03-38 +CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...) + NOTE: not-for-us (JAWS) +CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...) + NOTE: not-for-us (LinPHA) +CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) + - dansguardian 2.5.2-0-0.1 +CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...) + NOTE: not-for-us (lostBook) +CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) + NOTE: not-for-us (AntiBoard) +CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...) + NOTE: not-for-us (AntiBoard) +CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) + NOTE: not-for-us (RiSearch) +CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...) + NOTE: not-for-us (ASPRunner) +CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...) + NOTE: not-for-us +CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...) + NOTE: not-for-us +CAN-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...) + NOTE: not-for-us +CAN-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...) + NOTE: not-for-us +CAN-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) + - phpbb2 2.0.10-1 +CAN-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...) + - phpbb2 2.0.10-1 +CAN-2004-2053 (PHP remote code injection vulnerability in index.php in EasyIns ...) + NOTE: not-for-us +CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...) + NOTE: not-for-us +CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...) + NOTE: not-for-us +CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) + NOTE: not-for-us +CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) + NOTE: not-for-us +CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...) + NOTE: not-for-us +CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) + NOTE: not-for-us +CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...) + NOTE: not-for-us +CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) + NOTE: not-for-us +CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...) + NOTE: not-for-us +CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...) + NOTE: not-for-us +CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) + NOTE: not-for-us +CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...) + NOTE: not-for-us +CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) + NOTE: not-for-us +CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) + NOTE: not-for-us +CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) + NOTE: not-for-us +CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) + NOTE: not-for-us +CAN-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) + NOTE: not-for-us +CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us +CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...) + NOTE: not-for-us +CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...) + NOTE: not-for-us +CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) + NOTE: not-for-us +CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...) + NOTE: not-for-us +CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...) + NOTE: not-for-us +CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...) + NOTE: not-for-us +CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...) + NOTE: not-for-us +CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...) + - icecast2 2.0.1.debian-1 +CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) + - pound 1.7-1 +CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) + NOTE: not-for-us +CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...) + NOTE: not-for-us +CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) + NOTE: not-for-us +CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and 5.8.0 ...) + NOTE: not-for-us (various perls on Windows) +CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) + NOTE: not-for-us (osCommerce) +CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...) + NOTE: not-for-us (php-nuke) +CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) + NOTE: not-for-us (php-nuke) +CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...) + NOTE: not-for-us (php-nuke) +CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) + NOTE: not-for-us (Turbo Traffic Trader C (TTT-C)) +CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...) + NOTE: not-for-us (netchat) +CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) + NOTE: not-for-us (WebCT) +CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) + - wget 1.9.1-12 +CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) + NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok +CAN-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) + NOTE: not-for-us (NetBSD) +CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) + NOTE: not-for-us (MSIE) +CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...) + NOTE: not-for-us (phpShop) +CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) + NOTE: not-for-us (NukeJokes) +CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) + NOTE: not-for-us (NukeJokes) +CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...) + NOTE: not-for-us (NukeJokes) +CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) + NOTE: not-for-us (OfficeScan) +CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...) + NOTE: not-for-us (Eudora) +CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) + NOTE: not-for-us (SUSE Live CD) +CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...) + NOTE: not-for-us (DeleGate) +CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...) + NOTE: not-for-us (IRIX) +CAN-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...) + NOTE: not-for-us (IRIX) +CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...) + NOTE: not-for-us (Php-Nuke) +CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) + NOTE: not-for-us (Windows) +CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...) + NOTE: not-for-us (php-nuke) +CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...) + NOTE: not-for-us (kolab) +CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) + NOTE: not-for-us (Simple Machines Forum) +CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) + NOTE: not-for-us (FuseTalk) +CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...) + NOTE: not-for-us (FuseTalk) +CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...) + NOTE: not-for-us (omail) +CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...) + NOTE: not-for-us (Serv-U) +CAN-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...) + NOTE: not-for-us (aweb) +CAN-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) + NOTE: not-for-us (aweb) +CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...) + NOTE: not-for-us (Coppermine) +CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...) + NOTE: not-for-us (Coppermine) +CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) + NOTE: not-for-us (Coppermine) +CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...) + NOTE: not-for-us (Coppermine) +CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) + NOTE: not-for-us (Coppermine) +CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) + NOTE: not-for-us (Coppermine) +CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...) + NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax + NOTE: but only for 2.4. +CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...) + NOTE: not-for-us (YaBB) +CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) + NOTE: not-for-us (Crystal Reports) +CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...) + NOTE: not-for-us (PROPS) +CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...) + NOTE: not-for-us (PROPS) +CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) + - moodle 1.3 +CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) + NOTE: not-for-us (3com NBX IP VOIP NetSet Configuration Manager) +CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...) + NOTE: not-for-us (SMC Barricade broadband router 7008ABR and 7004VBR) +CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...) + NOTE: not-for-us (paFileDB) +CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) + NOTE: not-for-us (paFileDB) +CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (DiGi Web Server) +CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...) + NOTE: not-for-us (Samsung SmartEther SS6215Sswitch) +CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) + NOTE: not-for-us (OpenBB) +CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) + NOTE: not-for-us (OpenBB) +CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...) + NOTE: not-for-us (OpenBB) +CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) + NOTE: not-for-us (OpenBB) +CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...) + NOTE: not-for-us (OpenBB) +CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...) + NOTE: not-for-us (Network Query Tool (NQT)) +CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...) + NOTE: not-for-us (Network Query Tool (NQT)) +CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...) + NOTE: not-for-us (Protector System) +CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...) + NOTE: not-for-us (Protector System) +CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...) + NOTE: not-for-us (Protector System) +CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...) + NOTE: not-for-us (Protector System) +CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...) + NOTE: not-for-us (Unreal engine) +CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) + NOTE: not-for-us (PostNuke) +CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...) + NOTE: not-for-us (PostNuke) +CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) + NOTE: not-for-us (phProfession) +CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...) + NOTE: not-for-us (phProfession) +CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) + NOTE: not-for-us (phProfession) +CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...) + NOTE: not-for-us (Advanced Guestbook +CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...) + - xine-ui 0.99.1 +CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...) + - phpbb2 2.0.9 +CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...) + NOTE: not-for-us (PostNuke) +CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...) + NOTE: nonsense, all command line passwords can be intercepted at least sometimes +CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...) + NOTE: not-for-us (bitdefender) +CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...) + - cherokee 0.4.21b01-1 +CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) + NOTE: not-for-us (Kinesphere eXchange POP3 ) +CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) + NOTE: not-for-us (Eudora) +CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...) + NOTE: not-for-us (phpbb as modified by przemo) +CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) + NOTE: not-for-us (Solaris) +CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...) + NOTE: not-for-us (Fastream NETFile FTP/Web Server) +CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...) + - kphone 1:4.0.2 +CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...) + NOTE: not-for-us (Zaep) +CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...) + NOTE: not-for-us (Phorum) +CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...) + NOTE: not-for-us (Nuked-KlaN) +CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...) + NOTE: not-for-us (ZoneAlarm) +CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) + NOTE: not-for-us (SCT Campus Pipeline) +CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...) + NOTE: not-for-us (Gemitel) +CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) + NOTE: not-for-us (Citadel) +CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...) + NOTE: not-for-us (PhpNuke) +CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) + NOTE: not-for-us (PhpNuke) +CAN-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...) + NOTE: not-for-us (PhpNuke) +CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...) + NOTE: not-for-us (tikiwiki) +CAN-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) + NOTE: not-for-us (tikiwiki) +CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) + NOTE: not-for-us (tikiwiki) +CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...) + NOTE: not-for-us (tikiwiki) +CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...) + NOTE: not-for-us (tikiwiki) +CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) + NOTE: not-for-us (tikiwiki) +CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) + NOTE: not-for-us (MSIE) +CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...) + NOTE: not-for-us (X-Micro WLAN 11b Broadband Router) +CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) + NOTE: not-for-us (X-Micro WLAN 11b Broadband Router) +CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) + NOTE: not-for-us (Crackalaka) +CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (rsniff) +CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...) + - lcdproc 0.4.5 +CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...) + - lcdproc 0.4.5 +CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...) + - lcdproc 0.4.5 +CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...) + NOTE: not-for-us (phpnuke) +CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...) + NOTE: not-for-us (phpnuke) +CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) + NOTE: not-for-us (phpnuke) +CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...) + NOTE: not-for-us (AzDGDatingLite) +CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) + NOTE: not-for-us (Symantec) +CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) + - clamav 0.68.1 +CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...) + NOTE: not-for-us (Mcafee FreeScan) +CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...) + NOTE: not-for-us (Kerio Personal Firewall) +CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Mcafee FreeScan) +CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) + NOTE: not-for-us (Panda ActiveScan) +CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) + NOTE: not-for-us (Panda ActiveScan) +CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...) + NOTE: not-for-us (blaxxun) +CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...) + NOTE: not-for-us (Citrix MetaFrame Password Manager) +CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...) + NOTE: not-for-us (gentoo portage) +CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...) + NOTE: not-for-us (IGI 2 Covert Strike server) +CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) + - monit 1:4.2.1 +CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) + - monit 1:4.2.1-1 +CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) + - monit 1:4.2.1-1 +CAN-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...) + NOTE: not-for-us +CAN-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...) + NOTE: not-for-us +CAN-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...) + NOTE: not-for-us +CAN-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) + NOTE: not-for-us +CAN-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...) + NOTE: not-for-us +CAN-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...) + NOTE: not-for-us +CAN-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) + NOTE: not-for-us +CAN-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) + NOTE: not-for-us +CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...) + NOTE: not-for-us +CAN-2004-1887 (ImgSvr 0.4 allows remote attackers to view directories or download ...) + NOTE: not-for-us +CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) + NOTE: not-for-us +CAN-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) + NOTE: not-for-us +CAN-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) + NOTE: not-for-us +CAN-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...) + NOTE: not-for-us +CAN-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...) + NOTE: not-for-us +CAN-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) + NOTE: not-for-us +CAN-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...) + - openldap2 2.1.17-1 +CAN-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) + NOTE: not-for-us +CAN-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...) + NOTE: not-for-us +CAN-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...) + NOTE: not-for-us +CAN-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) + - clamav 0.70-1 +CAN-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...) + NOTE: not-for-us +CAN-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) + NOTE: not-for-us +CAN-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...) + NOTE: not-for-us +CAN-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) + NOTE: not-for-us +CAN-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) + NOTE: not-for-us +CAN-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) + NOTE: not-for-us +CAN-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...) + NOTE: not-for-us +CAN-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...) + NOTE: not-for-us +CAN-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...) + NOTE: not-for-us +CAN-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) + - nstx 1.1-beta4-1 +CAN-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...) + NOTE: not-for-us +CAN-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...) + NOTE: not-for-us +CAN-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...) + NOTE: not-for-us +CAN-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...) + NOTE: not-for-us +CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...) + NOTE: not-for-us +CAN-2004-1860 (Buffer overflow in Check Point Smartview Tracker in Check Point NG AI ...) + NOTE: not-for-us +CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...) + NOTE: not-for-us +CAN-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) + NOTE: not-for-us +CAN-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...) + NOTE: not-for-us +CAN-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) + NOTE: not-for-us +CAN-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...) + NOTE: not-for-us +CAN-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) + NOTE: not-for-us +CAN-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) + NOTE: not-for-us +CAN-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...) + NOTE: not-for-us +CAN-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...) + NOTE: not-for-us +CAN-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us +CAN-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...) + NOTE: not-for-us +CAN-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) + NOTE: not-for-us +CAN-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) + NOTE: not-for-us +CAN-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) + NOTE: not-for-us +CAN-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...) + NOTE: not-for-us +CAN-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...) + NOTE: not-for-us +CAN-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...) + NOTE: not-for-us +CAN-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...) + NOTE: not-for-us +CAN-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...) + NOTE: not-for-us +CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) + NOTE: not-for-us +CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) + NOTE: not-for-us +CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) + NOTE: not-for-us +CAN-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...) + NOTE: not-for-us +CAN-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...) + NOTE: not-for-us +CAN-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...) + NOTE: not-for-us +CAN-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...) + - apache2 2.0.53-1 +CAN-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...) + NOTE: not-for-us +CAN-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...) + NOTE: not-for-us +CAN-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...) + NOTE: not-for-us +CAN-2004-1830 (Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to obtain ...) + NOTE: not-for-us +CAN-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...) + NOTE: not-for-us +CAN-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...) + NOTE: not-for-us +CAN-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...) + NOTE: not-for-us +CAN-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...) + NOTE: not-for-us +CAN-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...) + NOTE: not-for-us +CAN-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...) + NOTE: not-for-us +CAN-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...) + NOTE: not-for-us +CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...) + NOTE: not-for-us +CAN-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...) + NOTE: not-for-us +CAN-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...) + NOTE: not-for-us +CAN-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...) + NOTE: not-for-us +CAN-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...) + NOTE: not-for-us +CAN-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...) + NOTE: not-for-us +CAN-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...) + NOTE: not-for-us +CAN-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...) + NOTE: not-for-us +CAN-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...) + NOTE: not-for-us +CAN-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...) + NOTE: not-for-us +CAN-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...) + NOTE: not-for-us +CAN-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...) + NOTE: not-for-us +CAN-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...) + NOTE: not-for-us +CAN-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...) + - phpbb2 2.0.10-1 + NOTE: probably fixed in 2.0.6d-3 +CAN-2004-1808 (Extcompose in metamail does not verify the output file before writing ...) + NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail + NOTE: see bug #308875 +CAN-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...) + NOTE: not-for-us +CAN-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...) + NOTE: not-for-us +CAN-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...) + NOTE: not-for-us +CAN-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...) + NOTE: not-for-us +CAN-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...) + NOTE: not-for-us +CAN-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...) + NOTE: not-for-us +CAN-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...) + NOTE: not-for-us +CAN-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...) + NOTE: not-for-us +CAN-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us +CAN-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) + NOTE: not-for-us +CAN-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...) + NOTE: not-for-us +CAN-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...) + NOTE: not-for-us +CAN-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...) + NOTE: not-for-us +CAN-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...) + NOTE: not-for-us +CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) + NOTE: not-for-us +CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) + NOTE: not-for-us (Edimax Router) +CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...) + NOTE: not-for-us (Edimax Router) +CAN-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...) + NOTE: not-for-us (ZyWALL) +CAN-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...) + NOTE: not-for-us (ASP-Nuke) +CAN-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...) + NOTE: not-for-us (PostCalendar) +CAN-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) + NOTE: not-for-us (PortalApp) +CAN-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...) + NOTE: not-for-us (Invision Power Board) +CAN-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...) + NOTE: not-for-us (web server of Webcam Watchdog) +CAN-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...) + NOTE: not-for-us (Net2Soft Flash FTP Server) +CAN-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...) + NOTE: not-for-us (Athena Web Registration) +CAN-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...) + NOTE: not-for-us (Info Touch Surfnet kiosk) +CAN-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) + NOTE: not-for-us (Info Touch Surfnet kiosk) +CAN-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...) + NOTE: not-for-us (ThWboard) +CAN-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...) + NOTE: not-for-us (omail webmail) +CAN-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...) + - openldap2 2.1.17-1 +CAN-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...) + NOTE: not-for-us (MDaemon) +CAN-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...) + NOTE: not-for-us (MyProxy) +CAN-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...) + - cherokee 0.4.21b01-1 +CAN-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...) + NOTE: not-for-us (VieBoard) +CAN-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...) + NOTE: not-for-us (VieBoard) +CAN-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...) + NOTE: not-for-us (Booby) +CAN-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...) + NOTE: not-for-us (Portal DB) +CAN-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...) + NOTE: not-for-us (IA WebMail Server) +CAN-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) + NOTE: not-for-us (e107) +CAN-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) + NOTE: not-for-us (PHPRecipeBook) +CAN-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...) + NOTE: not-for-us (Nokia IPSO) +CAN-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...) + NOTE: not-for-us (Unichat) +CAN-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...) + NOTE: not-for-us (PHPKIT) +CAN-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...) + NOTE: not-for-us (TelCondex SimpleWebServer) +CAN-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...) + NOTE: not-for-us (ThWboard) +CAN-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...) + NOTE: not-for-us (ThWboard) +CAN-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...) + NOTE: not-for-us (Oracle Collaboration Suite) +CAN-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...) + NOTE: not-for-us (MPM Guestbook) +CAN-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (Advanced Poll) +CAN-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) + NOTE: not-for-us (Advanced Poll) +CAN-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...) + NOTE: not-for-us (Advanced Poll) +CAN-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...) + NOTE: not-for-us (Advanced Poll) +CAN-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) + NOTE: not-for-us (MERCUR Mailserver) +CAN-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...) + NOTE: not-for-us (Web Wiz Forums) +CAN-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...) + NOTE: not-for-us (Sympoll) +CAN-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) + NOTE: not-for-us (NullSoft Shoutcast Server) +CAN-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) + NOTE: not-for-us (Centrinity FirstClass) +CAN-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...) + NOTE: not-for-us (Apache Software Foundation Cocoon) +CAN-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...) + - libapache-mod-security 1.8.4-1 +CAN-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) + NOTE: not-for-us (kpopup) +CAN-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) + NOTE: not-for-us (DATEV Nutzungskontrolle) +CAN-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...) + NOTE: not-for-us (kpopup) +CAN-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...) + NOTE: not-for-us (HTTP Commander) +CAN-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...) + NOTE: not-for-us (BRS WebWeaver) +CAN-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...) + - mldonkey 2.5.11-1 +CAN-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...) + NOTE: not-for-us (Ganglia gmond) +CAN-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) + NOTE: not-for-us (Tritanium Bulletin Board) +CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) + NOTE: ancient and unreleased source code with backdoor +CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...) + NOTE: not-for-us (FlexWATCH) +CAN-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...) + NOTE: not-for-us (Plug and Play Web Server) +CAN-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...) + NOTE: not-for-us (Plug and Play Web Server) +CAN-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...) + NOTE: not-for-us (Citrix) +CAN-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...) + NOTE: not-for-us (Sun JRE/SDK) +CAN-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...) + - xcdroast 0.98+0alpha15-1 + NOTE: woody seems to be vulnerable (see bug #310046) +CAN-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...) + NOTE: not-for-us (MAILsweeper) +CAN-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) + NOTE: not-for-us (byteHoard) +CAN-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) + NOTE: not-for-us (WebTide) +CAN-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...) + NOTE: not-for-us (Fastream) +CAN-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) + NOTE: not-for-us (Novell portmapper) +CAN-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...) + NOTE: not-for-us (Symantec Norton Internet Security) +CAN-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...) + NOTE: not-for-us (Les Visiteurs) +CAN-2003-1147 + NOTE: rejected +CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) + NOTE: not-for-us (Easy PHP Photo Album) +CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...) + NOTE: not-for-us (OpenAutoClassifieds) +CAN-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...) + NOTE: not-for-us (Perception LiteServe) +CAN-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) + NOTE: not-for-us (Croteam Serious Sam demo) +CAN-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) + NOTE: not-for-us (NIPrint LPD-LPR) +CAN-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...) + NOTE: not-for-us (NIPrint LPD-LPR) +CAN-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...) + NOTE: not-for-us (Musicqueue) +CAN-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...) + NOTE: not-for-us (Musicqueue) +CAN-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...) + NOTE: not-for-us (Red Hat specific) +CAN-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...) + NOTE: not-for-us (sh-httpd) +CAN-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...) + NOTE: not-for-us (Chi Kien Uong Guestbook) +CAN-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...) + NOTE: not-for-us (Yahoo! Messenger) +CAN-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) + NOTE: not-for-us (Sun JVM) +CAN-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...) + NOTE: not-for-us (The Bat!) +CAN-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...) + NOTE: not-for-us (vBulletin) +CAN-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...) + NOTE: not-for-us (PortalApp) +CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...) + NOTE: not-for-us (BEA Tuxedo) +CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) + - mozilla-firefox 1.0.4-1 +CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) + - mozilla-firefox 1.0.4-1 + TODO: check mozilla too +CAN-2005-1475 + NOTE: reserved +CAN-2005-1474 + NOTE: reserved +CAN-2005-1473 + NOTE: reserved +CAN-2005-1472 + NOTE: reserved +CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) + NOTE: not-for-us (RSA SecurID Web Agent) +CAn-2005-XXXX [race condition with a buffered temp file] + NOTE: no bug ever filed for this one + - pysvn 1.1.2-3 +CAN-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] + - mailutils 0.6.1-2 +CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] + - maradns 1.0.27-1 +CAN-2005-XXXX [Temp file races in gs-gpl addons scripts] + - gs-gpl (unfixed; bug #291373) +CAN-2005-XXXX [Possible SQL injection in freeradius] + - freeradius 1.0.2-4 +CAN-2005-XXXX [Insecure temp file handling in Thunderbird] + - mozilla-thunderbird (unfixed; bug #306893) +CAN-2005-XXXX [Directory traversal in unzoo] + - unzoo 4.4-4 +CAN-2005-XXXX [base-config: World readable config file might reveal password data] + - base-config (unfixed; bug #305142) +CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] + - syslog-ng 1.6.5-2.1 +CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to predictable file names] + - trackballs (unfixed; bug #302454) +CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it] + - pwgen (unfixed; bug #276976) +CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber] + - gabber (unfixed; bug #177776) +CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...) + - ethereal 0.10.10-2sarge2 +CAN-2005-1455 (Buffer overflow in the sql_escape_func function in FreeRADIUS 1.0.2 ...) + - freeradius 1.0.2-4 +CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in FreeRADIUS ...) + - freeradius 1.0.2-4 +CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...) + - leafnode 1.11.2.rel-1 +CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...) + - openssh 1:3.8p1 +CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...) + NOTE: not-for-us (Leafnode2 development branch) +CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...) + NOTE: not-for-us (Leafnode2 development branch) +CAN-2005-XXXX [Missing input validation in xtradius] + - xtradius (unfixed; bug #307796; not shipped in binary package) +CAN-2005-XXXX [fai tempfile vulnerability] + - fai 2.8.2 +CAN-2005-XXXX [nvu uses old version of mozilla] + NOTE: contains old copy of xpcom library + NOTE: have not checked to see which security holes re in it exatly + NOTE: Has been removed from Sarge + - nvu (unfixed; bug #306822) +CAN-2005-XXXX [eskuel: arbitrary file retreiving] + - eskuel 1.0.5-3.1 +CAN-2005-XXXX [eskuel: No authentication at all] + - eskuel (unfixed; bug #163653) +CAN-2005-XXXX [Buffer overflow in elog's header buffer] + - elog 2.5.7+r1558-3 +CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] + - ipsec-tools 0.5.2-1 +CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...) + NOTE: not-for-us (SitePanel) +CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) + NOTE: not-for-us (SitePanel) +CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...) + NOTE: not-for-us (SitePanel) +CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) + NOTE: not-for-us (SitePanel) +CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) + NOTE: not-for-us (Lotus Domino) +CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...) + NOTE: not-for-us (Lotus Domino) +CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...) + NOTE: not-for-us (ViArt Shop) +CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) + NOTE: not-for-us (osTicket) +CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...) + NOTE: not-for-us (osTicket) +CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) + NOTE: not-for-us (osTicket) +CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) + NOTE: not-for-us (osTicket) +CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...) + NOTE: Was once part of Debian, but has been removed +CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) + NOTE: not-for-us (HP OpenView) +CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...) + NOTE: not-for-us (HP OpenView) +CAN-2005-1432 + NOTE: reserved +CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) + NOTE: Sarge will get a different fix with only the security fix + - gnutls11 1.0.16-13.1 +CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) + NOTE: not-for-us (WWWguestbook) +CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) + NOTE: not-for-us (Uapplication Uphotogallery) +CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) + NOTE: not-for-us (Uapplication Uphotogallery) +CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...) + NOTE: not-for-us (Uapplication Ublog) +CAN-2005-1425 (Uapplication Uguestbook stores the database under the web document ...) + NOTE: not-for-us (Uapplication Uguestbook) +CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) + NOTE: not-for-us (GoText) +CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) + NOTE: not-for-us (602 LAN SUITE) +CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) + NOTE: not-for-us (Raysoft Video Cam Server) +CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) + NOTE: not-for-us (Raysoft Video Cam Server) +CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) + NOTE: not-for-us (Raysoft Video Cam Server) +CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...) + NOTE: not-for-us (Ocean12 Mailing list manager) +CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) + NOTE: not-for-us (Netleaf) +CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...) + NOTE: not-for-us (04WebServer) +CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...) + NOTE: not-for-us (GlobalSCAPE Secure FTP Server) +CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...) + NOTE: not-for-us (FilePocket) +CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...) + NOTE: not-for-us (enVivo) +CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...) + NOTE: not-for-us (ECommPro) +CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...) + NOTE: not-for-us (ICUII) +CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...) + - postgresql 7.4.7-6 +CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) + - postgresql 7.4.7-6 +CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) + NOTE: not-for-us (Apple) +CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) + NOTE: not-for-us (Skype) +CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) + - kfreebsd5-source 5.3-10 +CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) + NOTE: not-for-us (Lotus Domino) +CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) + NOTE: not-for-us (MyPHP Forum) +CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...) + NOTE: not-for-us (JW Amazon Web Store) +CAN-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) + NOTE: not-for-us (NeL libarary) +CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) + NOTE: not-for-us (Mtp-Target) +CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...) + - kfreebsd5-source 5.3-10 +CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...) + - kfreebsd5-source 5.3-10 +CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) + NOTE: not-for-us (Skype) +CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) + NOTE: not-for-us (Skype) +CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) + NOTE: not-for-us (PHPCart) +CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) + NOTE: not-for-us (PHPCalender) +CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) + NOTE: not-for-us (ARPUS Ceterm) +CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) + NOTE: not-for-us (ARPUS Ceterm) +CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) + NOTE: not-for-us (ArcGIS) +CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) + NOTE: not-for-us (ArcGIS) +CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) + NOTE: In Debian this is only part of the examples in share/doc, any admin will + NOTE: have to modify it for his purposes anyway, so there's no security problem +CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) + - pound (unfixed; bug #307852) +CAN-2005-1390 + NOTE: rejected +CAN-2005-1389 + NOTE: rejected +CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) + NOTE: not-for-us (SURVIVOR) +CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Safari) +CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) + NOTE: not-for-us (phpCoin) +CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) + NOTE: not-for-us (Oracle) +CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) + NOTE: not-for-us (Oracle) +CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) + NOTE: not-for-us (Oracle) +CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) + NOTE: not-for-us (BEA Weblogic) +CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) + NOTE: not-for-us (Mandrake specific packaging flaw) +CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) + NOTE: not-for-us (phpbb mod) +CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...) + NOTE: not-for-us (Claroline) +CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) + NOTE: not-for-us (Claroline) +CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) + NOTE: not-for-us (Claroline) +CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) + NOTE: not-for-us (Claroline) +CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) + NOTE: not-for-us (Koobi CMS) +CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) + NOTE: not-for-us (NetVault) +CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) + NOTE: not-for-us (NetVault) +CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) + NOTE: not-for-us (HP OpenView) +CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) + NOTE: does not affect 2.4.27 per horms + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.6.11 2.6.11-4 +CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) + NOTE: does not affect 2.6.8, 2.4.27 per horms + - kernel-source-2.6.11 2.6.11-4 +CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) + NOTE: not-for-us (pServ) +CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) + NOTE: not-for-us (pServ) +CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) + NOTE: not-for-us (pServ) +CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd + NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8) +CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw] + NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u + - shadow 4.0.3-33 +CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...) + NOTE: not-for-us (MetaBid Auctions) +CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...) + NOTE: not-for-us (MetaCart) +CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...) + NOTE: not-for-us (MetaCart) +CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...) + NOTE: not-for-us (MetaCart) +CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...) + NOTE: not-for-us (GrayCMS) +CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...) + NOTE: not-for-us (text.cgi) +CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...) + NOTE: not-for-us (text.cgi) +CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) + NOTE: not-for-us (text.cgi) +CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script allows ...) + NOTE: not-for-us (includer.cgi) +CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) + NOTE: not-for-us (includer.cgi) +CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (forum.pl) +CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...) + NOTE: not-for-us (forum.pl) +CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...) + NOTE: not-for-us (ad.cgi) +CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (ad.cgi) +CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...) + NOTE: not-for-us (ad.cgi) +CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...) + {DSA-727-1} + - libconvert-uulib-perl 1.0.5.1 +CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) + NOTE: not-for-us (MailEnable) +CAN-2005-1347 (Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote ...) + NOTE: not-for-us (acrobat) +CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) + NOTE: not-for-us (Symantec) +CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...) + {DSA-721-1} + - squid 2.5.9-7 +CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...) + - apache2 2.0.54-3 +CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...) + NOTE: not-for-us (vpnd for Mac OS X) +CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...) + NOTE: not-for-us (Apple Terminal) +CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...) + NOTE: not-for-us (Apple Terminal) +CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...) + NOTE: verified that our lukemftpd uses pw->pw_name when + NOTE: checking /etc/ftpchroot. +CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1334 + NOTE: rejected +CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...) + NOTE: not-for-us (Mac OS X) +CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...) + NOTE: not-for-us (OneWorldStore) +CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (OneWorldStore) +CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...) + NOTE: not-for-us (Woltlab Burning Board) +CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...) + NOTE: not-for-us (VooDoo cIRCle BOTNET) +CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...) + NOTE: not-for-us (phpMyVisites) +CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) + NOTE: not-for-us (phpMyVisites) +CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) + NOTE: not-for-us (NetTerm) +CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) + - nag 1.1-3.1 +CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) + - sork-vacation 2.2.2-1 +CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...) + - mnemo 1.1-2.1 + TODO: check whether nmeno2 is affected as well, mnemo2 is not in Sarge +CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...) + NOTE: imp4 is not affected +CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...) + - sork-forwards 2.2.2-1 +CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...) + NOTE: not-for-us (Hord Chora module) +CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...) + - sork-accounts 2.1.2-1 +CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...) + NOTE: Maintainer is checking whether turba2 needs fixing as well + - turba 1.2.5-1 +CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...) + - kronolith 1.1.4-1 +CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) + - sork-passwd 2.2.2-1 +CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...) + NOTE: not-for-us (Yappa-NG) +CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) + NOTE: not-for-us (Yappa-NG) +CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) + NOTE: not-for-us (bBlog) +CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) + NOTE: not-for-us (bBlog) +CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) + NOTE: upstream says attack won't work, see bug 307575 +CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) + NOTE: not-for-us (Adobe Version Cue) +CAN-2005-1306 + NOTE: reserved +CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) + NOTE: not-for-us (hyper.cgi) +CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) + NOTE: not-for-us (citat.pl) +CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...) + NOTE: not-for-us (citat.pl) +CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) + NOTE: not-for-us (Confixx) +CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) + NOTE: not-for-us (nProtect:Netizen) +CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...) + NOTE: not-for-us (inserter.cgi) +CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (inserter.cgi) +CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...) + NOTE: not-for-us (inserter.cgi) +CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...) + NOTE: not-for-us (include.cgi) +CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (include.cgi) +CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) + NOTE: not-for-us (include.cgi) +CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...) + - affix-kernel 2.1.1-1.1 +CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...) + NOTE: not-for-us (StorePortal) +CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...) + NOTE: not-for-us (CartWIZ ASP Cart) +CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) + NOTE: not-for-us (CartWIZ ASP Cart) +CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) + - phpbb2 2.0.13+1-6 +CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) + NOTE: not-for-us (E-Cart) +CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) + NOTE: not-for-us (ACS Blog) +CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...) + NOTE: not-for-us (BK Forum) +CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...) + NOTE: not-for-us (Bitdefender) +CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...) + NOTE: not-for-us (Woltlab Burning Board) +CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...) + NOTE: not-for-us (Argosoft Mail Server Pro) +CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...) + NOTE: not-for-us (Argosoft Mail Server Pro) +CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...) + NOTE: not-for-us (Argosoft Mail Server Pro) +CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) + - ethereal 0.10.10-2 +CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...) + - ethereal 0.10.10-2 + - tcpdump 3.8.3-4 +CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) + - tcpdump 3.8.3-4 +CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) + - tcpdump 3.8.3-4 +CAN-2005-1277 + NOTE: reserved +CAN-2005-1276 + NOTE: reserved +CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) + NOTE: fix accepted to testing, should reach it today (8 may) + - imagemagick 6:6.0.6.2-2.3 +CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) + - maxdb-7.5.00 7.5.00.24-3 +CAN-2005-1273 + NOTE: reserved +CAN-2005-1272 + NOTE: reserved +CAN-2005-1271 + NOTE: rejected +CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...) + NOTE: not-for-us (Rootkit Hunter) +CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...) + - apache 1.3.31-1 +CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] + - libconvert-uulib-perl 1.0.5.1-1 +CAN-2005-1269 [Unspecified gaim DoS vulnerability] + NOTE: reserved + - gaim 1:1.3.1-1 +CAN-2005-1268 + NOTE: reserved +CAN-2005-1267 + NOTE: reserved +CAN-2005-1266 + NOTE: reserved +CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel] + NOTE: reserved + - kernel-source-2.6.8 (unfixed) +CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl] + - kernel-source-2.6.8 2.6.8-15sarge1 + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.6.11 2.6.11-5 +CAN-2005-1263 [Linux kernel ELF core dump privilege escalation] + - kernel-source-2.6.11 2.6.11 2.6.11-4 + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-10 + NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H +CAN-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...) + NOTE: see http://gaim.sourceforge.net/security/ + - gaim 1:1.2.1-1.1 +CAN-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...) + NOTE: see http://gaim.sourceforge.net/security/ + - gaim 1:1.2.1-1.1 +CAN-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...) + - bzip2 1.0.2-7 +CAN-2005-1259 + NOTE: reserved +CAN-2005-1258 + NOTE: reserved +CAN-2005-1257 + NOTE: reserved +CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) + NOTE: not-for-us (IMail) +CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) + NOTE: not-for-us (IMail) +CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) + NOTE: not-for-us (IMail) +CAN-2005-1253 + NOTE: reserved +CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) + NOTE: not-for-us (IMail) +CAN-2005-1251 + NOTE: reserved +CAN-2005-1250 + NOTE: reserved +CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) + NOTE: not-for-us (IMail) +CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) + NOTE: not-for-us (Apple iTunes) +CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) + NOTE: not-for-us (Novell Nsure Audit) +CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...) + NOTE: not-for-us (snmppd) +CAN-2005-XXXX [Multiple security problems in Quake 2] + NOTE: this release added lots of warnings about the security problems + - quake2 1:0.3-1.1 + - quake2 (unfixed; bug #280573) +CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) + NOTE: not-for-us (MediaWiki not yet in Debian) + TODO: track ITP: #217571 +CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...) + NOTE: not-for-us (AS/400 FTP server addon) +CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...) + NOTE: not-for-us (AS/400 FTP server addon) +CAN-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) + NOTE: not-for-us (AS/400 FTP server addon) +CAN-2005-1241 (Directory traversal vulnerability in the third party tool from ...) + NOTE: not-for-us (AS/400 FTP server addon) +CAN-2005-1240 (Directory traversal vulnerability in the third party tool from ...) + NOTE: not-for-us (AS/400 FTP server addon) +CAN-2005-1239 (Directory traversal vulnerability in the third party tool from ...) + NOTE: not-for-us (AS/400 FTP server addon) +CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) + NOTE: not-for-us (AS/400 FTP server) +CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...) + NOTE: not-for-us (FlexPHPNews) +CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...) + NOTE: not-for-us (DUPortal) +CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...) + NOTE: not-for-us (phpbb-Auction) +CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) + NOTE: not-for-us (phpbb-Auction) +CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...) + NOTE: not-for-us (PHP Labs proFile) +CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) + NOTE: not-for-us (Sun ONE Proxy Server) +CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...) + NOTE: not-for-us (JAWS) +CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) + NOTE: not-for-us (Yawcan) +CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) + - cpio (unfixed; bug #306693) +CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) + - gzip 1.3.5-10 +CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) + NOTE: not-for-us (PHPProjekt) +CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...) + NOTE: not-for-us (Coppermine Photo Gallery) +CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) + NOTE: not-for-us (Coppermine Photo Gallery) +CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUportal Pro 3.4 allow ...) + NOTE: not-for-us (DUPortal) +CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) + NOTE: not-for-us (Ocean12 Calender manager) +CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...) + NOTE: not-for-us (Annuaire Netref) +CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) + NOTE: not-for-us (ECommPro) +CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...) + NOTE: not-for-us (Shoutbox) +CAN-2005-1219 + NOTE: reserved +CAN-2005-1218 + NOTE: reserved +CAN-2005-1217 + NOTE: reserved +CAN-2005-1216 + NOTE: reserved +CAN-2005-1215 + NOTE: reserved +CAN-2005-1214 + NOTE: reserved +CAN-2005-1213 + NOTE: reserved +CAN-2005-1212 + NOTE: reserved +CAN-2005-1211 + NOTE: reserved +CAN-2005-1210 + NOTE: reserved +CAN-2005-1209 + NOTE: reserved +CAN-2005-1208 + NOTE: reserved +CAN-2005-1207 + NOTE: reserved +CAN-2005-1206 + NOTE: reserved +CAN-2005-1205 + NOTE: reserved +CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) + NOTE: This is not a real world problem; it's only applicable in rare circurstances + NOTE: like someone analysing stolen user database information and even then the gain + NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. +CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] + - libpam-ssh 1.91.0-9 +CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...) + NOTE: not-for-us (Desktop Rover) +CAN-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...) + - egroupware 1.0.0.007-2.dfsg-1 +CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...) + - egroupware 1.0.0.007-2.dfsg-1 +CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) + NOTE: not-for-us (AZbb) +CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...) + NOTE: not-for-us (AZbb) +CAN-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...) + NOTE: not-for-us (UBB.threads) +CAN-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...) + NOTE: not-for-us (Anaconda Foundation Directory) +CAN-2005-1197 (SQL injection vulnerability in the ...) + NOTE: not-for-us (Oracle) +CAN-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...) + NOTE: not-for-us (PHPBB Knowledgebase Mod) +CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...) + NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian + - xine-lib 1.0.1-1 +CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) + - nasm 0.98.38-1.2 +CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) + - phpbb2 2.0.13+1-6 +CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) + NOTE: not-for-us (HP-UX) +CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...) + NOTE: not-for-us (Cisco) +CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...) + NOTE: not-for-us (Cisco) +CAN-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) + NOTE: not-for-us (Cisco) +CAN-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" ...) + NOTE: not-for-us (Commercial SSH) +CAN-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...) + NOTE: not-for-us (Commercial SSH) +CAN-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...) + NOTE: not-for-us (Commercial SSH) +CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...) + NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol +CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...) + - phpbb2 2.0.6c-1 +CAN-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...) + - phpbb2 2.0.6c-1 +CAN-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...) + NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol +CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...) + NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol +CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...) + NOTE: not-for-us (phpSecurePages) +CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...) + NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn't seem + NOTE: to seed at all; my tests indicate it generates no dups in + NOTE: some 100000 passwords. +CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...) + NOTE: not-for-us (VanDyke SecureCRT) +CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...) + NOTE: not-for-us (SurfControl SuperScout) +CAN-2001-1464 (Crystal Reports, when displaying data for a password protected ...) + NOTE: not-for-us (Crystal Reports) +CAN-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...) + NOTE: not-for-us (RhinoSoft Serv-U) +CAN-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...) + NOTE: not-for-us (RSA Security SecurID) +CAN-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...) + NOTE: not-for-us (RSA Security SecurID) +CAN-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...) + NOTE: not-for-us (PostNuke) +CAN-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...) + - openssh 3.0.1p1-1 +CAN-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...) + NOTE: not-for-us (Novell Groupwise) +CAN-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...) + NOTE: not-for-us (CrazyWWWBoard) +CAN-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...) + NOTE: not-for-us (Gauntlet Firewall) +CAN-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...) + NOTE: not-for-us (Netegrity SiteMinder) +CAN-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...) + - mysql-dfsg 3.23.33-1 +CAN-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...) + - mysql-dfsg 3.23.33-1 +CAN-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...) + NOTE: not-for-us (Windows) +CAN-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...) + NOTE: not-for-us (Windows) +CAN-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...) + NOTE: not-for-us (Windows) +CAN-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...) + NOTE: not-for-us (Mandrake specific packaging flaw) +CAN-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...) + NOTE: not-for-us (Magic eDeveloper) +CAN-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...) + NOTE: not-for-us (Windows) +CAN-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...) + NOTE: not-for-us (MacOS X) +CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...) + NOTE: not-for-us (Lotus Domino) +CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...) + NOTE: Generic protocol flaw +CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...) + NOTE: Generic protocol flaw +CAN-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...) + - inn2 2.3.3+20020922-1 + - innfeed 0.10.1.7-7 +CAN-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...) + NOTE: not-for-us (VisualAge for Java) +CAN-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...) + NOTE: not-for-us (AIX) +CAN-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...) + NOTE: not-for-us (HP-UX) +CAN-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...) + NOTE: not-for-us (Handspring Visor) +CAN-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...) + NOTE: not-for-us (easyScripts easyNews) +CAN-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...) + NOTE: not-for-us (Dallas Semiconductor iButton DS1991) +CAN-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...) + NOTE: not-for-us (Tru64 UNIX) +CAN-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...) + NOTE: not-for-us (IOS) +CAN-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...) + NOTE: not-for-us (Quikstore Shopping Cart) +CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...) + NOTE: not-for-us (AIX) +CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) + - lpr 0.48-1 +CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...) + - lpr 0.48-1 +CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...) + - gcc-3.3 3.3.4-1 +CAN-2000-1218 (The default configuration for the domain name resolver for Microsoft ...) + NOTE: not-for-us (Windows) +CAN-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...) + NOTE: not-for-us (Windows) +CAN-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...) + NOTE: not-for-us (AIX) +CAN-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...) + NOTE: not-for-us (Lotus Domino) +CAN-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...) + NOTE: not-for-us (AIX) +CAN-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...) + NOTE: not-for-us (Cisco PIX) +CAN-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...) + NOTE: not-for-us (Windows) +CAN-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...) + NOTE: not-for-us (Sun's sendmail) +CAN-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...) + NOTE: not-for-us (Windows) +CAN-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...) + NOTE: not-for-us (Windows) +CAN-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...) + NOTE: not-for-us (Windows) +CAN-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...) + NOTE: not-for-us (Acrobat Reader) +CAN-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...) + NOTE: not-for-us (Kodak/Wang tools for IE) +CAN-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...) + NOTE: not-for-us (AIX) +CAN-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) ...) + NOTE: not-for-us (HP-UX) +CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...) + NOTE: not-for-us (Windows) +CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (WebcamXP) +CAN-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...) + NOTE: not-for-us (WebcamXP) +CAN-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...) + NOTE: not-for-us (ComersusCart) +CAN-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...) + NOTE: not-for-us (WinHex) +CAN-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...) + NOTE: not-for-us (Musicmatch) +CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...) + NOTE: not-for-us (Musicmatch) +CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...) + NOTE: This looks rather obscure -jmm + TODO: check +CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...) + NOTE: not-for-us (mvnForum) +CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...) + NOTE: not-for-us (iSeries OS) +CAN-2005-1181 (PHP remote code injection vulnerability in loader.php for Ariadne CMS ...) + NOTE: not-for-us (Ariadne CMS) +CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...) + NOTE: not-for-us (Xerox) +CAN-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...) + NOTE: not-for-us (Oracle) +CAN-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...) + NOTE: According to maintainer posting in debian-release this does only affect 1.190 + NOTE: and not the version in Sarge +CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) + NOTE: not-for-us (AIX) +CAN-2005-1175 + NOTE: reserved +CAN-2005-1174 + NOTE: reserved +CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...) + NOTE: not-for-us (Oracle) +CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...) + NOTE: not-for-us (PMSoftware Simple Web Server) +CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...) + NOTE: not-for-us (Coppermine Photo Gallery) +CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...) + NOTE: not-for-us (moddb phpbb2 add-on) +CAN-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...) + NOTE: not-for-us (moddb phpbb2 add-on) +CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...) + NOTE: not-for-us (Mafia Blog) +CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...) + NOTE: not-for-us (Musicmatch) +CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...) + NOTE: not-for-us (Musicmatch) +CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...) + NOTE: not-for-us (Dameware) +CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Yager game) +CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Yager game) +CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...) + NOTE: not-for-us (Yager game) +CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...) + NOTE: not-for-us (OneWorldStore) +CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...) + NOTE: not-for-us (OneWorldStore) +CAN-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1159 (The native implementations of InstallTrigger and other functions in ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow ...) + - mozilla-firefox 1.0.3-1 +CAN-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...) + - mozilla-firefox 1.0.3-1 + - mozilla 1.7.7-1 +CAN-2005-1152 [Qpopper can be forced to create group or world writable files] + {DSA-728-1} + - qpopper 4.0.5-4sarge1 +CAN-2005-1151 [Insufficient privilege drop in qpopper] + {DSA-728-1} + - qpopper 4.0.5-4sarge1 +CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) + NOTE: not-for-us (Sun Java) +CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...) + NOTE: not-for-us (ACNews) +CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...) + NOTE: not-for-us (CalenderScript) +CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...) + NOTE: not-for-us (CalenderScript) +CAN-2005-1146 (** DISPUTED ** ...) + NOTE: not-for-us (CalenderScript) +CAN-2005-1145 (** DISPUTED ** ...) + NOTE: not-for-us (CalenderScript) +CAN-2005-1144 (popup.php in EasyPHPCalendar allows remote attackers to obtain ...) + NOTE: not-for-us (EasyPHPCalender) +CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...) + NOTE: not-for-us (EasyPHPCalender) +CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...) + - gocr 0.39-5 +CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) + - gocr 0.39-5 +CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...) + NOTE: not-for-us (MyBloggie) +CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...) + NOTE: not-for-us (Opera) +CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...) + NOTE: not-for-us (Kerio) +CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...) + NOTE: not-for-us (sphpBlog) +CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...) + NOTE: not-for-us (sphpBlog) +CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) + NOTE: not-for-us (sphpBlog) +CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) + NOTE: not-for-us (Serendipity) +CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) + NOTE: not-for-us (AS/400 system software) +CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...) + NOTE: not-for-us (LG mobile phone) +CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) + NOTE: not-for-us (Veritas Focalpoint Server) +CAN-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) + NOTE: not-for-us (PinnacleCart) +CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...) + - egroupware 1.0.0.007-2.dfsg-1 +CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...) + NOTE: not-for-us (VHCS) +CAN-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...) + NOTE: not-for-us (Free BSD) +CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...) + NOTE: not-for-us (Free BSD) +CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...) + NOTE: Has been removed from Sarge + - libsafe (unfixed; bug #305070) +CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) + NOTE: not-for-us (Solaris) +CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) + NOTE: not-for-us (monkeyd) +CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...) + NOTE: not-for-us (monkeyd) +CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...) + {DSA-726-1} + NOTE: Not part of Sarge due to FTBFS on ia64 and alpha + - oops (unfixed; bug #307360) +CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) + - ilohamail (unfixed; bug #304525) +CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) + - sudo (unfixed; bug #283161) +CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) + NOTE: not-for-us (RSA authentication agent) +CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...) + NOTE: not-for-us (All4WWW Homepage creator) +CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) + NOTE: not-for-us (phpbb2 calendar addon) +CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) + NOTE: not-for-us (Photo Album) +CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...) + NOTE: not-for-us (Photo Album) +CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) + NOTE: not-for-us (PhpBB Plus) +CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) + NOTE: not-for-us (IBM Websphere) +CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) + - cpio (unfixed; bug #305372) +CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) + NOTE: not-for-us (Sumus web server) +CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) + {DSA-713-1} + NOTE: only part of Woody, has been removed from Sarge and sid + NOTE: not-for-us (Junkbuster) + NOTE: checked privoxy, is not vulnerable +CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...) + {DSA-713-1} + NOTE: only part of Woody, has been removed from Sarge and sid + NOTE: not-for-us (Junkbuster) + NOTE: checked privoxy, is not vulnerable +CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...) + NOTE: not-for-us (McAfee) +CAN-2005-XXXX [Remote DoS vulnerabilities in postgrey] + - postgrey 1.21-1 +CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) + NOTE: not-for-us (Windows) +CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) + NOTE: api vulnerablity + - libgnumail-java (unfixed; bug #304712) +CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) + NOTE: not-for-us (Centra) +CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) + NOTE: not-for-us (Sygate Secure Enterprise) +CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + NOTE: Upstream developers don't consider this an issue, see bug #304468 +CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) + NOTE: not-for-us (Lotus Domino Server) +CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) + - postfix-gld 1.5-1 +CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) + - postfix-gld 1.5-1 +CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) + NOTE: not-for-us (GetDataBack for NTFS (Windows)) +CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) + NOTE: not-for-us (Rebrand P2P Share Spy) +CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...) + NOTE: not-for-us (Ocean12 Membership Manager Pro) +CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...) + NOTE: not-for-us (Ocean12 Membership Manager Pro) +CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...) + NOTE: not-for-us (FTP Now) +CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...) + NOTE: not-for-us (Miranda IM) +CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...) + NOTE: not-for-us (DeluxeFTP) +CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...) + NOTE: not-for-us (Maxthon) +CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...) + NOTE: not-for-us (Maxthon) +CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...) + NOTE: not-for-us (DC++) +CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...) + NOTE: not-for-us (DameWare NT Utilities and Mini Remote Control) +CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...) + NOTE: not-for-us (AN HTTPD) +CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...) + NOTE: not-for-us (AN HTTPD) +CAN-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...) + NOTE: not-for-us (aeDating) +CAN-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...) + NOTE: not-for-us (aeDating) +CAN-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...) + NOTE: not-for-us (aeDating) +CAN-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...) + NOTE: not-for-us (AtDGDatingPlatinum) +CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...) + NOTE: not-for-us (AtDGDatingPlatinum) +CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...) + NOTE: not-for-us (JAR in J2SE SDK) + TODO: check jar extractors in Debian just to be safe +CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...) + NOTE: not-for-us (zOOm Media Gallery) +CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...) + NOTE: not-for-us (XAMPP Apache distribution specific issue) +CAN-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...) + NOTE: not-for-us (XAMPP Apache distribution specific issue) +CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...) + NOTE: not-for-us (WebCT) +CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...) + NOTE: not-for-us (RadScripts RadBids Gold) +CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...) + NOTE: not-for-us (RadScripts RadBids Gold) +CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...) + NOTE: not-for-us (RadScripts RadBids Gold) +CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...) + NOTE: not-for-us (PunBB) +CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...) + NOTE: not-for-us (JPortal) +CAN-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...) + NOTE: not-for-us (sCssBoard) +CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...) + NOTE: not-for-us (sCssBoard) +CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...) + NOTE: not-for-us (Access_user class) +CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...) + NOTE: the affected binary is not included in pine binary packages + NOTE: and the maintainer refuses to maintain code that is not + NOTE: see bug #304547 +CAN-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...) + NOTE: we do not seem to be vulnerable; /var/cache/fonts is not + NOTE: writiable by normal users in Debian, only by root. +CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...) + - rsnapshot 1.2.1-1 +CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) + NOTE: not-for-us (Kerio) +CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) + NOTE: not-for-us (Kerio) +CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...) + - logwatch 5.0-1 +CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...) + NOTE: not-for-us (Novell Netware) +CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...) + NOTE: not-for-us (Linksys WET11) +CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...) + NOTE: not-for-us (Cisco) +CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...) + NOTE: not-for-us (Cisco) +CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...) + NOTE: not-for-us (HP OpenView Network Node Manager) +CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...) + NOTE: not-for-us (TowerBlog) +CAN-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...) + NOTE: not-for-us (ModernBill) +CAN-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) + NOTE: not-for-us (ModernBill) +CAN-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...) + NOTE: not-for-us (Microsoft) +CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...) + NOTE: not-for-us (PunBB) +CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...) + NOTE: not-for-us (PostNuke) +CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...) + NOTE: not-for-us (PunBB) +CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...) + {DSA-714-1} + - kdelibs 3.3.2-6 +CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...) + NOTE: not-for-us (OpenText) +CAN-2005-1044 + NOTE: rejected +CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...) + - php4 4.3.10-10 +CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...) + - php4 4.3.10-10 +CAN-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...) + - kernel-source-2.6.11 2.6.11-1 + - kernel-source-2.6.8 2.6.8-16 + NOTE: does not affect 2.4.27 per horms +CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) + NOTE: Debian is not affected; see bug # 310833 +CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) + - coreutils (unfixed; bug #304556) +CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) + NOTE: long fixed in Debian's cron +CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) + NOTE: not-for-us (AIX) +CAN-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...) + NOTE: not-for-us (FreeBSD) +CAN-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...) + - pavuk 0.9.32-1 +CAN-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (SurgeFTP) +CAN-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (CubeCart) +CAN-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...) + NOTE: not-for-us (LiteCommerce) +CAN-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...) + NOTE: not-for-us (exoops) +CAN-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...) + NOTE: not-for-us (Active Auction House) +CAN-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...) + NOTE: not-for-us (Active Auction House) +CAN-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...) + NOTE: not-for-us (SnailSource phpBB mod) +CAN-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...) + NOTE: not-for-us (IBM) +CAN-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...) + NOTE: not-for-us (ColdFusion) +CAN-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...) + NOTE: not-for-us (IOS) +CAN-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...) + NOTE: not-for-us (IOS) +CAN-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...) + NOTE: not-for-us (Aeon) +CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...) + NOTE: not-for-us (CA ArcServe Backup) +CAN-2005-XXXX [Some security issues in mod_security] + NOTE: I don't understand mod_security fully, so I'm not entirely sure which of + NOTE: the changelog entries matches the security criteria, but the changelog + NOTE: claims so. + - libapache-mod-security 1.8.7-1 +CAN-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] + NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix + - imms 2.0.3-1 +CAN-2005-XXXX [Multiple non-descript problems in PHP4] + NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the + NOTE: details before July 12th. The security fixes are accompanied by dozens of + NOTE: non-security bugfixes, so it's not obvious from the diff either. +CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] + - smarty 2.6.9-1 +CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] + - obexftp 0.10.7-3 +CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...) + NOTE: not-for-us (MaxWebPortal) +CAN-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...) + NOTE: not-for-us (MailEnable) +CAN-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...) + NOTE: not-for-us (MailEnable) +CAN-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...) + NOTE: not-for-us (MailEnable) +CAN-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...) + NOTE: not-for-us (SiteEnable) +CAN-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...) + NOTE: not-for-us (SiteEnable) +CAN-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...) + NOTE: not-for-us (ComersusCart) +CAN-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...) + NOTE: not-for-us (NetVault) +CAN-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...) + NOTE: not-for-us (XM Forum) +CAN-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...) + NOTE: not-for-us (CommuniGate Pro) +CAN-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...) + NOTE: not-for-us (SonicWALL) +CAN-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...) + NOTE: not-for-us (PayProCart) +CAN-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...) + NOTE: not-for-us (PayProCart) +CAN-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...) + NOTE: not-for-us (PayProCart) +CAN-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...) + NOTE: not-for-us (LOG-FT File Transfer) +CAN-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...) + NOTE: not-for-us (ProductCart) +CAN-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...) + NOTE: not-for-us (ProductCart) +CAN-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...) + NOTE: not-for-us (SCO) +CAN-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) + - phpmyadmin 3:2.6.2-rc1-1 +CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...) + NOTE: not-for-us (AIX) +CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...) + - sharutils 4.2.1-13 +CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...) + - mozilla 1.7.7-1 + - mozilla-firefox 1.0.2-3 +CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a ...) + - gzip 1.3.5-10 + NOTE: Essentially the same as CAN-2005-0953 +CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) + NOTE: not-for-us (IRC Services NickServ) +CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...) + NOTE: not-for-us (Lotus Domino) +CAN-2005-0985 + NOTE: reserved +CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...) + NOTE: not-for-us (Star Wars game) +CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...) + NOTE: not-for-us (Quake 3 based games) +CAN-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...) + NOTE: not-for-us (Yet Another Forum.net) +CAN-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) + NOTE: not-for-us (Alstrasoft EPay) +CAN-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...) + NOTE: not-for-us (Alstrasoft EPay) +CAN-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...) + NOTE: not-for-us (Rumba) +CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...) + NOTE: not-for-us (IVT BlueSoleil) +CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...) + - kernel-source-2.6.8 2.6.8-16 +CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) + NOTE: not-for-us (Apple) +CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) + NOTE: not-for-us (Apple) +CAN-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...) + NOTE: not-for-us (Apple) +CAN-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...) + NOTE: not-for-us (Apple) +CAN-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...) + NOTE: not-for-us (Apple) +CAN-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...) + NOTE: not-for-us (Apple) +CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) + NOTE: not-for-us (Apple) +CAN-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...) + NOTE: not-for-us (Apple) +CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) + NOTE: not-for-us (CA eTrust IDS) +CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...) + - gaim 1.2.1-1 +CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] + NOTE: Was once part of Debian, but has been removed +CAN-2005-0966 gaim my be crashed remotely + - gaim 1:1.2.1-1 +CAN-2005-0965 gaim my be crashed remotely + - gaim 1:1.2.1-1 +CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...) + NOTE: not-for-us (Kerio firewall) +CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...) + NOTE: not-for-us (ACPI BIOS hardware issue) +CAN-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...) + NOTE: not-for-us (SquirrelCart) +CAN-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...) + - horde3 3.0.4-1 + - horde2 2.2.8-1 +CAN-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...) + NOTE: not-for-us (OpenBSD) +CAN-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...) + NOTE: not-for-us (YepYep mtftpd) +CAN-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...) + NOTE: not-for-us (YepYep mtftpd) +CAN-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...) + NOTE: not-for-us (BayTech RPC) +CAN-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...) + NOTE: not-for-us (InterAKT MX Kart) +CAN-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...) + NOTE: not-for-us (InterAKT MX Shop) +CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...) + NOTE: not-for-us (Windows) +CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) + {DSA-730-1} + - bzip2 1.0.2-6 + NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) + NOTE: attacker would have to exploit the minimal time span between uncompressing + NOTE: the file and chmodding it to delete the file and place a hardlink to another + NOTE: file of the "attacked" user. Additionally the attacker needs write permissions + NOTE: to the directory where the file is being uncompressed, ruling out /~ etc. +CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...) + NOTE: not-for-us (PafileDB) +CAN-2005-0951 + NOTE: rejected +CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...) + NOTE: not-for-us (FastStone 4in1 Browser) +CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...) + NOTE: not-for-us (PortalApp) +CAN-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...) + NOTE: not-for-us (PortalApp) +CAN-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...) + NOTE: not-for-us (phpCoin) +CAN-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...) + NOTE: not-for-us (phpCoin) +CAN-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...) + NOTE: not-for-us (ACS Blog) +CAN-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll), ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...) + NOTE: not-for-us (Cisco Hardware issue) +CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) + NOTE: not-for-us (Sybase ASE) +CAN-2005-0941 [OpenOffice.org heap possible overflow in DOC parsing] + - openoffice.org 1.1.3-9 +CAN-2005-0939 + NOTE: reserved +CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...) + NOTE: not-for-us (UBlog) +CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...) + - kernel-source-2.6.8 2.6.8-16 +CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] + - freeciv 2.0.1-1 +CAN-2005-XXXX [mailscanner: lock/pid file location symlink attack] + - mailscanner 4.40.11-1 +CAN-2005-XXXX [KDE Kopete ICQ remote DoS] + - kdenetwork 4:3.3.2-2 +CAN-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...) + NOTE: not-for-us (ESMI PayPal Storefront) +CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...) + NOTE: not-for-us (ESMI PayPal Storefront) +CAN-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...) + NOTE: not-for-us (WackoWiki) +CAN-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...) + NOTE: not-for-us (phpCOIN) +CAN-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...) + NOTE: not-for-us (phpCOIN) +CAN-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...) + NOTE: not-for-us (The Includer) +CAN-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...) + NOTE: not-for-us (Chatness) +CAN-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...) + NOTE: not-for-us (PhotoPost PHP Pro) +CAN-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) + NOTE: not-for-us (PhotoPost PHP Pro) +CAN-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...) + NOTE: not-for-us (WebAPP) +CAN-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...) + - sylpheed 1.0.4-1 + - sylpheed-claws 1.0.4-1 +CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...) + NOTE: not-for-us (Uapplication Ublog) +CAN-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...) + NOTE: not-for-us (Adventia E-Data) +CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...) + NOTE: not-for-us (Norton AntiVirus) +CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...) + NOTE: not-for-us (Norton AntiVirus) +CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...) + NOTE: not-for-us (Lotus) +CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...) + NOTE: not-for-us (Bugtracker.NET) +CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...) + NOTE: not-for-us (Adventia E-Data) +CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) + NOTE: not-for-us (Adobe SVG Viewer) +CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...) + NOTE: not-for-us (EncapsBB not in Debian) +CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) + - kernel-source-2.6.8 2.6.8-16 + NOTE: 2.4 doesn't seem to be vulnerable +CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...) + NOTE: not-for-us (Webmasters-Debutants WD Guestbook) +CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...) + NOTE: not-for-us (CPG Dragonfly) +CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...) + - smarty 2.6.8-1 +CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...) + NOTE: not-for-us (deplate) +CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...) + NOTE: not-for-us (exoops) +CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) + NOTE: not-for-us (exoops) +CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...) + NOTE: not-for-us (THai's Shoutbox) +CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) + NOTE: not-for-us (Valdersoft Shopping Cart) +CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) + NOTE: not-for-us (Valdersoft Shopping Cart) +CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...) + NOTE: not-for-us (Tincat network library) +CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) + NOTE: not-for-us (Maxthon) +CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...) + NOTE: not-for-us (QuickTime PictureViewer) +CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...) + NOTE: not-for-us (NukeBookmarks for php-nuke) +CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...) + NOTE: not-for-us (NukeBookmarks for php-nuke) +CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) + NOTE: not-for-us (NukeBookmarks for php-nuke) +CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...) + NOTE: not-for-us (AS/400 running OS400) +CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) + NOTE: not-for-us (E-Store Kit-2 PayPal Edition) +CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...) + NOTE: not-for-us (E-Store Kit-2 PayPal Edition) +CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) + NOTE: not-for-us (phpMyDirectory) +CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Netcomm 1300NB DSL Modem) +CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) + - openmosixview 1.5-7 +CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...) + - smail (unfixed; bug #301428) + NOTE: no patch known at this time. See also: CAN-2005-0892 +CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) + {DSA-722-1} + - smail 3.2.0.115-7 +CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) + NOTE: The description is wrong; 2.6 is affected as well + - gtk+2.0 2.6.4-1 + - gdk-pixbuf 0.22.0-7.1 +CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) + - sharutils 1:4.2.1-12 +CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) + - shar 1:4.2.1-11 +CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...) + NOTE: not-for-us (X-News) +CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...) + NOTE: not-for-us (Netscape Enterprise Server) +CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...) + NOTE: not-for-us (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server) +CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...) + - cryptcat 20031202-2 + NOTE: don't know when it was fixed, verified above version is ok +CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...) + - cgiemail 1.6-14 +CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) + NOTE: not-for-us (Verity Search97) +CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...) + - squirrelmail 1:1.2.3 +CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...) + - squirrelmail 1:1.2.3 +CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) + - squirrelmail 1:1.2.3 +CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) + - slash (unfixed; bug #160579) +CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) + NOTE: not-for-us (commercial ssh) +CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...) + NOTE: not-for-us (commercial ssh) +CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...) + NOTE: not-for-us (commercial ssh) +CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...) + NOTE: not-for-us (RealNetworks Helix Universal Server) +CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...) + - postgresql 7.2.3 +CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...) + NOTE: not-for-us (Oracle) +CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...) + NOTE: not-for-us (Oracle) +CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) + NOTE: not-for-us (Oracle) +CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...) + NOTE: not-for-us (Oracle) +CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...) + NOTE: not-for-us (Oracle) +CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) + NOTE: not-for-us (Oracle) +CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...) + NOTE: not-for-us (Oracle) +CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...) + NOTE: not-for-us (NetWare) +CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) + NOTE: not-for-us (QNX) +CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...) + NOTE: not-for-us (Oracle) +CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) + NOTE: not-for-us (Oracle) +CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...) + NOTE: not-for-us (Oracle) +CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) + NOTE: not-for-us (Multi-Tech ProxyServer) +CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...) + NOTE: not-for-us (Dream4 Koobi CMS) +CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) + NOTE: not-for-us (Dream4 Koobi CMS) +CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + NOTE: the hole was introduced in 0.9.4.3; I suppose that having + NOTE: this package be orphaned and not get updated for years from 0.9.2 + NOTE: is good for _something_ after all :-P +CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...) + - dcl 1:0.9.4.4-1 +CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) + NOTE: not-for-us (XMB Forum) +CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...) + NOTE: not-for-us (DigitalHive) +CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...) + NOTE: not-for-us (DigitalHive) +CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) + NOTE: not-for-us (BirdBlog) +CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...) + NOTE: not-for-us (Interspire ArticleLive) +CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...) + NOTE: not-for-us (Vortex Portal) +CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...) + NOTE: not-for-us (Vortex Portal) +CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) + NOTE: not-for-us (MercuryBoard) +CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...) + - dnsmasq 2.21 +CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) + - dnsmasq 2.21 +CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) + NOTE: not-for-us (Trillian plugin) +CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) + NOTE: not-for-us (Trillian plugin) +CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...) + NOTE: not-for-us (Oracle) +CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) + NOTE: not-for-us (Topic Calendar phpbb2 plugin) +CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) + NOTE: not-for-us (Topic Calendar phpbb2 plugin) +CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) + {DSA-724-1} + - phpsysinfo 2.3-3 +CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) + NOTE: phpsysinfo maintainer does not consider path disclosure to + NOTE: be a bug. See bug #301118. +CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) + NOTE: checked tn5250, apparently the only AS/400 emulator in debian + NOTE: cannot find STRPCO or STRPCCMD in tn5250. +CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) + NOTE: According to Horms from the Debian kernel team 2.6.8 and 2.6.11 are not + NOTE: affected, 2.4 doesn't include sysfs anyway, see 306137 +CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) + - cdrtools 2.01+01a01-4 +CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...) + NOTE: not-for-us (Scalable OGo (SOGo)) +CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...) + NOTE: not-for-us (Mike Spice Mike's Vote CGI) +CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) + NOTE: not-for-us (Mike Spice Quiz CGI) +CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) + NOTE: not-for-us (Mike Spice My Calendar) +CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) + NOTE: fixed in macromedia flash shortly after discovery 3 years ago + NOTE: did not check the other flash players in debian for this +CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...) + NOTE: not-for-us (Lotus Domino +CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...) + NOTE: not-for-us (General protocol flaw, cannot be fixed) +CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...) + NOTE: not-for-us (AIX) +CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) + NOTE: not-for-us (AIX) +CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...) + NOTE: not-for-us (AIX) +CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...) + NOTE: not-for-us (AIX) +CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) + NOTE: not-for-us (Samsung ADSL modems) +CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) + NOTE: not-for-us (Samsung ASDL modems, Debian's boa has been fixed years ago) +CAN-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) + NOTE: not-for-us (PHPOpenChat) +CAN-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...) + NOTE: not-for-us (PHPOpenChat) +CAN-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) + NOTE: not-for-us (Delegate not in Debian) +CAN-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...) + NOTE: not-for-us (TRG News Script) +CAN-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...) + NOTE: not-for-us (CzarNews) +CAN-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) + NOTE: not-for-us (CoolForum) +CAN-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...) + NOTE: not-for-us (CoolForum) +CAN-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) + NOTE: not-for-us (CoolForum) +CAN-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...) + NOTE: not-for-us (CoolForum) +CAN-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...) + NOTE: not-for-us (betaparticle blog) +CAN-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...) + NOTE: not-for-us (betaparticle blog) +CAN-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...) + NOTE: not-for-us (Microsoft Windows) +CAN-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...) + NOTE: not-for-us (FileZilla FTP server) +CAN-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...) + NOTE: not-for-us (FileZilla FTP server) +CAN-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) + NOTE: not-for-us (Multiple commercial games by FUN Labs) +CAN-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) + NOTE: not-for-us (Multiple commercial games by FUN Labs) +CAN-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Code Ocean FTP Server) +CAN-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...) + NOTE: not-for-us (HP-UX) +CAN-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) + NOTE: not-for-us (GoAhead Web Server) +CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) + NOTE: HAVE_BRAILLE not set in binary build +CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) + NOTE: not-for-us (SurgeMail) +CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) + NOTE: not-for-us (SurgeMail) +CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...) + NOTE: not-for-us (Nortel Contivity) +CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) + NOTE: not-for-us (Phorum) +CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) + NOTE: not-for-us (Kayako eSupport) +CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) + NOTE: not-for-us (phpmyfamily) +CAN-2005-0840 + NOTE: rejected +CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) + - kernel-source-2.6.8 2.6.8-16 +CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) + - icecast2 (unfixed; bug #301368) +CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) + - icecast2 (unfixed; bug #301368) +CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) + NOTE: not-for-us (Java Web Start for proprietary Sun Java) +CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) + NOTE: not-for-us (Belkin 54G router) +CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) + NOTE: not-for-us (Belkin 54G router) +CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) + NOTE: not-for-us (Belkin 54G router) +CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) + NOTE: not-for-us (PHP-Post) +CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) + NOTE: not-for-us (PHP-Post) +CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) + NOTE: not-for-us (Xzabite DynDNS Updater) +CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) + NOTE: not-for-us (PHP-Fusion Addon) +CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) + NOTE: not-for-us (e-Xoops based products) +CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) + NOTE: not-for-us (e-Xoops based products) +CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (OllyDbg MS Windows debugger) +CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) + - ltris 1.0.6-1.1 +CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) + - mathopd 1.5p5-1 +CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...) + NOTE: not-for-us (Cherokee not in Debian) +CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...) + NOTE: not-for-us (Cherokee not in Debian) +CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) + NOTE: not-for-us (Nokia Firewall appliances) +CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) + NOTE: not-for-us (Cayman DSL router) +CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) + NOTE: I could track this down to this posting + NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html + NOTE: This looks very obscure an does not contain useful information on how this + NOTE: was triggered and even then it's not a problem, as mcedit usage does not + NOTE: have a remote impact and is not suid +CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) + NOTE: not-for-us (IPC@CHIP Embedded web server) +CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) + NOTE: not-for-us (ColdFusion) +CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) + NOTE: not-for-us (Alcatel Speed Touch) +CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...) + NOTE: not-for-us (Alcatel Speed Touch) +CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) + NOTE: not-for-us (Alcatel Speed Touch) +CAN-2005-XXXX [Various /tmp related security issues in cernlib] + - cernlib 2004.11.04-3 +CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...) + NOTE: not-for-us (iSnooker) +CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...) + NOTE: not-for-us (Citrix) +CAN-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...) + NOTE: not-for-us (Citrix) +CAN-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...) + NOTE: not-for-us (MS Office) +CAN-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...) + NOTE: not-for-us (Novell Netware) +CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) + NOTE: not-for-us (Pun BB) +CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...) + NOTE: not-for-us (Symantec Gateway) +CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) + NOTE: not-for-us (Solaris) +CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...) + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-10 +CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) + {DSA-717-1} + - lsh-utils 2.0.1-1 +CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...) + NOTE: not-for-us (ir) +CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) + NOTE: not-for-us (NotifyLink) +CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) + NOTE: not-for-us (NotifyLink) +CAN-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...) + NOTE: not-for-us (NotifyLink) +CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...) + NOTE: not-for-us (NotifyLink) +CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/) +CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) + NOTE: not-for-us (Cain & Abel) +CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) + - evolution 2.0.4-2 + - evolution-data-server1.2 1.2.2-1 +CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...) + NOTE: not-for-us (Subdreamer) +CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) + NOTE: not-for-us (MailEnable) +CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...) + NOTE: not-for-us (Windows) +CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) + NOTE: not-for-us (ACS Blog) +CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) + NOTE: not-for-us (The Includer) +CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...) + NOTE: not-for-us (mcNews) +CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) + NOTE: not-for-us (MySQL on Windows) +CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) + NOTE: not-for-us (Novell iChain) +CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...) + NOTE: not-for-us (Novell iChain) +CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...) + NOTE: not-for-us (Hola CMS) +CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) + NOTE: not-for-us (Hola CMS) +CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) + NOTE: not-for-us (ZPanel not in Debian) +CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...) + NOTE: not-for-us (ZPanel not in Debian) +CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) + NOTE: not-for-us (ZPanel not in Debian) +CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...) + NOTE: not-for-us (phpAdsNew not in Debian) +CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (phpAdsNew not in Debian) +CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...) + NOTE: not-for-us (SimpGB not in Debian) +CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...) + NOTE: not-for-us (YaBB not in Debian) +CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...) + NOTE: not-for-us (Phorum not in Debian) +CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...) + NOTE: not-for-us (Phorum not in Debian) +CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...) + NOTE: not-for-us (paFileDB not in Debian) +CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) + NOTE: not-for-us (paFileDB not in Debian) +CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (paFileDB not in Debian) +CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...) + NOTE: not-for-us (PlatinumFTP not in Debian) +CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0773 + NOTE: reserved +CAN-2005-0772 + NOTE: reserved +CAN-2005-0771 + NOTE: reserved +CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) + NOTE: not-for-us (IDA Pro) +CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) + NOTE: not-for-us (GoodTech Telnet Server) +CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...) + - kernel-source-2.6.8 2.6.8-15 +CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...) + - ethereal 0.10.10-1 +CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) + - ethereal 0.10.10-1 +CAN-2005-0764 [Buffer overflow with overly long escape sequences in rxvt-unicode] + - rxvt-unicode 5.3-1 +CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...) + {DSA-698-1} +CAN-2005-0762 [imagemagick SGI heap overflow allows arbitrary code execution] + {DSA-702-1} + - imagemagick 5:6.0.0-1 + NOTE: Does only affect imagemagick releases prior to 6 +CAN-2005-0761 [imagemagick crafted PSD DoS] + - imagemagick 5:6.0.2.5 +CAN-2005-0760 [imagemagick malformed TIFF crash DoS] + {DSA-702-1} + - imagemagick 5:6.0.0-1 + NOTE: Does only affect imagemagick releases prior to 6 +CAN-2005-0759 [imagemagick invalid TIFF tag DoS] + {DSA-702-1} + - imagemagick 5:6.0.0-1 + NOTE: Does only affect imagemagick releases prior to 6 +CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) + NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 + - gzip 1.3.5-10 +CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) + - kernel-source-2.4.27 (unfixed; bug #311164) +CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64] + NOTE: reserved + - kernel-source-2.6.8 (unfixed) +CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) + - helix-player 1.0.4-1 +CAN-2005-0754 [Untrusted code execution in Kommander] + - kdewebdev 3.3.2-6 +CAN-2005-0753 [Buffer overflow and several memory access problems in CVS] + - cvs 1.12.9-13 +CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] + - mozilla-firefox 1.0.3-1 +CAN-2005-0751 + NOTE: rejected +CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root] + - kernel-source-2.4.27-10 + - kernel-source-2.6.8 2.6.8-16 +CAN-2005-0749 [Linux kernel DoS vulnerability in elf_load_library()] + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-10 +CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...) + NOTE: not-for-us (ActiveCampaign KnowledgeBuilder) +CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...) + NOTE: not-for-us (Adobe PhotoDeluxe) +CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...) + NOTE: not-for-us (Advanced Poll not in Debian) +CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...) + NOTE: not-for-us (WinVNC) +CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...) + NOTE: not-for-us + NOTE: Debian's nvi recover script is very different +CAN-2005-XXXX [Connection related DoS possibility in OmniORB 4] + - omniorb4 4.0.5-2 +CAN-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...) + NOTE: not-for-us (not part of Woody, has been removed from sarge/sid) +CAN-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...) + NOTE: not-for-us (Limewire has been removed from Sarge and sid, was never part of stable) +CAN-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...) + - wine 0.0.20050310-1.1 +CAN-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...) + - openslp 1.0.11a-2 +CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...) + NOTE: not-for-us (WEBInsta) +CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (ApplyYourself) +CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...) + NOTE: not-for-us (Novell iChain) +CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...) + NOTE: not-for-us (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor) +CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...) + NOTE: not-for-us (Novell iChain) +CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...) + NOTE: not-for-us (XOOPS) +CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) + NOTE: not-for-us (Sun Java System Application Server) +CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...) + NOTE: not-for-us (YaBB) +CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...) + NOTE: not-for-us (OpenBSD) +CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...) + {DSA-718-1} + - ethereal 0.9.10 +CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...) + NOTE: not-for-us (Yahoo Messenger) +CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...) + NOTE: 2.6 through .11 + NOTE: There is no epoll in 2.4 + - kernel-source-2.6.8 2.6.8-14 +CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...) + NOTE: not-for-us (newsscript) +CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOTE: not-for-us (PY Software Active Webcam WebServer) +CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOTE: not-for-us (PY Software Active Webcam WebServer) +CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOTE: not-for-us (PY Software Active Webcam WebServer) +CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOTE: not-for-us (PY Software Active Webcam WebServer) +CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) + NOTE: not-for-us (PY Software Active Webcam WebServer) +CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...) + NOTE: not-for-us (Xpand Rally) +CAN-2005-0728 + NOTE: rejected +CAN-2005-0727 + NOTE: rejected +CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...) + NOTE: not-for-us (UBB.threads) +CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...) + NOTE: not-for-us (wfsections) +CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (paFileDB) +CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...) + NOTE: not-for-us (paFileDB) +CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...) + NOTE: not-for-us (eXPerience2) +CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...) + NOTE: not-for-us (eXPerience2) +CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...) + NOTE: not-for-us (mcNews) +CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...) + NOTE: not-for-us (Tru64) +CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...) + - squid 2.5.8 +CAN-2005-0717 + NOTE: reserved +CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) + NOTE: not-for-us (Mac OS) +CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...) + NOTE: not-for-us (Mac OS) +CAN-2005-0714 + NOTE: rejected +CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...) + NOTE: not-for-us (Mac OS) +CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...) + NOTE: not-for-us (Mac OS) +CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...) + {DSA-707-1} + - mysql-dfsg 4.0.24 + - mysql-dfsg-4.1 4.1.10a +CAN-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) + {DSA-707-1} + - mysql-dfsg 4.0.24 + - mysql-dfsg-4.1 4.1.10a +CAN-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) + {DSA-707-1} + - mysql-dfsg 4.0.24 + - mysql-dfsg-4.1 4.1.10a +CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...) + NOTE: not-for-us (FreeBSD) +CAN-2003-1130 + NOTE: rejected +CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...) + NOTE: not-for-us (Yahoo Audio Conferencing ActiveX control) +CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) + NOTE: not-for-us (X2 XMMS Remote +CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) + NOTE: not-for-us (e-Gap) +CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) + NOTE: not-for-us (SunOne/iPlanet) +CAN-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...) + NOTE: not-for-us (SunOne) +CAN-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) + NOTE: not-for-us (Sun Management Center) +CAN-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) + NOTE: not-for-us (Sun JRE) +CAN-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...) + NOTE: not-for-us (ScriptLogic) +CAN-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) + NOTE: not-for-us (ScriptLogic) +CAN-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) + NOTE: not-for-us (SSH Tectia Server) +CAN-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...) + NOTE: does not affect openssh +CAN-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) + - setiathome 3.04 +CAN-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) + NOTE: not-for-us (RealSystem Server) +CAN-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) + NOTE: not-for-us (Oracle E-Business Suite) +CAN-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...) + NOTE: not-for-us (Nortel Networks Succession Communication Server) +CAN-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...) + NOTE: not-for-us (Mediatrix Telecom VoIP Access Devices and Gateways) +CAN-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...) + NOTE: not-for-us (IPTel SIP Express Router) +CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...) + NOTE: not-for-us (Ingate Firewall and Ingate SIParator) +CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...) + NOTE: not-for-us (dynamicsoft) +CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...) + NOTE: not-for-us (Columbia SIP User Agent) +CAN-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) + NOTE: not-for-us (Cisco) +CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...) + NOTE: not-for-us (Alcatel) +CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) + NOTE: not-for-us (Microsoft +CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...) + NOTE: not-for-us (Microsoft +CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...) + NOTE: not-for-us (MSIE) +CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...) + NOTE: not-for-us (IBM Tivoli Firewall Toolbox) +CAN-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) + NOTE: not-for-us (Hummingbird CyberDOCS) +CAN-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...) + NOTE: not-for-us (Hummingbird CyberDOCS) +CAN-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...) + NOTE: not-for-us (Hummingbird CyberDOCS) +CAN-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...) + NOTE: not-for-us (Hummingbird CyberDOCS) +CAN-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...) + NOTE: not-for-us (shar on HP-UX) +CAN-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) + NOTE: not-for-us (HP-UX)) +CAN-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) + NOTE: not-for-us (HP-UX)) +CAN-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...) + NOTE: not-for-us (Mike Spice's My Classifieds) +CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) + - dansgardian 2.4.5-1 +CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...) + NOTE: not-for-us (Computer Associates MLink +CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) + NOTE: not-for-us (Cisco) +CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...) + NOTE: not-for-us (Cisco) +CAN-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...) + NOTE: not-for-us (Cisco) +CAN-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...) + NOTE: our pwck and grpck do not overflow and are not suid +CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...) + - apache2 2.0.42 +CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...) + - apache2 2.0.36 +CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) + NOTE: not-for-us (AIM in MSIE) +CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...) + NOTE: not-for-us (Ipswitch Collaboration Suite) +CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) + NOTE: Sarge version does not install the module with the vulnerable code + - gnome-vfs2 2.10.1-4 + - grip 3.2.0-4 + - libcdaudio 0.99.9-2.1 + - gnome-vfs 1.0.5-5.1 +CAN-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...) + - ethereal 0.10.10-1 +CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...) + - ethereal 0.10.10-1 +CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...) + NOTE: not-for-us (not our cpanel) +CAN-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...) + NOTE: not-for-us (not our cpanel) +CAN-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...) + NOTE: not-for-us (Symantec Brightmail AntiSpam) +CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...) + NOTE: not-for-us (Solaris) +CAN-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...) + NOTE: not-for-us (NetScreen-Security Manager) +CAN-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...) + NOTE: only seems to affect 1.7.4, not the newer branch in debian +CAN-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...) + NOTE: not-for-us (HP-UX) +CAN-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...) + NOTE: not-for-us (hsrun.exe) +CAN-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...) + NOTE: not-for-us (F-Secure Anti-Virus) +CAN-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...) + - ethereal 0.10.3 +CAN-2004-1760 (The default installation of Cisco IBM Director agent does not require ...) + NOTE: not-for-us (Cisco) +CAN-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...) + NOTE: not-for-us (Cisco) +CAN-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...) + NOTE: not-for-us (Cisco) +CAN-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) + - file 3.4.1 +CAN-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...) + NOTE: not-for-us (Apple QuickTime/Darwin Streaming Server) +CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...) + NOTE: not-for-us (AbsoluteTelnet) +CAN-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...) + NOTE: not-for-us (Xerox MicroServer Web Server) +CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...) + NOTE: not-for-us (phpMyFAQ) +CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...) + NOTE: not-for-us (Oracle) +CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...) + NOTE: not-for-us (Aztek) +CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...) + - ethereal 0.10.9-2 +CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...) + NOTE: not-for-us (PHPWebLog) +CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...) + NOTE: not-for-us (CopperExport) +CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...) + NOTE: not-for-us (ArGoSoft) +CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...) + NOTE: not-for-us (Hosting Controller) +CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...) + NOTE: not-for-us (Hosting Controller) +CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...) + NOTE: not-for-us (JoWood Chaser (for Windows)) +CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x allows ...) + NOTE: not-for-us (PHP-Fusion not in Debian) +CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...) + NOTE: not-for-us (SocialMPN not in Debian) +CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) + NOTE: not-for-us (Gene6 FTP Server for Win) +CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...) + NOTE: not-for-us (The Includer not in Debian) +CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...) + NOTE: not-for-us (Windows) +CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...) + NOTE: hashcash 1.13 (which is in Debian) is not vulnerable + NOTE: hashcash 1.17 is also ok +CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...) + - mlterm 2.9.2 + NOTE: see bug #298621, was stalled in NEW, now accepted +CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...) + NOTE: not-for-us (OutStart Participate Enterprise) +CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...) + - maxdb-7.5.00 7.5.00.24-3 +CAN-2005-0683 + NOTE: rejected +CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...) + - drupal 4.5.2 +CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Nokia) +CAN-2005-0680 (PHP remote code injection vulnerability in ...) + NOTE: not-for-us (Download Center Lite not in Debian) +CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...) + NOTE: not-for-us (Tell A Friend Script not in Debian) +CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...) + NOTE: not-for-us (Form Mail Script not in Debian) +CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) + NOTE: not-for-us (Zorum not in Debian) +CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...) + NOTE: not-for-us (Zorum not in Debian) +CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...) + NOTE: not-for-us (Zorum not in Debian) +CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) + NOTE: not-for-us (Pabox for PHPNuke not in Debian) +CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...) + - phpbb2 2.0.13-2 +CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...) + NOTE: not-for-us (Ca3DE) +CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...) + NOTE: not-for-us (Ca3DE) +CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...) + NOTE: not-for-us (phpCOIN) +CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...) + NOTE: not-for-us (phpCOIN) +CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...) + NOTE: not-for-us (HAVP) +CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...) + - sylpheed 1.0.3-1 + - sylpheed-claws 1.0.3-1 +CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...) + - kernel-patch-adamantix 1.7 +CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...) + NOTE: not-for-us (XV) +CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...) + {DSA-709-1} + - libexif 0.6.9-5 +CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...) + NOTE: not-for-us (Mercury Board) +CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...) + NOTE: not-for-us (Mercury Board) +CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...) + NOTE: not-for-us (Woltlab Burning Board) +CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...) + NOTE: not-for-us (D-Forum) +CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...) + NOTE: This is not a security issue as the installation path is known. +CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) + NOTE: not-for-us (Typo3) +CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...) + NOTE: not-for-us (Computalynx CProxy) +CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...) + NOTE: not-for-us (auraCMS) +CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (auraCMS) +CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...) + NOTE: this is not a security issue according to maintainer +CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...) + - phpmyadmin 3:2.6.1-pl3-1 +CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...) + NOTE: not-for-us (OpenVMS) +CAN-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...) + NOTE: not-for-us (ProjectBB) +CAN-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...) + NOTE: not-for-us (ProjectBB) +CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...) + NOTE: not-for-us (Pixel-Apes SafeHTML) +CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...) + NOTE: not-for-us (Pixel-Apes SafeHTML) +CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...) + NOTE: not-for-us (paNews) +CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...) + NOTE: not-for-us (paNews) +CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...) + NOTE: not-for-us (CuteNews) +CAN-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) + NOTE: not-for-us (McAfee Virus Scanners) +CAN-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) + NOTE: not-for-us (McAfee Virus Scanners) +CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...) + NOTE: not-for-us (Computer Associates UAM) +CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) + NOTE: not-for-us (Computer Associates UAM) +CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) + NOTE: not-for-us (Computer Associates UAM) +CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) + {DSA-695-1 DSA-694-1} + - xloadimage 4.1-14.2 + - xli 1.17.0-17 +CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) + {DSA-695-1 DSA-694-1} + - xli 1.17.0-18 + - xloadimage 4.1-14.1 +CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...) + NOTE: not-for-us (OpenBSD) +CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) + NOTE: not-for-us (Foxmail) +CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...) + NOTE: not-for-us (Foxmail) +CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...) + NOTE: not-for-us (Golden FTP Server) +CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) + NOTE: not-for-us (Trillian) +CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews 1.2.4 ...) + NOTE: not-for-us (PHPNews) +CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...) + NOTE: not-for-us (PBLang) +CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...) + NOTE: not-for-us (PBLang) +CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) + NOTE: not-for-us (427BB) +CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...) + NOTE: not-for-us (Forumwa) +CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...) + NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since + NOTE: Martin Loschwitz maintain it. +CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...) + NOTE: not-for-us (Symantec DNSd) +CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) + NOTE: not-for-us (Zorum not in Debian) +CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...) + NOTE: not-for-us (Zorum not in Debian) +CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...) + - squid 2.5.9-2 +CAN-2005-0940 + NOTE: rejected +CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) + - reportbug 3.8 +CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) + - reportbug 3.8 +CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) + NOTE: not-for-us (RaidenHTTPD) +CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) + NOTE: not-for-us (RaidenHTTPD) +CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Scrapland) +CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) + NOTE: not-for-us (Einstein) +CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) + NOTE: not-for-us (Einstein) +CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) + NOTE: not-for-us (Symantec Firewall/VPN Appliance 200/200R firmware) +CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) + NOTE: not-for-us (PostNuke) +CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...) + NOTE: not-for-us (PostNuke) +CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...) + NOTE: not-for-us (PostNuke) +CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) + - phpbb2 2.0.13-1 +CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) + NOTE: not-for-us (FCKeditor) +CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) + NOTE: not-for-us (Cisco) +CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) + NOTE: not-for-us (Real) +CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) + NOTE: not-for-us (FreeBSD portupgrade) +CAN-2005-0609 + NOTE: reserved +CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) + NOTE: not-for-us (Half Life WebMod) +CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) + NOTE: not-for-us (CubeCert) +CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...) + NOTE: not-for-us (CubeCert) +CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...) + {DSA-723-1} + NOTE: lesstif2 + - lesstif1-1 1:0.93.94-11.1 + NOTE: lesstif1 + - lesstif1-1 1:0.93.94-11.3 + - libxpm4 4.3.0.dfsg.1-13 + NOTE: openmotif is non-free + - openmotif 2.2.3-1.1 +CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) + NOTE: not-for-us (GFI Languard Network Security Scanner) +CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) + - phpbb2 2.0.13-1 +CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) + - unzip 5.52-1 + NOTE: um, tar does this too, not really considered a security hole +CAN-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOTE: not-for-us (Cisco) +CAN-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOTE: not-for-us (Cisco) +CAN-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOTE: not-for-us (Cisco) +CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) + NOTE: not-for-us (Real) +CAN-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) + NOTE: not-for-us (Cisco) +CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...) + NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037 + - php4 4.3.8-1 +CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...) + NOTE: not-for-us (BadBlue) +CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...) + NOTE: not-for-us (Apple) +CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 + - mozilla-thunderbird 1.0.2-1 +CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) + - mozilla-firefox 1.0.1 +CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...) + - mozilla-firefox 1.0.1 + - mozilla-thunderbird 1.0.2-1 +CAN-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...) + - mozilla-firefox 1.0.1 +CAN-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CAN-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) + NOTE: windows only +CAN-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CAN-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CAN-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...) + - mozilla-firefox 1.0.1 + - mozilla 2:1.7.6-1 +CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) + NOTE: not-for-us (Computer Associates (CA) License Client) +CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...) + NOTE: not-for-us (Computer Associates (CA) License Client) +CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...) + NOTE: not-for-us (Computer Associates (CA) License Client) +CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) + NOTE: not-for-us (cmd5checkpw) +CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) + NOTE: not-for-us (FreeNX) +CAN-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) + - mozilla-firefox 1.0.1-1 +CAN-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) + NOTE: not-for-us (MKBold-MKItalic) +CAN-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) + NOTE: not-for-us (STSF in Solaris) +CAN-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) + NOTE: not-for-us (Stormy Studios Knet) +CAN-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...) + NOTE: not-for-us (CIS Webserver) +CAN-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...) + NOTE: don't know if we are vulnerable, I've mailed maintainers -- Djoume + TODO: check +CAN-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) + NOTE: not-for-us (phpWebSite) +CAN-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...) + NOTE: not-for-us (PunBB) +CAN-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...) + NOTE: not-for-us (PunBB) +CAN-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...) + NOTE: not-for-us (PunBB) +CAN-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) + NOTE: not-for-us (Soldier of Fortune II) +CAN-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...) + - phpmyadmin 3:2.6.1-pl2-1 +CAN-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...) + NOTE: not-for-us (Golden FTP Server) +CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...) + NOTE: not-for-us (phpWebSite) +CAN-2005-0564 + NOTE: reserved +CAN-2005-0563 + NOTE: reserved +CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) + NOTE: not-for-us (MSN Messenger) +CAN-2005-0561 + NOTE: reserved +CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...) + NOTE: not-for-us (Exchange server) +CAN-2005-0559 + NOTE: reserved +CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...) + NOTE: not-for-us (Microsoft Word) +CAN-2005-0557 + NOTE: reserved +CAN-2005-0556 + NOTE: reserved +CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) + NOTE: not-for-us (MSIE) +CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...) + NOTE: not-for-us (MSIE) +CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...) + NOTE: not-for-us (MSIE) +CAN-2005-0552 + NOTE: reserved +CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) + NOTE: not-for-us (Solaris) +CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) + NOTE: not-for-us (Solaris) +CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) + NOTE: not-for-us (Apple Java plugin) +CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...) + NOTE: not-for-us (Gaucho) +CAN-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...) + NOTE: not-for-us (Ground Control II) +CAN-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (RealVNC) +CAN-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...) + NOTE: not-for-us (Attack Mitigator IPS 5500) +CAN-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...) + NOTE: not-for-us (NtRegmon) +CAN-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...) + NOTE: not-for-us (NetworkEverywhere NR041) +CAN-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...) + NOTE: not-for-us (PHP Code Snippet Library) +CAN-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...) + NOTE: not-for-us (Painkiller) +CAN-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...) + NOTE: not-for-us (ESF Webserver) +CAN-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...) + NOTE: not-for-us (ESF Webserver) +CAN-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...) + NOTE: not-for-us (WebAPP) +CAN-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) + NOTE: not-for-us (musicd) +CAN-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...) + NOTE: not-for-us (musicd) +CAN-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Bird Chat) +CAN-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...) + NOTE: not-for-us (JShop) +CAN-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...) + - cacti 0.8.5a-5 +CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) + - cacti 0.8.5a-5 +CAN-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) + - sympa (unfixed; bug #298105) +CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...) + - mantis 0.19.2-1 +CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) + NOTE: not-for-us (MyDMS) +CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...) + NOTE: not-for-us (MyDMS) +CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...) + - mantis 0.19.0-1 +CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...) + - mantis 0.19.0-1 +CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) + NOTE: not-for-us (Nihuo Web Log Analyzer) +CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) + NOTE: not-for-us (sarad) +CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (BadBlue) +CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...) + NOTE: not-for-us (XV) +CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...) + NOTE: not-for-us (XV) +CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) + NOTE: not-for-us (PHP-Fusion) +CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) + NOTE: not-for-us (PHP-Fusion) +CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...) + NOTE: not-for-us (Merak Webmail Server) +CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...) + NOTE: not-for-us (IPD) +CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...) + - gv 1:3.6.1-1 +CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) + NOTE: not-for-us (PForum) +CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) + NOTE: not-for-us (MIMEsweeper) +CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...) + NOTE: not-for-us (BlackICE PC Protection) +CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...) + NOTE: not-for-us (PRM on HP-UX) +CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...) + NOTE: not-for-us (TypePad) +CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) + - moodle 1.4-1 +CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) + NOTE: not-for-us (page.cgi) +CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) + NOTE: not-for-us (Datakey Rainbow iKey2032 USB token) +CAN-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Webbsyte) +CAN-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...) + NOTE: not-for-us (Oracle) +CAN-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...) + NOTE: not-for-us (U.S. Robotics wireless access point) +CAN-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) + NOTE: not-for-us (Citadel/UX) +CAN-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...) + NOTE: not-for-us (WpQuiz) +CAN-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) + NOTE: not-for-us (Fusion News) +CAN-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...) + NOTE: not-for-us (Lexar Safe Guard) +CAN-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) + NOTE: not-for-us (diagmond on HP-UX) +CAN-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...) + NOTE: not-for-us (ftpd on HP-UX) +CAN-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...) + - cyrus21-imapd 2.1.18-1 +CAN-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...) + NOTE: not-for-us (MS Office) +CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...) + - phpmyadmin 3:2.6.1-pl2-1 +CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...) + - phpmyadmin 3:2.6.1-pl2-1 +CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...) + NOTE: not-for-us (Cyclades AlterPath Manager) +CAN-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...) + NOTE: not-for-us (Cyclades AlterPath Manager) +CAN-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...) + NOTE: not-for-us (Cyclades AlterPath Manager) +CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) + NOTE: not-for-us (IBM) +CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...) + NOTE: not-for-us (ginp) +CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) + NOTE: not-for-us (iGeneric (iG) Shop) +CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) + NOTE: not-for-us (MediaWiki not yet in Debian) + TODO: track ITP: #217571 +CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...) + NOTE: not-for-us (MediaWiki not yet in Debian) + TODO: track ITP: #217571 +CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) + NOTE: not-for-us: (MediaWiki not yet in Debian) + TODO: track ITP: #217571 +CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...) + NOTE: not-for-us (Trend Micro AntiVirus) +CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) + - kernel-source-2.6.8 2.6.8-14 + NOTE: 2.4.27 seems to be unaffected +CAN-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...) + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.4.27 2.4.27-9 +CAN-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...) + - kernel-source-2.6.8 2.6.8-14 + NOTE: affects only 2.6 (see #296906) +CAN-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...) + - kernel-source-2.6.8 2.6.8-14 + NOTE: 2.4.27 seems to be unaffected +CAN-2005-0528 + NOTE: reserved +CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) + - mozilla-firefox 1.0.1 + NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. + - mozilla 2:1.7.6 +CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) + NOTE: not-for-us (PBLang) +CAN-2005-0525 [PHP DoS vulnerability in JPEG header parsing] + {DSA-729-1 DSA-708-1} + - php4 4:4.3.10-10 + - php3 3.0.18-31 +CAN-2005-0524 [PHP DoS vulnerability in IFF header parsing] + NOTE: php3 not affected + - php4 4:4.3.10-10 +CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) + {DSA-719-1} + - prozilla 1:1.3.7.4-1 +CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...) + NOTE: not-for-us (Chat Anywhere) +CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...) + NOTE: not-for-us (SendLink) +CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...) + NOTE: not-for-us (ArGoSoft) +CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...) + NOTE: not-for-us (ArGoSoft) +CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) + NOTE: not-for-us (eXeem) +CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...) + NOTE: not-for-us (PeerFTP) +CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...) + NOTE: not-for-us (ImageGalleryPlugin for Twiki) +CAN-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...) + NOTE: not-for-us (My Firewall Plus) +CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...) + NOTE: not-for-us (Verity Ultraseek) +CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...) + NOTE: not-for-us (pMachine) +CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...) + NOTE: not-for-us (Mambo) +CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...) + NOTE: not-for-us (vBulletin) +CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...) + NOTE: not-for-us (pMachine) +CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) + NOTE: not-for-us (fallback-reboot) +CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) + - mono (unfixed; bug #296659) + NOTE: default config of Mono not vulnerable + NOTE: Mono wont be in Sarge according to http://wiki.debian.net/?MonoDebianPlan +CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) + - batik 1.5.1-1 +CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) + NOTE: not-for-us (SD Server) +CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...) + NOTE: not-for-us (Avaya IP Office Phone Manager) +CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) + - irm 1.5.3.1-1 +CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) + - kernel-source-2.6.8 2.6.8-12 + - kernel-source-2.6.9 2.6.9-5 + - kernel-source-2.6.10 2.6.10-2 + - kernel-source-2.4.27 2.4.27-8 +CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...) + - uim 1:0.4.6beta2-1 +CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) + NOTE: not-for-us (Xinkaa) +CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...) + NOTE: not-for-us (Bontago) +CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) + NOTE: not-for-us (MSIE6) +CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...) + NOTE: not-for-us (Gigafast router) +CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...) + NOTE: not-for-us (Gigafast router) +CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...) + NOTE: not-for-us (ADP Elite System) +CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...) + NOTE: not-for-us (Arkeia Network Backup) +CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...) + NOTE: not-for-us (ZeroBoard) +CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...) + NOTE: not-for-us (Thomson TCW690 cable modem) +CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...) + NOTE: not-for-us (Biz Mail From) +CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...) + NOTE: not-for-us (Acrobat Reader) +CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...) + NOTE: not-for-us (Arkeia Server Backup) +CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...) + - curl 7.13.0-2 +CAN-2005-0489 + NOTE: reserved +CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...) + - cfengine2 2.1.8-1 +CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...) + - cfengine2 2.1.8-1 +CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...) + NOTE: not-for-us (Pinnacle ShowCenter) +CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...) + NOTE: not-for-us (Pinnacle ShowCenter) +CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...) + NOTE: not-for-us (PopMessenger) +CAN-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) + NOTE: not-for-u (Computer Associates Unicenter Management Portal) +CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) + NOTE: not-for-us (EmuLive Server4) +CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) + NOTE: not-for-us (EmuLive Server4) +CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...) + NOTE: not-for-us (Symantec) +CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...) + NOTE: not-for-us (Mambo) +CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...) + NOTE: not-for-us (Mambo) +CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...) + NOTE: not-for-us (DNS4Me) +CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...) + NOTE: not-for-us (DNS4Me) +CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...) + - sudo 1.6.8p3-1 +CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (Pigeon Server) +CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...) + NOTE: not-for-us (Snitz Forums) +CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...) + NOTE: not-for-us (MSIE) +CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...) + NOTE: not-for-us (SMC router) +CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...) + NOTE: not-for-us (Zyxel) +CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...) + NOTE: not-for-us (crrtrap) +CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...) + NOTE: not-for-us (QNX FTP) +CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...) + NOTE: not-for-us (QNX) +CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...) + NOTE: not-for-us (Pingtel Xpressa) +CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...) + NOTE: not-for-us (TwinFTP) +CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...) + NOTE: not-for-us (PerlDesk) +CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...) + NOTE: not-for-us (PerlDesk) +CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...) + NOTE: not-for-us (Serv-U FTP) +CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...) + NOTE: not-for-us (Merak Mail Server) +CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...) + NOTE: not-for-us (Subjects) +CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...) + NOTE: not-for-us (Halo Combat Evolved) +CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...) + NOTE: not-for-us (Trillian) +CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...) + NOTE: not-for-us (PsNews) +CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...) + NOTE: not-for-us (Call of Duty) +CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...) + NOTE: not-for-us (Engenio/LSI Logic storage controllers) +CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (YaBB) +CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...) + NOTE: not-for-us (MailWorks) +CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...) + NOTE: not-for-us (CuteNews) +CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...) + NOTE: not-for-us (CuteNews) +CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...) + NOTE: not-for-us (Kerio Personal Firewall) +CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...) + NOTE: not-for-us (DasBlog) +CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...) + NOTE: not-for-us (Comersus Shopping Cart) +CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...) + NOTE: not-for-us (phpWebsite) +CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...) + NOTE: not-for-us (phpWebsite) +CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...) + NOTE: not-for-us (Documented SSH protocol behaviour, cannot be fixed) + NOTE: See bug #296547 for details +CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...) + NOTE: not-for-us (phpScheduleIt) +CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...) + NOTE: not-for-us (phpScheduleIt) +CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...) + NOTE: not-for-us (D-Link DCS-900) +CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...) + NOTE: not-for-us (Msinfo32.exe) +CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...) + NOTE: not-for-us (Password Protect) +CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...) + NOTE: not-for-us (Password Protect) +CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...) + NOTE: not-for-us (Xedus) +CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...) + NOTE: not-for-us (Xedus) +CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...) + NOTE: not-for-us (Xedus) +CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...) + NOTE: not-for-us (WS_FTP) +CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...) + NOTE: not-for-us (WS_FTP) +CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...) + NOTE: not-for-us (Titan) +CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...) + NOTE: not-for-us (XOOPS) +CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) + NOTE: not-for-us (Thomson cable modem) +CAN-2005-0488 + NOTE: reserved +CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) + NOTE: This is not a real security issue; it just describes the fact that the Gecko + NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks + NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed + NOTE: during transfer any user will cancel the transfer and if you load it from the + NOTE: hard disc, well than you have "DoSed" yourself, congratulations. + NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers + NOTE: generally try to make sense of anything even remotely resembling HTML. +CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) + NOTE: not-for-us (mailcarrier) +CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...) + NOTE: not-for-us (Hawking Technologies HAR11A modem/router) +CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...) + NOTE: not-for-us (WvTftp) +CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...) + NOTE: does not affect older 2.16.7 in sid. +CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...) + NOTE: does not affect older 2.16.7 in sid. +CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) + - bugzilla 2.16.7 +CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) + - moniwiki 1.0.9 +CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...) + NOTE: not-for-us (Open WorkFlow Engine) +CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...) + NOTE: not-for-us (Open WorkFlow Engine) +CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) + NOTE: not-for-us (Dwc_articles) +CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...) + - rssh 2.2.2 +CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) + NOTE: not-for-us (ability server) +CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...) + NOTE: not-for-us (ability server) +CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) + NOTE: not-for-us (pGina) +CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...) + NOTE: not-for-us (Carbon Copy) +CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...) + NOTE: not-for-us (UBB.threads) +CAN-2004-1621 (** DISPUTED ** ...) + NOTE: not-for-us (Lotus Notes) +CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...) + NOTE: not-for-us (Serendipity) +CAN-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...) + NOTE: not-for-us (Privateer's Bounty: Age of Sail II) +CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (Tonecast) +CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...) + NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there + - lynx (unfixed; bug #296340) +CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) + - links 0.99+1.00pre12-1 +CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) + NOTE: not-for-us (Opera) +CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...) + NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6 + NOTE: mozilla-browser 1.7.5-1 also ok +CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...) + NOTE: example page did not bother firefox 1.0+dfsg.1-6 + NOTE: mozilla-browser 1.7.5-1 also ok +CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...) + NOTE: not-for-us (SalesLogix) +CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...) + NOTE: not-for-us (not our cpanel) +CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...) + NOTE: not-for-us (not our cpanel) +CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...) + - proftpd 1.2.10-4 +CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) + NOTE: not-for-us (coolphp) +CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) + NOTE: not-for-us (CoolPHP) +CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...) + NOTE: not-for-us (CoolPHP) +CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...) + NOTE: not-for-us (Acrobat) +CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...) + NOTE: not-for-us (RIM Blackberry) +CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...) + NOTE: not-for-us (3COM router) +CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...) + NOTE: not-for-us (ShixxNote) +CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) + NOTE: not-for-us (FuseTalk) +CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) + NOTE: not-for-us (SCT email client) +CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...) + NOTE: not-for-us (ocPortal) +CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) + NOTE: not-for-us (Micronet Wireless Router) +CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) + NOTE: not-for-us (clientexec) +CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...) + NOTE: not-for-us (GoSmart) +CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...) + NOTE: not-for-us (GoSmart) +CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) + NOTE: not-for-us (Monolith Games) +CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...) + NOTE: not-for-us (Flash Messaging) +CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) + NOTE: not-for-us (Flash Messaging) +CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...) + - wordpress 1.2.1-1.1 +CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) + NOTE: not-for-us (FTP server in TriDComm) +CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...) + NOTE: not-for-us (BlackBoard) +CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) + NOTE: not-for-us (BlackBoard) +CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) + NOTE: not-for-us (CubeCart) +CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) + NOTE: not-for-us (CubeCart) +CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...) + NOTE: not-for-us (Invision Power Board) +CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...) + NOTE: not-for-us (phplinks) +CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...) + NOTE: not-for-us (Judge Dredd) +CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) + - xerces25 2.5.0-4 + - xerces24 2.4.0-4 + NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432) + NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466) +CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...) + NOTE: not-for-us (Vypress) +CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...) + NOTE: not-for-us (AJ-Fork) +CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) + NOTE: not-for-us (AJ-Fork) +CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) + NOTE: not-for-us (AJ-Fork) +CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...) + NOTE: not-for-us (bBlog) +CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...) + NOTE: not-for-us (dbPowerAmp) +CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) + NOTE: not-for-us (Parachat) +CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) + NOTE: not-for-us (Silent Storm Portal) +CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) + NOTE: not-for-us (Silent Storm Portal) +CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) + NOTE: not-for-us (w-Agora) +CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) + NOTE: not-for-us (w-Agora) +CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...) + NOTE: not-for-us (w-Agora) +CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) + NOTE: not-for-us (w-Agora) +CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...) + - icecast2 2.0.2.debian-1 +CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Microsoft SQL Server) +CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...) + - wordpress 1.2.2-1.1 +CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...) + NOTE: not-for-us (YahooPOPS) +CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...) + NOTE: not-for-us (MyWebServer) +CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (MyWebServer) +CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) + NOTE: not-for-us (BroadBoard Instant ASP Message Board) +CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...) + NOTE: not-for-us (@lex GuestBook) +CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) + NOTE: not-for-us (aspWebAlbum) +CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) + NOTE: not-for-us (aspWebCalendar) +CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...) + NOTE: not-for-us (PafileDB) +CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...) + NOTE: not-for-us (Motorola Router) +CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...) + NOTE: not-for-us (ActivePost) +CAN-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...) + NOTE: not-for-us (ActivePost) +CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) + NOTE: not-for-us (ActivePost) +CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...) + NOTE: not-for-us (MDaemon) +CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) + - moniwiki 1.0.9-4 +CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...) + NOTE: not-for-us (Kyako ESupport) +CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...) + NOTE: not-for-us (Tarantella Secure Global Desktop) +CAN-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...) + NOTE: not-for-us (paNews) +CAN-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) + NOTE: not-for-us (GProFTPD) +CAN-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...) + NOTE: not-for-us (Glftpd) +CAN-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) + NOTE: not-for-us (TrackerCam) +CAN-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) + NOTE: not-for-us (TrackerCam) +CAN-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...) + NOTE: not-for-us (TrackerCam) +CAN-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...) + NOTE: not-for-us (TrackerCam) +CAN-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...) + NOTE: not-for-us (TrackerCam) +CAN-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...) + NOTE: not-for-us (Invision Power Board) +CAN-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...) + NOTE: not-for-us (hpm_guestbook.cgi) +CAN-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...) + NOTE: not-for-us (paFAQ) +CAN-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...) + - webcalendar 0.9.45-3 +CAN-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...) + - gaim 1:1.1.3-1 +CAN-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...) + {DSA-716-1} + - gaim 1:1.1.3-1 +CAN-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...) + NOTE: not-for-us (SUN JRE) +CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...) + - wpasupplicant 0.3.8-1 +CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...) + {DSA-703-1 DSA-699-1 DSA-697-1} + - krb4 1.2.2-11.2 + - krb5 1.3.6-2 + - heimdal 0.6.3-10 +CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) + {DSA-731-1 DSA-731-1 DSA-703-1} + - krb5 1.3.6-2 + - krb4 1.2.2-11.2 + TODO: check netkit-telnet, netkit-telnet-ssl +CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...) + - putty 0.57-1 +CAN-2005-0466 + NOTE: reserved +CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...) + NOTE: not-for-us (SGI IRIX) +CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...) + NOTE: not-for-us (SGI IRIX) +CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) + - jspwiki 2.0.52-8 +CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) + NOTE: not-for-us (KorWeblog) +CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) + NOTE: not-for-us (Soldier of Fortune) +CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) + NOTE: not-for-us (SecureCRT) +CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) + NOTE: not-for-us (ZyXEL Routers) +CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) + NOTE: not-for-us (Halo: Combat Evolved) +CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) + NOTE: not-for-us (PHPKIT) +CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) + NOTE: not-for-us (PHPKIT) +CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) + NOTE: not-for-us (Invision Power Board) +CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...) + NOTE: not-for-us (Cash Mod module of phpbb2 not in Debian) +CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) + NOTE: not-for-us (ZoneAlarm) +CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) + NOTE: not-for-us (DMS POP3) +CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) + NOTE: not-for-us (AppServ) +CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) + NOTE: not-for-us (Invision Power Board) +CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) + NOTE: not-for-us (MSIE) +CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) + NOTE: not-for-us (Hired Team) +CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) + NOTE: not-for-us (Hired Team) +CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) + NOTE: not-for-us (Hired Team) +CAN-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) + NOTE: not-for-us (Hired Team) +CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) + NOTE: not-for-us (Army Men RTS) +CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) + NOTE: not-for-us (Eudora) +CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) + NOTE: not-for-us (IPSwitch IMail) +CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) + NOTE: not-for-us (phpBugTracker) +CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) + NOTE: not-for-us (Phorum) +CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) + NOTE: not-for-us (Zone Labs IMsecure) +CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) + NOTE: not-for-us (phpWebSite) +CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) + NOTE: not-for-us (vBulletin) +CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (04Webserver) +CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) + NOTE: not-for-us (04Webserver) +CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) + NOTE: not-for-us (04Webserver) +CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) + NOTE: not-for-us (Hotfoon) +CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) + - webcalendar 0.9.45-1 +CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) + - webcalendar 0.9.45-1 +CAN-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) + - webcalendar 0.9.45-1 +CAN-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) + - webcalendar 0.9.45-1 +CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) + - webcalendar 0.9.45-1 +CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) + NOTE: not-for-us (JAF) +CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) + NOTE: not-for-us (JAF) +CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) + NOTE: not-for-us (Sun JRE) +CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) + NOTE: not-for-us (602 Lan Suite) +CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) + NOTE: not-for-us (602 Lan Suite) +CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) + NOTE: not-for-us (Lithtech) +CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) + NOTE: not-for-us (HELM) +CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) + NOTE: not-for-us (HELM) +CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) + NOTE: not-for-us (Web Forums Server) +CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) + NOTE: not-for-us (Web Forums Server) +CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) + NOTE: not-for-us (WinRAR) +CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) + NOTE: not-for-us (XDICT) +CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) + NOTE: not-for-us (Master of Orion) +CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) + NOTE: not-for-us (Master of Orion) +CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) + NOTE: not-for-us (ulog-php) +CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) + NOTE: not-for-us (MercuryBoard) +CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...) + NOTE: not-for-us (NewsBruiser) +CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...) + NOTE: not-for-us (MercuryBoard) +CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...) + NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> : + NOTE: I think it is not a problem on Debian as far as everybody knows the full + NOTE: path of phpMyAdmin is /usr/share/phpmyadmin. +CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...) + NOTE: not-for-us (oscommerce) +CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...) + NOTE: not-for-us (Opera) +CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...) + NOTE: not-for-us (Opera) +CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...) + NOTE: not-for-us (Opera) +CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) + NOTE: not-for-us (Opera) +CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...) + NOTE: not-for-us (Opera) +CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) + NOTE: not-for-us (Real) +CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) + NOTE: not-for-us (DCP-Portal) +CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) + NOTE: not-for-us (Lighttpd) +CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Sami HTTP Server) +CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...) + NOTE: not-for-us (Sami HTTP Server) +CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) + NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html + NOTE: Seems to be stuck with the ABI bump / debian-installer problem + - kernel-source-2.6.8 (unfixed; bug #295949) +CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) + {DSA-696-1} + - perl 5.8.4-7 +CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...) + NOTE: not-for-us (Quake3) +CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Solaris) +CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...) + {DSA-688-1} + - squid 2.5.8-3 +CAN-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...) + NOTE: Not in testing, only sid + NOTE: Was once part of Debian, but has been removed +CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...) + NOTE: not-for-us (VMware) +CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...) + NOTE: not-for-us (CubeCart) +CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...) + NOTE: not-for-us (CubeCart) +CAN-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...) + NOTE: not-for-us (Sybase) +CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...) + - elog 2.5.7+r1558-1 +CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...) + - elog 2.5.7+r1558-1 +CAN-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...) + - awstats 6.3-1 +CAN-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...) + - awstats 6.3-1 +CAN-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...) + - awstats 6.3-1 +CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...) + - awstats 6.3-1 +CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...) + NOTE: not-for-us (Barracuda Spam Firewall) +CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...) + NOTE: not-for-us (vBulletin) +CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) + - pdns 2.9.16-6 +CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...) + - webmin 1.180-1 +CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...) + NOTE: not-for-us (Solaris) +CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...) + NOTE: not-for-us (Websphere) +CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...) + NOTE: not-for-us (ASPjar Guestbook) +CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...) + NOTE: not-for-us (ASPjar Guestbook) +CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...) + NOTE: not-for-us (DelphiTurk) +CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...) + NOTE: not-for-us (DelphiTurk) +CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...) + NOTE: not-for-us (3com) +CAN-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) + NOTE: not-for-us (Sun Java) +CAN-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...) + NOTE: not-for-us (IBM DB2) +CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) + NOTE: not-for-us (Windows) +CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...) + NOTE: not-for-us (Emdros) +CAN-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...) + NOTE: not-for-us (MercuryBoard) +CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...) + NOTE: not-for-us (MyPHP Forum) +CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...) + NOTE: not-for-us (Spidean PostWrap) +CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) + NOTE: not-for-us (CitrusDB) +CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...) + NOTE: not-for-us (CitrusDB) +CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...) + NOTE: not-for-us (CitrusDB) +CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) + NOTE: not-for-us (CitrusDB) +CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) + NOTE: not-for-us (Openconf) +CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) + TODO: check all softwares that modifies JPEG images in Debian... + - imagemagick (unfixed; bug #298051) +CAN-2005-0405 + NOTE: reserved +CAN-2005-0404 [information leak in kmail] + NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html + NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 + NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html + NOTE: see http://secunia.com/advisories/14925 + NOTE: kde maintainers informed of it by security team + - kmail (unfixed; bug #305601) +CAN-2005-0403 + NOTE: reserved +CAN-2005-0402 [Arbitrary code execution from Firefox sidebar panel] + - mozilla-firefox 1.0.2-1 +CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox] + - mozilla-firefox 1.0.2-1 + - mozilla-thunderbird 1.0.2-1 +CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak] + - kernel-source-2.4.27 2.4.27-10 + - kernel-source-2.6.8 2.6.8-16 +CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Mozilla] + - mozilla-firefox 1.0.2-1 + - mozilla-thunderbird 1.0.2-1 +CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...) + - racoon 1:0.5-5 +CAN-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...) + {DSA-702-1} + - imagemagick 6:6.0.6.2-2.2 +CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...) + NOTE: fix in -4 was broken + - kdelibs 3.3.2-6 +CAN-2005-0395 + NOTE: rejected +CAN-2005-0394 + NOTE: reserved +CAN-2005-0393 + NOTE: reserved +CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...) + {DSA-725-1} +CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) + {DSA-712-1} +CAN-2005-0390 [axel buffer overflow in HTTP redirection handling in conn.c] + {DSA-706-1} + - axel 1.0b-1 +CAN-2005-0389 + NOTE: rejected +CAN-2005-0388 [Improper IP number validity checking in remstats permits arbitrary command execution] + {DSA-704-1} + - remstats 1.0.13a-5 +CAN-2005-0387 [Symlink attack in unix-status-server.pl of remstats] + {DSA-704-1} + - remstats 1.0.13a-5 +CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) + {DSA-700-1} +CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...) + {DSA-693-1} +CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...) + - kernel-source-2.6.8 2.6.8-15 + - kernel-source-2.4.27 2.4.27-9 +CAN-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...) + - wget 1.9.1-11 +CAN-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...) + - wget 1.9.1-11 +CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...) + NOTE: not-for-us (Trend Micro Control Manager) +CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Breed game) +CAN-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...) + NOTE: not-for-us (forumKIT) +CAN-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...) + NOTE: not-for-us (ZeroBoard) +CAN-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...) + NOTE: not-for-us (ZeroBoard) +CAN-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...) + NOTE: horde 2.0 not vulnerable +CAN-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) + NOTE: not-for-us (sgallery) +CAN-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...) + NOTE: not-for-us (sgallery) +CAN-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...) + NOTE: not-for-us (sgallery) +CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...) + NOTE: not-for-us (bitboard) +CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...) + NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details + NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there + NOTE: cyrus-sasl2 already has patch applied + NOTE: cyrus-sasl code seems too old for any of the problems to apply +CAN-2005-0372 (Directory traversal vulnerability in gftp 2.0.18 and earlier for GTK+ ...) + {DSA-686-1} +CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) + - armagetron (unfixed; bug #296840) +CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) + - armagetron 0.2.7.0-1 +CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) + - armagetron 0.2.7.0-1 +CAN-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...) + NOTE: not-for-us (CMScore) +CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...) + NOTE: not-for-us (ArGoSoft Mail Server) +CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...) + - gnupg 1.4.1-1 + NOTE: vorlon approved new upstream release to testing +CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...) + NOTE: not-for-us (bind on hp-ux) +CAN-2005-0361 + NOTE: reserved +CAN-2005-0360 + NOTE: reserved +CAN-2005-0359 + NOTE: reserved +CAN-2005-0358 + NOTE: reserved +CAN-2005-0357 + NOTE: reserved +CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) + - kernel-source-2.6.8 (unfixed; bug #310804) + TODO: 2.4? +CAN-2005-0355 + NOTE: reserved +CAN-2005-0354 + NOTE: reserved +CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...) + NOTE: not-for-us (Sentinel License Manager) +CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...) + NOTE: not-for-us (Servers Alive) +CAN-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...) + NOTE: not-for-us (SCO OpenServer) +CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...) + NOTE: not-for-us (F-Secure Anti-Virus) +CAN-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...) + NOTE: not-for-us (BrightStor ARCserve Backup) +CAN-2004-9999 + NOTE: rejected +CAN-2004-9998 + NOTE: rejected +CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...) + NOTE: not-for-us (Serviceguard and Cluster Object Manager on HP-UX, HP Linux) +CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...) + NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped + NOTE: atftp checks h_length + NOTE: netkit-tftp not vulnerable + - tftpd-hpa (unfixed; bug #295297) +CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...) + - socat 1.4.0.3-1 +CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) + NOTE: not-for-us (Symantec Clientless VPN Gateway 4400 Series) +CAN-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...) + NOTE: not-for-us (BNC irc proxy) +CAN-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...) + NOTE: not-for-us (Real) +CAN-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...) + NOTE: not-for-us (HP StorageWorks Command View XP) +CAN-2004-1479 + NOTE: rejected +CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...) + NOTE: not-for-us (JRun) +CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) + NOTE: not-for-us (JRun) +CAN-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...) + - xine-lib 1-rc6 + - libcdio 0.69 +CAN-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...) + - xine-lib 1-rc6 +CAN-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) + NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances) +CAN-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) + NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances) +CAN-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) + NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances) +CAN-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...) + - cvs 1.12.9 +CAN-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...) + NOTE: not-for-us (snipsnap) +CAN-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...) + NOTE: not-for-us (SUS) +CAN-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...) + - webmin 1.160 + - usermin 1.090 +CAN-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...) + - egroupware 1.0.00.004 +CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...) + - gallery 1.4.4-pl2 +CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...) + NOTE: not-for-us (WinZip) +CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (Cisco) +CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) + - moin 1.2.3-1 +CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...) + - moin 1.2.3-1 +CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...) + NOTE: not-for-us (Cisco) +CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...) + NOTE: not-for-us (Cisco) +CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...) + NOTE: not-for-us (Cisco) +CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...) + NOTE: not-for-us (Cisco) +CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...) + NOTE: not-for-us (Novell) +CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...) + - cvstrac 1.1.4-1 +CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...) + - xine-lib 1-rc5-1.1 +CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) + NOTE: not-for-us (Cisco) +CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...) + NOTE: according to GOTO Masanori this is not a security problem + NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210 +CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...) + NOTE: not-for-us (Gentoo specific) +CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...) + NOTE: mozilla 2:1.6-1 +CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) + - mozilla 2:1.7.1-1 +CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...) + - mozilla 2:1.7-1 +CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...) + NOTE: not-for-us (Jetbox One) +CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...) + NOTE: not-for-us (Jetbox One) +CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...) + NOTE: not-for-us (ScreenOS) +CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...) + - nessus-core 2.0.12-1 +CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) + - roundup 0.7.3-1 +CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) + - imp3 3.2.5-1 +CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) + NOTE: not-for-us (db2www not in Debian) +CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...) + NOTE: not-for-us (Board Power) +CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...) + - putty 0.56-1 +CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...) + NOTE: not-for-us (BlackJumboDog) +CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...) + - subversion 1.0.6-1 +CAN-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...) + - pavuk 0.9pl28-3.1 +CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...) + NOTE: not-for-us (Cisco) +CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOTE: not-for-us (Cisco) +CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOTE: not-for-us (Cisco) +CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOTE: not-for-us (Cisco) +CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) + NOTE: not-for-us (Cisco) +CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) + NOTE: not-for-us (FormMail.php != nms-formmail) +CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...) + NOTE: not-for-us (Arcade.php) +CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...) + NOTE: not-for-us (ArGoSoft) +CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) + NOTE: not-for-us (ArGoSoft) +CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...) + NOTE: not-for-us (KorWeblog) +CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) + NOTE: not-for-us (KorWeblog) +CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) + - moodle 1.4.3-1 +CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) + - moodle 1.4.3-1 +CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...) + NOTE: not-for-us (PHP-Calendar) +CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) + NOTE: not-for-us (WHM AutoPilot) +CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...) + NOTE: not-for-us (WHM AutoPilot) +CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) + NOTE: not-for-us (WHM AutoPilot) +CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...) + NOTE: not-for-us (ZeroBoard) +CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) + NOTE: not-for-us (WPKontakt) +CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...) + NOTE: not-for-us (PsychoStats) +CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...) + NOTE: not-for-us (RealOne IE plugin) +CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...) + NOTE: not-for-us (2Bgal) +CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...) + NOTE: not-for-us (Kayako) +CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) + NOTE: not-for-us (Kayako) +CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...) + NOTE: not-for-us (Image Gallery Web Application) +CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...) + NOTE: not-for-us (Image Gallery Web Application) +CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...) + NOTE: not-for-us (Image Gallery Web Application) +CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) + NOTE: not-for-us (Ikonboard) +CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) + NOTE: not-for-us (MediaWiki) +CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) + NOTE: not-for-us (Attachment Mod for phpBB) +CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...) + NOTE: not-for-us (GNUBoard) +CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) + NOTE: not-for-us (iWebNegar) +CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...) + NOTE: not-for-us (Asp-rider) +CAN-2004-1400 (The control panel in ASP Calendar does not require authentication to ...) + NOTE: not-for-us (ASP Calendar) +CAN-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) + NOTE: not-for-us (Attachment Mod for phpBB) +CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...) + NOTE: not-for-us (MacOSX) +CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...) + - usemod-wiki 1.0-6 +CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...) + NOTE: not-for-us (Winamp) +CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) + NOTE: not-for-us (Lithtech engine) +CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) + - monit 1:4.2.1-1 +CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...) + - monit 1:4.2.1-1 +CAN-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...) + - kdelibs 4:3.3.2-2 +CAN-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...) + {DSA-682-1} + - awstats 6.2-1.2 +CAN-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...) + - awstats 6.2-1.2 + NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff + NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf +CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...) + NOTE: not-for-us (Woltlab Burning Book) +CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...) + NOTE: not-for-us (RealArcade) +CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...) + NOTE: not-for-us (RealArcade) +CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) + NOTE: not-for-us (SafeNet) +CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...) + NOTE: not-for-us (php-fusion) +CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...) + NOTE: not-for-us (602LAN SUITE) +CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) + NOTE: not-for-us (PerlDesk) +CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...) + NOTE: not-for-us (Apple) +CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...) + NOTE: not-for-us (Apple) +CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...) + NOTE: not-for-us (Apple) +CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...) + NOTE: not-for-us (Foxmail) +CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...) + NOTE: not-for-us (Savant Web Server) +CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...) + - postfix 2.1.4-5 +CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...) + NOTE: not-for-us (eMotion MediaPartner) +CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...) + NOTE: not-for-us (eMotion MediaPartner) +CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) + NOTE: not-for-us (Linksys) +CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...) + NOTE: not-for-us (LanChat) +CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...) + NOTE: not-for-us (DeskNow Mail server) +CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) + NOTE: not-for-us (Winrar) +CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...) + NOTE: not-for-us (Painkiller) +CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) + NOTE: not-for-us (ZipGenius) +CAN-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...) + NOTE: not-for-us (Netgear) +CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...) + NOTE: not-for-us (PafileDB) +CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) + NOTE: not-for-us (PafileDB) +CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...) + NOTE: not-for-us (Xpand Rally) +CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...) + NOTE: not-for-us (Infinite Mobile Delivery Webmail) +CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...) + NOTE: not-for-us (Infinite Mobile Delivery Webmail) +CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...) + NOTE: not-for-us (Merak Mail server) +CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...) + NOTE: not-for-us (Merak Mail server) +CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...) + NOTE: not-for-us (Merak Mail server) +CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...) + NOTE: not-for-us (Webadmin) +CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...) + NOTE: not-for-us (Webadmin) +CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...) + NOTE: not-for-us (Webadmin) +CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) + NOTE: not-for-us (WebWasher) +CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) + NOTE: not-for-us (Magic Winmail) +CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) + NOTE: not-for-us (Magic Winmail) +CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...) + NOTE: not-for-us (Magic Winmail) +CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...) + NOTE: not-for-us (WarFTPD under NT) +CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) + NOTE: not-for-us (Ingate) +CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) + NOTE: not-for-us (Exponent) +CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) + NOTE: not-for-us (Exponent) +CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...) + NOTE: not-for-us (W32Dasm) +CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + NOTE: not-for-us (MercuryBoard) +CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...) + NOTE: not-for-us (MercuryBoard) +CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...) + NOTE: not-for-us (Siteman) +CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...) + NOTE: not-for-us (DivX Player) +CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + NOTE: not-for-us (BackOffice Lite) +CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) + NOTE: not-for-us (BackOffice Lite) +CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...) + NOTE: not-for-us (BackOffice Lite) +CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) + - jsboard 2.0.10-1 +CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...) + - gforge 3.1-26 +CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...) + NOTE: not-for-us (Oracle) +CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...) + NOTE: not-for-us (Oracle) +CAN-2005-0296 (** DISPUTED ** ...) + NOTE: not-for-us (Novell) +CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...) + NOTE: not-for-us (nProtect) +CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Minis) +CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...) + NOTE: not-for-us (Minis) +CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...) + NOTE: not-for-us (phpGiftReg) +CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) + NOTE: not-for-us (NetGear) +CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...) + NOTE: not-for-us (NetGear) +CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...) + NOTE: not-for-us (Apple) +CAN-2005-0288 (The change password functionality in Bottomline Webseries Payment ...) + NOTE: not-for-us (BottomLine WebSeries) +CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...) + NOTE: not-for-us (BottomLine WebSeries) +CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) + NOTE: not-for-us (eMotion MediaPartner) +CAN-2005-0285 (Webseries Payment Application does not properly restrict privileged ...) + NOTE: not-for-us (BottomLine WebSeries) +CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) + NOTE: not-for-us (QwikiWiki) +CAN-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) + NOTE: not-for-us (MyBB) +CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) + NOTE: not-for-us (Soldner Secret) +CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...) + NOTE: not-for-us (Soldner Secret) +CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...) + NOTE: not-for-us (Soldner Secret) +CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) + NOTE: not-for-us (3COM 3CDaemon) +CAN-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...) + NOTE: not-for-us (3COM 3CDaemon) +CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...) + NOTE: not-for-us (3COM 3CDaemon) +CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) + NOTE: not-for-us (3COM 3CDaemon) +CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) + NOTE: not-for-us (PhotoPost) +CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...) + NOTE: not-for-us (ReviewPost) +CAN-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...) + NOTE: not-for-us (ReviewPost) +CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) + NOTE: not-for-us (ReviewPost) +CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...) + NOTE: not-for-us (GNUBoard) +CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...) + NOTE: not-for-us (FlatNuke) +CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) + NOTE: not-for-us (SugerCRM) +CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...) + NOTE: not-for-us (OWL intranet) +CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...) + NOTE: not-for-us (OWL intranet) +CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...) + NOTE: not-for-us (AIX) +CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...) + NOTE: not-for-us (AIX) +CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...) + NOTE: not-for-us (AIX) +CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...) + NOTE: not-for-us (ARCserve Backup) +CAN-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...) + - phpbb2 2.0.12-1 +CAN-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...) + - phpbb2 2.0.12-1 +CAN-2005-0257 + NOTE: reserved +CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...) + {DSA-705-1} + - wu-ftpd 2.6.2-19 +CAN-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...) + - mozilla-firefox 1.0.1 + NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. + - mozilla 2:1.7.6 +CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) + NOTE: not-for-us (BibORB) +CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) + NOTE: not-for-us (BibORB) +CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...) + NOTE: not-for-us (BibORB) +CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...) + NOTE: not-for-us (BibORB) +CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...) + NOTE: not-for-us (AIX) +CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...) + NOTE: not-for-us (Symantec AntiVirus Library) +CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...) + NOTE: not-for-us (Solaris) +CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...) + {DSA-683-1} + - postgresql 7.4.7-2 +CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...) + - postgresql 7.4.7-1 +CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...) + {DSA-683-1} + - postgresql 7.4.7-1 +CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) + - postgresql 7.4.7-1 +CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) + NOTE: not-for-us (Yahoo! Messenger) +CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) + NOTE: not-for-us (Yahoo! Messenger) +CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) + - squid 2.5.7-7 +CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...) + NOTE: not-for-us (Solaris) +CAN-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...) + NOTE: not-for-us (Solaris) +CAN-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) + NOTE: not-for-us (Solaris) +CAN-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) + NOTE: not-for-us (Solaris) +CAN-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...) + NOTE: not-for-us (Solaris) +CAN-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...) + NOTE: not-for-us (Solaris) +CAN-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...) + NOTE: not-for-us (Solaris) +CAN-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...) + NOTE: not-for-us (Solaris) +CAN-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) + NOTE: not-for-us (Solaris) +CAN-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...) + NOTE: not-for-us (Solaris) +CAN-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...) + NOTE: not-for-us (Solaris) +CAN-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...) + NOTE: not-for-us (Solaris) +CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...) + NOTE: not-for-us (Solaris) +CAN-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...) + NOTE: not-for-us (Solaris) +CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...) + NOTE: not-for-us (Solaris) +CAN-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) + NOTE: not-for-us (Solaris) +CAN-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) + NOTE: not-for-us (Solaris) +CAN-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...) + NOTE: not-for-us (Solaris) +CAN-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) + NOTE: not-for-us (Solaris) +CAN-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...) + NOTE: not-for-us (Solaris) +CAN-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) + NOTE: not-for-us (Solaris) +CAN-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...) + NOTE: not-for-us (Solaris) +CAN-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) + NOTE: not-for-us (Solaris) +CAN-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) + NOTE: not-for-us (Solaris) +CAN-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...) + NOTE: not-for-us (Solaris) +CAN-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...) + NOTE: not-for-us (Solaris) +CAN-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) + NOTE: not-for-us (Solaris) +CAN-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...) + NOTE: not-for-us (Solaris) +CAN-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...) + NOTE: not-for-us (Solaris) +CAN-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...) + NOTE: not-for-us (Solaris) +CAN-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...) + NOTE: not-for-us (Solaris) +CAN-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...) + NOTE: not-for-us (Solaris) +CAN-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) + NOTE: not-for-us (Mailtool for OpenWindows) +CAN-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...) + NOTE: not-for-us (Solaris) +CAN-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...) + NOTE: not-for-us (Solaris) +CAN-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...) + NOTE: not-for-us (Solaris) +CAN-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...) + NOTE: not-for-us (Solaris) +CAN-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...) + NOTE: not-for-us (Solaris) +CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) + NOTE: not-for-us (AIX) +CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) + NOTE: not-for-us (S/MIME plugin not in Debian) +CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) + NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381 + - epiphany-browser 1.4.8-2 +CAN-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...) + - kdelibs 4:3.3.2-3 +CAN-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...) + NOTE: not-for-us (Omniweb) +CAN-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...) + NOTE: not-for-us (Opera) +CAN-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...) + NOTE: not-for-us (Safari) +CAN-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...) + NOTE: IDN is now disabled by default in firefox, but there may be a more elegant + NOTE: solution in the future + - mozilla-firefox 1.0.1-1 + - mozilla 2:1.7.6-1 +CAN-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...) + - mozilla-firefox 1.0+dfsg.1-6 +CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) + - mozilla-firefox 1.0+dfsg.1-6 +CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) + NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link + NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers + NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser + NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF + NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet. + NOTE: not-for-us (Firefox on Windows) +CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) + NOTE: not-for-us (CitrusDB) +CAN-2005-0228 + NOTE: rejected +CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...) + {DSA-668-1} +CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...) + NOTE: not-for-us (ngIRCd) +CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...) + - firehol 1.214-4 +CAN-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...) + NOTE: not-for-us (HP-UX) +CAN-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...) + NOTE: not-for-us (Java SDK and RTE for Tru64 UNIX) +CAN-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...) + - gallery 1.4.4-pl5-1 +CAN-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...) + - gallery 1.4.4-pl5-1 +CAN-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...) + - gallery 1.4.4-pl5-1 +CAN-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...) + - gallery 1.4.4-pl5-1 +CAN-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...) + NOTE: not-for-us (Invision Community Blog ) +CAN-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...) + NOTE: not-for-us (Woltlab Burning Board Lite) +CAN-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...) + NOTE: not-for-us (Mozilla 1.6 for Windows) +CAN-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...) + NOTE: not-for-us (SPHPBlog) +CAN-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...) + NOTE: not-for-us (WinHKI) +CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...) + NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier) +CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...) + {DSA-667-1} +CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...) + NOTE: fixed in ubuntu kernels + NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant + NOTE: was bug #300838 + - kernel-source-2.6.8 2.6.8-15 + - kernel-source-2.4.27 2.4.27-9 +CAN-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...) + NOTE: <horms> all kernels seem to be clear with regards to 2005-0209 + NOTE: <dilinger> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is in all our kernels + - kernel-source-2.4.27 2.4.27-9 +CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) + - gaim 1:1.1.4 +CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...) + NOTE: this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch + NOTE: http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA + NOTE: fixed in upstream 2.6.10, 2.6.9 is dead + - kernel-source-2.6.8 2.6.8-14 +CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) + NOTE: turns out that xpdf, kpdf, tetex-bin and pdftohtml were patched for CAN-2004-0888 with + NOTE: a fixed patch from the beginning, cupsys doesn't include xpdf code any more + NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 + NOTE: gpdf ok, all implementations seem ok +CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) + {DSA-692-1} + - kppp 4:3.1.6 +CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...) + NOTE: according to the CAN it is fixed in 2.6.10, but + NOTE: looking at the source it is not so clear, noting this + NOTE: was bug #296700 + - kernel-source-2.4.27 2.4.27-9 + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.11 2.6.11-1 +CAN-2005-0203 + NOTE: rejected +CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...) + {DSA-674-1} + - mailman 2.1.5-6 +CAN-2005-0201 + NOTE: reserved +CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) + NOTE: not-for-us (TikiWiki) +CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...) + NOTE: not-for-us (ngIRCd) +CAN-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...) + NOTE: not-for-us (Cisco) +CAN-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...) + NOTE: not-for-us (Cisco) +CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...) + NOTE: not-for-us (Cisco) +CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...) + {DSA-667-1} +CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...) + NOTE: not-for-us (mRouter in iSync in OS X) +CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...) + NOTE: not-for-us (RealPlayer) +CAN-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...) + NOTE: not-for-us (RealPlayer) +CAN-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...) + NOTE: not-for-us (RealPlayer) +CAN-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...) + NOTE: not-for-us (RealPlayer) +CAN-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...) + NOTE: not-for-us (AtHoc toolbar) +CAN-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...) + NOTE: not-for-us (AtHoc toolbar) +CAN-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...) + NOTE: not-for-us (CIsco) +CAN-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...) + NOTE: not-for-us (NodeManager Professional) +CAN-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...) + NOTE: not-for-us (vacation plugin not in Debian) +CAN-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...) + NOTE: not-for-us (vacation plugin not in Debian) +CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...) + NOTE: not-for-us (mod_dosevasive module for apache) +CAN-2005-0181 + NOTE: reserved +CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...) + - kernel-source-2.6.8 2.6.8-12 + - kernel-source-2.6.9 2.6.9-5 + - kernel-source-2.6.10 2.6.10-2 +CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...) + NOTE: Does not apply to 2.6.8 + NOTE: Fix in 2.6.9-6 pending upload + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-4 +CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...) + NOTE: see USN-82-1 + NOTE: <horms> hacim: at a cursory glance, 2.4.27 does not seem to have been fixed with regards to that problem + NOTE: <horms> although it was supposed to be fixed in 2.4.25-2 according to my notes + NOTE: <horms> i would try asking marcello + NOTE: reponse from Marcelo: No - v2.4 is safe because back there current->signal was not shared. + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-6 +CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...) + NOTE: According to joshk, doesn't apply to 2.4.27 + NOTE: see USN-82-1 + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-6 +CAN-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...) + NOTE: see USN-82-1 + NOTE: only affects 2.6.9 + - kernel-source-2.6.9 2.6.9-6 +CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...) + - php4 4:4.3.10-3 +CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) + NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP) +CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...) + NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP) +CAN-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...) + NOTE: not-for-us (Veritas NetBackup Administrative Assistant) +CAN-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...) + - gpsd 2.7-4 +CAN-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) + - apache 1.3.33-3 +CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...) + NOTE: not-for-us (TikiWiki) +CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...) + - phpgroupware 0.9.16.005-1 +CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...) + - phpgroupware 0.9.16.005-1 +CAN-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) + - phpgroupware 0.9.16.005-1 +CAN-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...) + - 2.3.2.ds1-19 +CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...) + - clamav 0.81 +CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...) + - uw-imap 7:2002edebian1-6 +CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) + {DSA-667-1} +CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) + - squid 2.5.7-6 +CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...) + {DSA-667-1} +CAN-2005-0172 + NOTE: reserved +CAN-2005-0171 + NOTE: reserved +CAN-2005-0170 + NOTE: reserved +CAN-2005-0169 + NOTE: reserved +CAN-2005-0168 + NOTE: reserved +CAN-2005-0167 + NOTE: reserved +CAN-2005-0166 + NOTE: reserved +CAN-2005-0165 + NOTE: reserved +CAN-2005-0164 + NOTE: reserved +CAN-2005-0163 + NOTE: reserved +CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...) + - openswan 2.2.0-6 + NOTE: does not seem to affect freeswan +CAN-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...) + - unace 1.2b-3 +CAN-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...) + - unace 1.2b-3 +CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...) + {DSA-679-1} +CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) + {DSA-687-1} +CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...) + {DSA-720-1} +CAN-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...) + - perl 5.8.4-6 +CAN-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...) + - perl 5.8.4-6 + - mooix 1.0rc5.pre4 +CAN-2005-0154 + NOTE: reserved +CAN-2005-0153 + NOTE: reserved +CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...) + {DSA-662-1} +CAN-2005-0151 + NOTE: reserved +CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) + - mozilla-firefox 1.0 +CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) + - mozilla-thunderbird 0.7 + - mozilla 2:1.7.4 +CAN-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...) + NOTE: not-for-us (thunderbird on windows) +CAN-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2005-0145 (Firefox before 1.0 does not properly distinguish between ...) + - mozilla-firefox 1.0 +CAN-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...) + - mozilla-firefox 1.0 + - mozilla-thunderbirs 0.7 + - mozilla 2:1.7.5 +CAN-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) + NOTE: not-for-us (PeID) +CAN-2005-0139 + NOTE: reserved +CAN-2005-0138 + NOTE: reserved +CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) + NOTE: Does not affect 2.6 based kernels in Debian + - kernel-source-2.4.27 2.4.27-10 +CAN-2005-0136 + NOTE: reserved + - kernel-source-2.6.8 2.6.8-14 +CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) + - kernel-source-2.6.8 2.6.8-14 +CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...) + NOTE: not-for-us (SCO UnixWare) +CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...) + - mozilla-firefox 1.0 + - mozilla 2:1.7.5 +CAN-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...) + - clamav 0.80-0.81rc1-1 +CAN-2005-0132 + NOTE: reserved +CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...) + - konversation 0.15-3 +CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...) + - konversation 0.15-3 +CAN-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) + - konversation 0.15-3 +CAN-2005-0128 + NOTE: reserved +CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) + NOTE: not-for-us (MacOS) +CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) + NOTE: not-for-us (MacOS) +CAN-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) + NOTE: not-for-us (MacOS) +CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) + - kernel-source-2.4.27 2.4.27-8 + NOTE: 2.6.8 apparently ok +CAN-2005-0123 + NOTE: reserved +CAN-2005-0122 + NOTE: rejected +CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) + NOTE: not-for-us (golddig) +CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...) + NOTE: not-for-us (helvis) +CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...) + NOTE: not-for-us (helvis) +CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...) + NOTE: not-for-us (helvis) +CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...) + - xshisen 1.51-1-1.1 +CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) + - awstats 6.2-1.1 +CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...) + NOTE: not-for-us (DataRescue Interactive Disassembler) +CAN-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...) + NOTE: not-for-us (ZoneAlarm) +CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...) + NOTE: not-for-us (IRIX) +CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...) + NOTE: not-for-us (3Com OfficeConnect Wireless 11g Access Point) +CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...) + - maxdb-7.5.00 7.5.00.18 +CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) + NOTE: not-for-us (MSIE) +CAN-2005-0109 (Hyper-Threading technology, as used in FreeBSD other operating systems ...) + NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical + NOTE: attack, paranoid people should disable hyper threading + - kfreebsd5-source 5.3-11 +CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...) + {DSA-659-1} + - libapache-mod-auth-radius 1.5.7-6 + - libpam-radius-auth 1.3.16-3 +CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...) + {DSA-690-1} +CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...) + - libnet-ssleay-perl 1.25-1.1 +CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...) + {DSA-684-1} +CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...) + {DSA-662-1} +CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...) + - squirrelmail 2:1.4.4-1 +CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...) + {DSA-673-1} + - evolution 2.0.3-1.2 +CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...) + - newspost 2.1.1-2 +CAN-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...) + {DSA-685-1 DSA-671-1 DSA-670-1} + - emacs21 21.3+1-9 + - xemacs21 21.4.16-2 +CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...) + {DSA-691-1} +CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...) + {DSA-691-1} +CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...) + - squid 2.5.7-4 +CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...) + - squid 2.5.7-4 +CAN-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...) + {DSA-651-1} + - squid 2.5.7-4 +CAN-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...) + {DSA-651-1} + - squid 2.5.7-4 +CAN-2005-0093 + NOTE: rejected +CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) + NOTE: apparently specific to redhat hugemem kernel +CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) + NOTE: apparently specific to redhat hugemem kernel +CAN-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) + NOTE: apparently specific to redhat hugemem kernel +CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...) + {DSA-666-1} +CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...) + {DSA-689-1} + - libapache2-mod-python 3.1.3-3 +CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) + NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9 + - alsa-lib 1.0.9-1 +CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) + NOTE: not-for-us (redhat specific less bug) +CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) + {DSA-680-1} + - htdig 1:3.1.6-11 +CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) + {DSA-653-1} + - ethereal 0.10.9-1 +CAN-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...) + NOTE: advisory is vague but implies non-Windows platforms may be vulnerable. +CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...) + - maxdb-7.5.00 7.5.00.21-1 +CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...) + - maxdb-7.5.00 7.5.00.21-1 +CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...) + {DSA-657-1} + - xine-lib 1-rc6a-1 +CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...) + - jabber 1.4.3-3 + NOTE: not-for-us (jadc2s) +CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...) + - a2ps 1:4.13b-4.3 +CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (mod_access_referer) +CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...) + - xshisen 1.51-1-1 +CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) + - mailman 2.1.5-5 +CAN-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...) + {DSA-649-1} +CAN-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...) + {DSA-660-1} +CAN-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...) + {DSA-658-1} +CAN-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...) + {DSA-672-1} +CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...) + - squirrelmail 2:1.4.4-1 +CAN-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...) + {DSA-676-1} +CAN-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...) + {DSA-677-1} +CAN-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...) + {DSA-655-1} +CAN-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...) + {DSA-656-1} +CAN-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...) + {DSA-681-1} +CAN-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...) + - vim 1:6.3-058+1 +CAN-2005-0068 (The original design of ICMP does not require authentication for ...) + NOTE: general icmp design error +CAN-2005-0067 (The original design of TCP does not require that port numbers be ...) + NOTE: general tcp design error, no indication it affects linux +CAN-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...) + NOTE: general tcp design error +CAN-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) + NOTE: general tcp design error +CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...) + {DSA-648-1 DSA-645-1} + - xpdf 3.00-13 + - gpdf 2.8.2-1.2 + - pdftohtml 0.36-11 + - kdegraphics 3.3.2-2 + - tetex-bin 2.0.2-26 +CAN-2005-0063 (The document processing application used by the Windows Shell in ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0062 + NOTE: reserved +CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0058 + NOTE: reserved +CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0052 + NOTE: reserved +CAN-2005-0051 (Windows XP SP1 and SP2 allows remote attackers to obtain sensitive ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0046 + NOTE: reserved +CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...) + NOTE: not-for-us (Microsoft) +CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...) + NOTE: not-for-us (iTunes) +CAN-2005-0042 + NOTE: reserved +CAN-2005-0041 + NOTE: reserved +CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) + NOTE: not-for-us (DotNetNuke) +CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) + NOTE: These are known issues of IPSEC and basically every VPN system using + NOTE: encryption without authentication. + NOTE: openswan even prevents such configurations +CAN-2005-0038 + NOTE: reserved +CAN-2005-0037 + NOTE: reserved +CAN-2005-0036 + NOTE: reserved +CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...) + NOTE: not-for-us (Adobe) +CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) + NOTE: only affects bind9 9.3.0, we have an earlier version + NOTE: fixed in 9.3.1 +CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) + - bind 1:8.4.6-1 +CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) + NOTE: not-for-us (MSIE) +CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) + NOTE: not-for-us (HP-UX) +CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...) + NOTE: not-for-us (NetBSD) +CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...) + NOTE: not-for-us (Shoutcast) +CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...) + NOTE: not-for-us (IBM DB2) +CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...) + NOTE: not-for-us (Oracle) +CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...) + NOTE: not-for-us (Oracle) +CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...) + NOTE: not-for-us (Oracle) +CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...) + NOTE: not-for-us (Oracle) +CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that ...) + NOTE: not-for-us (Oracle) +CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...) + NOTE: not-for-us (Oracle) +CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...) + NOTE: not-for-us (Oracle) +CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...) + NOTE: not-for-us (Oracle) +CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...) + NOTE: not-for-us (Oracle) +CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...) + NOTE: not-for-us (Oracle) +CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...) + NOTE: not-for-us (Windows) +CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...) + NOTE: not-for-us (Solaris) +CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...) + NOTE: not-for-us (Solaris) +CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...) + NOTE: not-for-us (Solaris) +CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...) + NOTE: not-for-us (ssh on Solaris) +CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...) + NOTE: not-for-us (Solaris) +CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...) + NOTE: not-for-us (Solaris) +CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...) + NOTE: not-for-us (Solaris) +CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...) + NOTE: not-for-us (Solaris) +CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...) + NOTE: not-for-us (Solaris) +CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...) + NOTE: not-for-us (Solaris) +CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...) + NOTE: not-for-us (Sun Java System Web Proxy Server ) +CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...) + NOTE: not-for-us (gzip on Solaris) +CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...) + NOTE: not-for-us (Solaris) +CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) + NOTE: not-for-us (xdm on Solaris) +CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...) + NOTE: not-for-us (Solaris) +CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) + NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager) +CAN-2004-1344 + NOTE: reserved +CAN-2004-1343 [DoS vulnerability in repouid CVS addon patch] + {DSA-715-1} + - 1.12.9-11 +CAN-2004-1342 [Password bypassing in the repouid CVS addon patch] + {DSA-715-1} + - 1.12.9-11 +CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...) + {DSA-711-1} +CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...) + {DSA-659-1} + - libpam-radius-auth 1.3.16-1.1 +CAN-2005-0032 + NOTE: reserved +CAN-2005-0031 + NOTE: reserved +CAN-2005-0030 + NOTE: reserved +CAN-2005-0029 + NOTE: reserved +CAN-2005-0028 + NOTE: reserved +CAN-2005-0027 + NOTE: reserved +CAN-2005-0026 + NOTE: reserved +CAN-2005-0025 + NOTE: reserved +CAN-2005-0024 + NOTE: reserved +CAN-2005-0023 + NOTE: reserved +CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...) + - exim4 4.34-10 +CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...) + {DSA-637-1 DSA-635-1} +CAN-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...) + {DSA-641-1} +CAN-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...) + {DSA-675-1} +CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...) + {DSA-661-2} +CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...) + {DSA-661-2} +CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...) + {DSA-640-1} +CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...) + {DSA-650-1} +CAN-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...) + - ncpfs 2.2.6-1 +CAN-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...) + {DSA-665-1} + - ncpfs 2.2.6-1 +CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...) + - dillo 0.8.3-1 +CAN-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...) + - kdeedu 4:3.3.2-2 +CAN-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...) + - ethereal 0.10.9-1 +CAN-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...) + - ethereal 0.10.9-1 +CAN-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...) + - ethereal 0.10.9-1 +CAN-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...) + - ethereal 0.10.9-1 +CAN-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...) + - ethereal 0.10.9-1 +CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) + {DSA-646-1} + - imagemagick 6:6.0.6.2-2.1 +CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...) + {DSA-647-1} + - mysql-dfsg-4.1 4.1.8a-6 + - mysql-dfsg 4.0.23-3 +CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...) + - kernel-source-2.4.27 2.4.27-9 + - kernel-source-2.6.8 2.6.8-9 + - kernel-source-2.6.9 2.6.9-3 +CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) + NOTE: not-for-us (poppassd_pam) +CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...) + NOTE: i386 and smp specific + - kernel-source-2.6.8 2.6.8-13 + - kernel-source-2.4.27 2.4.27-8 + - kernel-image-2.4.27-i386 2.4.27-8 + - kernel-image-2.4.27-speakup 2.4.27-1.1 + - kernel-patch-powerpc-2.6.8 2.6.8-10 +CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...) + NOTE: not-for-us (oracle) +CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) + NOTE: not-for-us (oracle) +CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-1 +CAN-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) + - tetex-bin 2.0.2-25 +CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 + - kernel-source-2.4.27 2.4.27-9 +CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) + NOTE: apparantly 2.6 only + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 +CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 + - kernel-source-2.4.27 2.4.27-9 + NOTE: will be fixed in 2.4.27-9 +CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) + NOTE: not-for-us (hpux) +CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) + NOTE: not-for-us (microsoft) +CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...) + NOTE: not-for-us (AIX) +CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...) + NOTE: not-for-us (AIX) +CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) + NOTE: not-for-us (hpux) +CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...) + NOTE: not-for-us (Crystal FTP client) +CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) + NOTE: not-for-us (Ultrix) +CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) + NOTE: not-for-us (Netbsd) +CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) + NOTE: not-for-us (Microsoft/Cisco) +CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) + NOTE: not-for-us (Asante FM2008) +CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) + NOTE: not-for-us (Asante FM2008) +CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...) + NOTE: not-for-us (MSIE) +CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...) + {DSA-627-1} + - namuzu2 2.0.14 +CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...) + NOTE: apparently only affects netcat in windows +CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...) + - mozilla 2:1.7.5-1 +CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...) + - phpbb2 2.0.10-3 +CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) + NOTE: not-for-us (MacOS) +CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) + NOTE: not-for-us (My Firewall Plus) +CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) + NOTE: not-for-us (mplayer) +CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) + NOTE: not-for-us (mplayer) +CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) + NOTE: not-for-us (mplayer) +CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) + {DSA-617-1} + - libtiff4 3.6.1-4 + TODO: other packages containing libtiff code may be vulnerable +CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...) + TODO: check +CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...) + NOTE: not-for-us (Windows) +CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) + - file 4.12 +CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) + NOTE: not-for-us (Yanf) +CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) + NOTE: not-for-us (YAMT) +CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) + NOTE: not-for-us (xlreader) +CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) + - xine-lib 1-rc8-1 +CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) + NOTE: not-for-us (vilistextum) +CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) + NOTE: not-for-us (vb2c) +CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) + - unrtf 0.19.3-1.1 +CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...) + - groff 1.18.1.1-5 +CAN-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) + NOTE: uml_net is only executable by users in group uml-net in Debian + NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit +CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) + - tnftp (unfixed; bug #285902) +CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) + NOTE: not-for-us (rtf2latex2e) +CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) + NOTE: not-for-us (ringtonetools) +CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) + NOTE: not-for-us (qwik-smtpd) +CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) + NOTE: not-for-us (pgn2web) +CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) + {DSA-625-1} + - pcal 4.8.0-1 +CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) + NOTE: not-for-us (o3read) +CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) + {DSA-623-1} + - nasm 0.98.38-1.1 +CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) + NOTE: not-for-us (NapShare) +CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) + NOTE: not-for-us (mplayer) +CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) + NOTE: non-free + NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions + - mpg123 0.59r-20 +CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) + NOTE: not-for-us (mview) +CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) + {DSA-632-1} + - linpopup 1.2.0-7 +CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) + NOTE: not-for-us (junkie) +CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) + NOTE: not-for-us (junkie) +CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) + NOTE: not-for-us (jpegtoavi) +CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) + NOTE: not-for-us (jcabc2ps) +CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) + NOTE: not-for-us (IglooFTP) +CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) + NOTE: not-for-us (IglooFTP) +CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) + NOTE: not-for-us (html2hdml) +CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) + NOTE: not-for-us (greed) + NOTE: not the game in debian, the file download tool +CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) + NOTE: not-for-us (greed) + NOTE: not the game in debian, the file download tool +CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) + - filter 2.4.2-1.1 +CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) + NOTE: not-for-us (dxfscope) +CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) + - cupsys 1.1.22-2 +CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) + - cupsys 1.1.22-2 +CAN-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) + - cupsys 1.1.22-2 +CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) + - cupsys 1.1.22-2 +CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) + NOTE: not-for-us (csv2xml) +CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) + NOTE: not-for-us (Convex) +CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) + {DSA-644-1} + - chbg 1.5-4 +CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) + NOTE: not-for-us (ChangePassword):w +CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) + NOTE: not-for-us (bsb2ppm) +CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) + NOTE: not-for-us (asp2php) +CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) + NOTE: not-for-us (abctab2ps) +CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) + NOTE: not-for-us (abcpp) +CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) + - abcm2ps 4.8.5-1 +CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) + NOTE: not-for-us (abc2mtex) +CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) + - abcmidi 20050101-1 +CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) + NOTE: not-for-us (2fax) +CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) + NOTE: not-for-us (WinRAR) +CAN-2004-1253 + NOTE: reserved +CAN-2004-1252 + NOTE: reserved +CAN-2004-1251 + NOTE: reserved +CAN-2004-1250 + NOTE: reserved +CAN-2004-1249 + NOTE: reserved +CAN-2004-1248 + NOTE: reserved +CAN-2004-1247 + NOTE: reserved +CAN-2004-1246 + NOTE: reserved +CAN-2004-1245 + NOTE: reserved +CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1243 + NOTE: rejected +CAN-2004-1242 + NOTE: rejected +CAN-2004-1241 + NOTE: rejected +CAN-2004-1240 + NOTE: rejected +CAN-2004-1239 + NOTE: rejected +CAN-2004-1238 + NOTE: rejected +CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...) + NOTE: apparently redhat specific +CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) + NOTE: not-for-us (Netscape Directory Server on HP-UX) +CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...) + - kernel-source-2.6.8 2.6.8-12 + - kernel-image-2.6.8-2-386 2.6.8-12 + - kernel-image-2.6.8-alpha 2.6.8-7 + - kernel-image-2.6.8-hppa 2.6.8-6 + - kernel-image-2.6.8-ia64 2.6.8-11 + - kernel-image-2.6.8-m68k 2.6.8-3 + - kernel-patch-powerpc-2.6.8 2.6.8-9 + - kernel-image-2.6.8-s390 2.6.8-5 + - kernel-image-2.6.8-sparc 2.6.8-6 + - kernel-source-2.4.27 2.4.27-8 + - kernel-image-2.4.27-i386 2.4.27-8 + - kernel-image-2.4.27-alpha 2.4.27-6 + - kernel-image-2.4.27-hppa 2.4.27-3 + - kernel-image-2.4.27-ia64 2.4.27-6 + - kernel-patch-2.4.27-mips 2.4.27-8.040815-1 + - kernel-image-2.4.27-s390 2.4.27-2 + - kernel-image-2.4.27-arm 2.4.27-2 + - kernel-image-2.4.27-m68k 2.4.27-3 + - kernel-patch-powerpc-2.4.27 2.4.27-3 + - kernel-image-2.4.27-sparc 2.4.27-2 + - kernel-image-2.4.27-speakup 2.4.27-1.1 +CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) + NOTE: fixed after 2.4.25 +CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) + NOTE: not-for-us (Gadu-Gadu) +CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) + NOTE: not-for-us (SugarCRM Sugar Sales) +CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...) + NOTE: not-for-us (SugarCRM Sugar Sales) +CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...) + NOTE: not-for-us (SugarCRM Sugar Sales) +CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...) + NOTE: not-for-us (SugarCRM Sugar Sales) +CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...) + - mtr 0.67-1 +CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...) + NOTE: not-for-us (F-Secure Policy Manager) +CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (weblibs.pl) +CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) + NOTE: not-for-us (weblibs.pl) +CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...) + NOTE: not-for-us (Battlefield 1942, Battlefield Vietnam) +CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...) + NOTE: not-for-us (paFileDB) +CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Remote Execute) +CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) + NOTE: not-for-us (Hosting Controller) +CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) + NOTE: not-for-us (Kreed) +CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Kreed) +CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...) + NOTE: not-for-us (Kreed) +CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...) + NOTE: not-for-us (Advanced Guestbook) +CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) + NOTE: not-for-us (Blog Torrent) +CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...) + NOTE: not-for-us (Mercury Mail) +CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) + NOTE: not-for-us (IpCop) +CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...) + NOTE: not-for-us (Verisign Payflow Link) +CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...) + NOTE: not-for-us (Orbz) +CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero" Intrepid Protocol ...) + NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter) +CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...) + NOTE: not-for-us (pnTresMailer) +CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...) + NOTE: not-for-us (pnTresMailer) +CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) + NOTE: at best a local DOS by the user running fluxbox. + NOTE: Where's the security hole? + - fluxbox 0.9.11-1 +CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) + NOTE: not-for-us (phpCMS) +CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) + NOTE: not-for-us (phpCMS) +CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Opera) +CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...) + NOTE: memory leak, doubt it's usefully exploitable + NOTE: did not followup +CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...) + NOTE: not-for-us (Safari) +CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) + NOTE: not-for-us (MSIE) +CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) + NOTE: not-for-us (inShop) +CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) + NOTE: not-for-us (Insite Inmail) +CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...) + NOTE: not-for-us (Star Wars Battlefront) +CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) + NOTE: not-for-us (Star Wars Battlefront) +CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...) + NOTE: not-for-us (Prevex Home) +CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) + NOTE: not-for-us (Citadel/UX) +CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) + NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-6 +CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) + NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c + NOTE: has a misleading entry titled "Fix exploitable hole" + NOTE: http://www.securityfocus.com/advisories/7579 + NOTE: http://xforce.iss.net/xforce/xfdb/18370 + NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8 + NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only + NOTE: 2.6.10 is actually fixed, but 2.6.8 is not + - kernel-source-2.6.8-14 +CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) + {DSA-629-1} +CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) + - xine-lib 1-rc8-1 +CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) + - xine-lib 1-rc8-1 +CAN-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...) + {DSA-654-1} +CAN-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...) + {DSA-654-1} +CAN-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...) + {DSA-654-1} +CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...) + {DSA-626-1} + - libtiff-tools 3.6.1-5 +CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" ...) + {DSA-634-1} +CAN-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...) + {DSA-622-1} + NOTE: htmlheadline not in unstable +CAN-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...) + {DSA-678-1} +CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...) + {DSA-615-1} +CAN-2004-1178 + NOTE: reserved +CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...) + {DSA-674-1} + - mailman 2.1.5-5 +CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...) + {DSA-639-1} +CAN-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...) + {DSA-639-1} +CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...) + {DSA-639-1} +CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) + NOTE: not-for-us (MSIE) +CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) + NOTE: not-for-us (Veritas Backup Exec) +CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) + - kdelibs 4:3.3.1-2 + - kdebase 4:3.3.1-3 +CAN-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...) + {DSA-612-1} + - a2ps 1:4.13b-4.2 +CAN-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) + - maxdb-webtools 7.5.00.19-1 +CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...) + - maxdb-webtools 7.5.00.19-1 +CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...) + NOTE: not-for-us (gentoo mirrorselect) +CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...) + {DSA-631-1} +CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...) + NOTE: not-for-us (Cisco) +CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...) + NOTE: not-for-us (Cisco) +CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...) + - scponly 4.0-1 +CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) + - rssh 2.2.3-1 +CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...) + NOTE: not-for-us (Netscape) +CAN-2004-1159 + NOTE: rejected +CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...) + - kdelibs 4:3.3.1-3 + - kdebase 4:3.3.1-4 +CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...) + NOTE: not-for-us (Opera) +CAN-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...) + - mozilla 2:1.7.6-1 + - mozilla-firefox 1.0.1 +CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) + NOTE: not-for-us (Microsoft MSIE) +CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) + {DSA-701-1} + - samba 3.0.10-1 +CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) + NOTE: not-for-us (Adobe Acrobat Reader) +CAN-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...) + NOTE: not-for-us (Adobe Acrobat Reader) +CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) + NOTE: Fixed in upstream 2.6.10 + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.6.9 2.6.9-4 +CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...) + NOTE: not-for-us (Winamp) +CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) + NOTE: not-for-us (Computer Associates eTrust EZ Antivirus) +CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) + - phpmyadmin 2:2.6.1-rc1-1 +CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) + - phpmyadmin 2:2.6.1-rc1-1 +CAN-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) + - cvstrac 1.1.5 +CAN-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) + - kdelibs 4:3.3.2-1 +CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) + NOTE: amd64 specific + - kernel-source-2.4.27 2.4.27-9 +CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...) + - mailman 2.1.5-5 +CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) + - ethereal 0.10.8 +CAN-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...) + - ethereal 0.10.8 +CAN-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...) + - ethereal 0.10.8 +CAN-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...) + - ethereal 0.10.8 +CAN-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...) + - vim 1:6.3-046+0sarge1 +CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) + - kernel-image-2.4.27-i386 2.4.27-7 +CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...) + NOTE: not-for-us (CuteFTP) +CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...) + NOTE: not-for-us (WS-Ftpd) +CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1132 + NOTE: reserved +CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...) + NOTE: not-for-us (SCO) +CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...) + NOTE: not-for-us (CMailServer) +CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) + NOTE: not-for-us (CMailServer) +CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...) + NOTE: not-for-us (CMailServer) +CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...) + - opendchub 0.7.14-1.1 +CAN-2004-1126 + NOTE: reserved +CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) + {DSA-621-1 DSA-619-1} + - xpdf 3.00-11 + - cupsys 1.1.22-2 + - tetex-bin 2.0.2-25 + - gpdf 2.8.2-1 + - koffice 1:1.3.5-1 +CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...) + NOTE: not-for-us (UnixWare) +CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) + NOTE: not-for-us (Darwin Streaming Server) +CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) + NOTE: not-for-us (Safari) +CAN-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) + NOTE: not-for-us (Safari) +CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) + {DSA-663-1} + - prozilla 1:1.3.7.3-1 +CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) + NOTE: not-for-us (Winamp) +CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...) + NOTE: not-for-us (WodFtpDLX.ocx ActiveX component) +CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...) + NOTE: not-for-us (ChessBrain) +CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) + NOTE: not-for-us (GIMPS) +CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...) + NOTE: gentoo-specific permissions problems in setaiathome +CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...) + NOTE: not-for-us (Skype) +CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...) + NOTE: not-for-us (SQLgrey Postfix greylisting serivce) +CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) + NOTE: not-for-us (Cisco) +CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...) + NOTE: not-for-us (Cisco) +CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) + - mtink 1.0.5 + NOTE: debian not vulnerable except in edge case +CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...) + NOTE: not-for-us (Kerio Personal Firewall) +CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...) + NOTE: not-for-us (Gentoolkit) +CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...) + NOTE: not-for-us (Portage) +CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...) + {DSA-642-1} + - gallery 1.4.4-pl4-1 +CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...) + NOTE: not-for-us (Nortel Networks Contivity VPN Client) +CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...) + NOTE: not-for-us (MailPost) +CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) + NOTE: not-for-us (MailPost) +CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...) + NOTE: not-for-us (MailPost) +CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...) + NOTE: not-for-us (MailPost) +CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) + NOTE: not-for-us (Cisco) +CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) + - mime-tools 5.415-1 +CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...) + NOTE: not-for-us (Cherokee) +CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) + - libarchive-zip-perl 1.14-1 +CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) + {DSA-608-1} + - zgv 5.7-1.3 +CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...) + NOTE: not-for-us (RealPlayer) +CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} +CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} +CAN-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} +CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} +CAN-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...) + NOTE: not-for-us (Apple MacOS) +CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) + - ncpfs 2.2.5-2 +CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...) + NOTE: not-for-us (Citrix) +CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...) + NOTE: not-for-us (Citrix) +CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...) + {DSA-609-1} + - atari800 1.3.2-1 +CAN-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) + - zope-zwiki 0.37.0-1 +CAN-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) + - kernel-source-2.6.8 2.6.8-11 + - kernel-source-2.4.27 2.4.27-7 +CAN-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CAN-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CAN-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...) + NOTE: fixed in 2.6.8 and 2.4.27 +CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...) + NOTE: 2.6 only issue + - kernel-source-2.6.8 2.6.8-11 + NOTE: and the binaries built from it +CAN-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) + - kernel-source-2.4.27 2.4.27-7 + - kernel-source-2.6.8 2.6.8-11 + NOTE: and the binary packages built from them +CAN-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...) + NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems + NOTE: to only affect 2.2 series. + NOTE: 1.5.19 also seems ok +CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) + NOTE: not-for-us (FreeBSD) +CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...) + - php4 4:4.3.10-1 +CAN-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...) + - php4 4:4.3.10-1 +CAN-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...) + - php4 4:4.3.10-1 +CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...) + - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 +CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...) + - bugzilla 2.16.7-2 +CAN-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) + NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors +CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) + - mnogosearch 3.2.18-2.2 +CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) + NOTE: Fixed in 2.6.10 upstream + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-14 +CAN-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...) + TODO: check back with dilinger about 2.6, previous fix in -9 has regressions + - kernel-source-2.4.27 2.4.27-10 +CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) + - kernel-source-2.4.27 2.4.27-8 + - kernel-image-2.4.27-i386 2.4.27-8 + - kernel-image-2.4.27-alpha 2.4.27-6 + - kernel-image-2.4.27-hppa 2.4.27-3 + - kernel-image-2.4.27-ia64 2.4.27-6 + - kernel-patch-2.4.27-mips 2.4.27-8.040815-1 + - kernel-patch-powerpc-2.4.27 2.4.27-3 + - kernel-image-2.4.27-sparc 2.4.27-2 + NOTE: above should cover 2.4 + - kernel-source-2.6.8 2.6.8-11 + NOTE: and the binaries built from it +CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) + - phpmyadmin 2:2.6.0-pl3-1 +CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) + NOTE: not-for-us (AIX) +CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) + NOTE: not-for-us (fetch on FreeBSD) +CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) + {DSA-595-1} + NOTE: bnc is not in sarge or unstable (is in woody) +CAN-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...) + {DSA-596-2 DSA-596-1} + - sudo 1.6.8p3-1 +CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...) + NOTE: not-for-us (Microsoft) +CAN-2004-1048 + NOTE: reserved +CAN-2004-1047 + NOTE: reserved +CAN-2004-1046 + NOTE: reserved +CAN-2004-1045 + NOTE: reserved +CAN-2004-1044 + NOTE: reserved +CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) + NOTE: not-for-us (MSIE) +CAN-2004-1042 + NOTE: reserved +CAN-2004-1041 + NOTE: reserved +CAN-2004-1040 + NOTE: reserved +CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...) + NOTE: not-for-us (SCO UnixWare) +CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...) + NOTE: not-for-us (IEEE1394 specification bug, physical security) +CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...) + - twiki 20030201-6 +CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...) + - squirrelmail 2:1.4.3a-3 +CAN-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...) + - imapproxy 1.2.2+1.2.3rc2-1 +CAN-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...) + - kaffeine 0.4.3.1-3 + - gxine 0.4-rc1 +CAN-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...) + - fcron 2.9.5.1-1 +CAN-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) + - fcron 2.9.5.1-1 +CAN-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) + - fcron 2.9.5.1-1 +CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...) + - fcron 2.9.5.1-1 +CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) + NOTE: not-for-us (Sun JRE) +CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) + NOTE: not-for-us (AIX) +CAN-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...) + {DSA-652-1} + NOTE: sarge's unarj is from a different code base, probably not vulnerable +CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) + {DSA-628-1 DSA-618-1} + - imlib 1.9.14-17.1 + - imlib-png2 1.9.14-16.1 + - imlib2 1.1.2-2.1 +CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...) + {DSA-618-1} + NOTE: fixed in patches for CAN-2004-1026 +CAN-2004-1024 + NOTE: reserved +CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) + NOTE: not-for-us (Kerio) +CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) + NOTE: not-for-us (Kerio) +CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...) + NOTE: not-for-us (MacOS) +CAN-2004-1020 (The addslashes function in PHP 4.3.6 through 4.3.9 and 5.0.0 through ...) + - php4 4:4.3.10-1 +CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) + - php4 4:4.3.10-1 +CAN-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...) + - php4 4:4.3.10-1 + - php3 3:3.0.18-29 +CAN-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) + - kernel-source-2.4.27 2.4.27-9 +CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) + - kernel-image-2.4.27-i386 2.4.27-7 +CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) + NOTE: cyrus-imapd not vulnerable + NOTE: cyrus21-imapd not vulnerable +CAN-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...) + {DSA-606-1} + - nfs-utils 1:1.0.6-3.1 +CAN-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...) + {DSA-597-1} + - cyrus-imapd 1.5.19-20 + - cyrus21-imapd 2.1.17-1 +CAN-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) + {DSA-597-1} + - cyrus-imapd 1.5.19-20 + - cyrus21-imapd 2.1.17-1 +CAN-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) + NOTE: cyrus-imapd not vulnerable + NOTE: cyrus21-imapd not vulnetale +CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...) + {DSA-624-1} + - zip 2.30-8 +CAN-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) + {DSA-639-1} +CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...) + - putty 0.56-1 +CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...) + - bogofilter 0.92.8-1 +CAN-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) + {DSA-584-1} + - dhcp 2.0pl5-19.1 +CAN-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...) + {DSA-639-1} +CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) + {DSA-639-1} +CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) + NOTE: not-for-us (Trend ScanMail) +CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...) + - ppp 2.4.2+20040428-3 +CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) + {DSA-585-1} + - shadow 1:4.0.3-30.3 + NOTE: apparently the fix was lost from sarge somehow, see #309587 + - shadow 1:4.0.3-31sarge5 +CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...) + {DSA-630-1} + - lintian 1.23.6 +CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...) + {DSA-608-1} +CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...) + {DSA-616-1} +CAN-2004-0997 + NOTE: reserved +CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) + {DSA-610-1} + - cscope 15.5-1.1 + NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. +CAN-2004-0995 + NOTE: reserved +CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) + {DSA-614-1 DSA-614-1} + NOTE: only indication that it's this CAN is in the debian package changelog + - xzgv 0.8-3 +CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) + {DSA-604-1} +CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...) + NOTE: not-for-us (Proxytunnel) +CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) + - mpg123 0.59r-19 +CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) + {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} + - libgd2 2.0.30-1 + - libgd 1.8.4-36.1 +CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...) + {DSA-582-1} +CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...) + NOTE: not-for-us (Apple) +CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...) + {DSA-598-1} + - yardradius 1.0.20-15 +CAN-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...) + {DSA-580-1} + - iptables 1.2.11-4 +CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...) + NOTE: not-for-us (windows) +CAN-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...) + - mailutils 1:0.5-4 +CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) + {DSA-586-1} + - ruby1.8 1.8.1+1.8.2pre2-4 + - ruby1.6 1.6.8-12 +CAN-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) + {DSA-578-1} + - mpg123 0.59r-18 +CAN-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...) + {DSA-593-1} + - imagemagick 6:6.0.6.2-1.5 +CAN-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...) + {DSA-592-1} + - ez-ipupdate 3.0.11b8-8 +CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) + NOTE: not-for-us (windows) +CAN-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...) + NOTE: not-for-us (windows) +CAN-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...) + {DSA-577-1} + - postgresql 7.4.6-1 +CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...) + {DSA-620-1} + - perl 5.8.4-4 +CAN-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) + {DSA-603-1} + - openssl 0.9.7e-3 + NOTE: also includes other security fixes than this CAN +CAN-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...) + NOTE: local; low + - netatalk 1.6.4a-1 +CAN-2004-0973 + NOTE: rejected +CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) + {DSA-583-1} + NOTE: lvmcreate_initrd not in debian +CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) + - krb5 (unfixed; bug #278271; not shipped in binary package) + - arla 0.36.2-11 +CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in ...) + {DSA-588-1} + NOTE: sarge is not vulnerable as our version uses set -C +CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...) + - groff 1.18.1.1-2 +CAN-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...) + {DSA-636-1} + - libc6 2.3.2.ds1-19 +CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...) + - gs-common 0.3.6-0.1 +CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) + - gettext 0.14.1-6 +CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) + NOTE: not-for-us (HP-UX) +CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) + {DSA-587-1} + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + NOTE: DSA says zinf not vulnerable in sarge + - zinf 2.2.5 +CAN-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...) + NOTE: not-for-us (windows) +CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) + NOTE: not-for-us (Apple Remote Desktop Client) +CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...) + - freeradius 1.0.1 +CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) + - freeradius 1.0.1 +CAN-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...) + - php4 4.3.9 +CAN-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...) + - php4 4.3.9 +CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) + {DSA-707-1} + - mysql-dfsg-4.1 4.1.10a-6 + - mysql-dfsg 4.0.24-5 +CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge +CAN-2004-0955 + NOTE: rejected + {DSA-571-1 DSA-570-1} +CAN-2004-0954 + NOTE: rejected +CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) + NOTE: jabber version 2 is vulnerable, we have an older version that seems not +CAN-2004-0952 + NOTE: reserved +CAN-2004-0951 + NOTE: reserved +CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) + NOTE: not-for-us (NetOp Host) +CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) + NOTE: fixed in 2.4.28, 2.6.9 + NOTE: check with kernel people +CAN-2004-0948 + NOTE: rejected +CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) + {DSA-652-1} + NOTE: see http://lwn.net/Alerts/110733/ + NOTE: sarge's unarj is from a different code base, probably not vulnerable +CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) + NOTE: does not apply per maintainer +CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) + NOTE: not-for-us (Mitel 3300 Integrated Communications Platform) +CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) + NOTE: not-for-us (Mitel 3300 Integrated Communications Platform) +CAN-2004-0943 + NOTE: reserved +CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) + - apache2 2.0.52-2 +CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) + {DSA-602-1 DSA-601-1} + - libgd2 2.0.33-1.1 + - libgd 1.8.4-36.1 +CAN-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...) + {DSA-594-1} + - apache 1.3.33-2 +CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) + NOTE: not-for-us (Neoteris Instant Virtual Extranet) +CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...) + - freeradius 1.0.1 +CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) + NOTE: not-for-us (Sophos Anti-Virus) +CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...) + NOTE: not-for-us (RAV antivirus) +CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...) + NOTE: not-for-us (Eset anti-virus) +CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...) + NOTE: not-for-us (Kaspersky antivirus) + NOTE: Kaspersky engine is supported by amavas-ng +CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...) + NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus) +CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) + NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers) +CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...) + - maxdb-7.5.00 7.5.00.18 +CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...) + - samba 3.0.8-1 +CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...) + NOTE: tiff3g was removed from debian +CAN-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...) + NOTE: not-for-us (Macromedia) +CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...) + NOTE: not-for-us (MacOS) +CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) + NOTE: not-for-us (MacOS) +CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...) + NOTE: not-for-us (MacOS) +CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...) + NOTE: not-for-us (MacOS) +CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) + {DSA-566-1} +CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) + NOTE: not-for-us (MacOS) +CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) + NOTE: not-for-us (MacOS) +CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...) + NOTE: not-for-us (norton) +CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...) + NOTE: not-for-us (FreeBSD) +CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...) + {DSA-576-1} + - squid 2.5.7 +CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...) + NOTE: not-for-us (Vignette Application Portal) +CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...) + {DSA-574-1} + - cabextract 1.1-1 +CAN-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...) + {DSA-605-1} + - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 +CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) + {DSA-607-1} + NOTE: Previous -9 fix had some issues of its own + - xfree86 4.3.0.dfsg.1-14 + NOTE: lesstif1 and 2 have to be fixed separately + - lesstif1 1:0.93.94-11.3 + NOTE: but lesstif2 did get fixed for this hole.. + - lesstif2 1_0.93.94-11.2 + NOTE: openmotif is non-free + - openmotif (unfixed; bug #308819) +CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) + {DSA-572-1} + - squid 2.5.6-9 +CAN-2004-0912 + NOTE: reserved +CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) + {DSA-569-1 DSA-556-1} +CAN-2004-0910 + NOTE: rejected +CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...) + NOTE: not-for-us (non-debian package issue) +CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...) + - mozilla-firefox 0.10.1+1.0PR + - mozilla 1.7.3 + - mozilla-thunderbird 0.8 +CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0898 + NOTE: reserved +CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...) + NOTE: not-for-us (Windows) +CAN-2004-0896 + NOTE: reserved +CAN-2004-0895 + NOTE: reserved +CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...) + - gaim 1.0.2 +CAN-2004-0890 + NOTE: rejected +CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...) + {DSA-573-1} +CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) + {DSA-599-1 DSA-581-1 DSA-573-1} + - koffice 1:1.3.4-1 +CAN-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) + NOTE: waldi provided this info + - linux-kernel-image-2.6.8-s390 2.6.8-3 + - kernel-source-2.6.8 2.6.8-10 + - kernel-source-2.6.9 2.6.9-3 +CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) + {DSA-567-1} +CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) + - apache2 2.0.52-2 +CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) + {DSA-568-1 DSA-563-1} +CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) + - kernel-source-2.4.27 2.4.27-6 + - kernel-source-2.6.8 2.6.8-13 + - kernel-source-2.6.9 2.6.9-3 + - kernel-source-2.6.10 2.6.10-4 +CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...) + NOTE: details http://security.e-matters.de/advisories/132004.html + - samba 3.0.7 +CAN-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) + {DSA-553-1} +CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...) + {DSA-553-1} +CAN-2004-0879 + NOTE: reserved +CAN-2004-0878 + NOTE: reserved +CAN-2004-0877 + NOTE: reserved +CAN-2004-0876 + NOTE: reserved +CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) + - phpgroupware 0.9.16.002 +CAN-2004-0874 + NOTE: rejected +CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...) + NOTE: not-for-us (apple) +CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...) + NOTE: not-for-us (Opera) +CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...) + NOTE: upstream knows about the problem, no fix expected + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 + NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html + NOTE: fix doesn't look likely any time soon + TODO: followup +CAN-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...) + NOTE: upstream knows about the problem, no fix expected + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 + NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html + NOTE: fix doesn't look likely any time soon + TODO: followup +CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...) + NOTE: not-for-us (MSIE) +CAN-2004-0868 + NOTE: rejected +CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...) + - mozilla-firefox 0.9.3 +CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...) + NOTE: not-for-us (MSIE) +CAN-2004-0865 + NOTE: reserved +CAN-2004-0864 + NOTE: reserved +CAN-2004-0863 + NOTE: reserved +CAN-2004-0862 + NOTE: reserved +CAN-2004-0861 + NOTE: reserved +CAN-2004-0860 + NOTE: reserved +CAN-2004-0859 + NOTE: reserved +CAN-2004-0858 + NOTE: reserved +CAN-2004-0857 + NOTE: reserved +CAN-2004-0856 + NOTE: reserved +CAN-2004-0855 + NOTE: reserved +CAN-2004-0854 + NOTE: reserved +CAN-2004-0853 + NOTE: reserved +CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) + {DSA-611-1} +CAN-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...) + {DSA-559-1} +CAN-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...) + - star 1.5a46 +CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + HELP: which radius daemon in debian is "GNU Radius" (if any)? +CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...) + NOTE: not-for-us (microsoft) +CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) + NOTE: not-for-us (microsoft) +CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) + NOTE: not-for-us (microsoft) +CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...) + NOTE: not-for-us (microsoft) +CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) + NOTE: not-for-us (microsoft) +CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...) + NOTE: not-for-us (microsoft) +CAN-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...) + NOTE: not-for-us (microsoft) +CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...) + NOTE: not-for-us (microsoft) +CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...) + NOTE: not-for-us (microsoft) +CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) + NOTE: not-for-us (microsoft) +CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...) + {DSA-562-2} +CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) + {DSA-562-2} +CAN-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...) + {DSA-562-2} +CAN-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...) + - speedtouch 1.3.1 +CAN-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...) + {DSA-554-1} +CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...) + - squid 2.5.6-8 +CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) + NOTE: not-for-us (McAfee) +CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) + - smaba 2.2.11 +CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) + NOTE: not-fos-us (AIX) +CAN-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...) + {DSA-547-1} + - imagemagick 5:6.0.7.1-1 +CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) + NOTE: not-for-us (netscape NSS) +CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...) + NOTE: not-for-us (Apple) +CAN-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...) + NOTE: not-for-us (Apple) +CAN-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...) + NOTE: not-for-us (Apple) +CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...) + NOTE: not-for-us (Apple) +CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...) + NOTE: not-for-us (Apple) +CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (winamp) +CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) + NOTE: not-for-us (openbsd) +CAN-2004-0818 + NOTE: reserved + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge +CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) + {DSA-548-1} + - imlib+png2 1.9.14-16.2 +CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) + NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes +CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) + {DSA-600-1} +CAN-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...) + - kernel-source-2.6.8 2.6.8-8 + - kernel-source-2.4.27 2.4.27-7 + NOTE: and all kernels build from it: +CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...) + NOTE: ide-cd SG_IO vulnerability + NOTE: fixed in recent 2.6 and 2.4 kernels +CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...) + NOTE: only affects kernels before 2.4.23 on amd64 +CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...) + - apache2 2.0.52 +CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...) + NOTE: not-for-us (Netopia Timbuktu) +CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...) + {DSA-558-1} + - apache2 2.0.51-1 +CAN-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...) + - samba 3.0.7 +CAN-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...) + - samba 3.0.7 +CAN-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...) + - cdrtools 4:2.0+a34-2 +CAN-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) + {DSA-564-1} + - mpg123 0.59r-16 +CAN-2004-0804 (Vulnerability in in tif_dirread.c for libtiff allows remote attackers ...) + {DSA-567-1} + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge +CAN-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) + {DSA-567-1} +CAN-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) + {DSA-552-1} +CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) + - foomatic-filters 3.0.2 +CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) + NOTE: not-for-us (Solaris) +CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) + NOTE: not-for-us (Ipswitch WhatsUp Gold) +CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...) + NOTE: not-for-us (Ipswitch WhatsUp Gold) +CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) + - zlib 1:1.2.1.1-6 +CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...) + - spamassassin 2.64 +CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) + NOTE: not-for-us (IBM DB2 DB2RCMD.EXE) +CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...) + {DSA-551-1} +CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...) + - bsdmainutils 6.0.15 +CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) + - rsync 2.6.3 +CAN-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) + NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors occur + NOTE: Kernel will never abort due to an ICMP packet +CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) + - kernel-source-2.6.8 2.6.8-16 + - kernel-source-2.4.27 2.4.27-10 +CAN-2004-0789 + NOTE: reserved +CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...) + {DSA-549-1 DSA-546-1} +CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) + NOTE: not-for-us (seems OpenCA is not in Debian) +CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - apache2 2.0.51 +CAN-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...) + - gaim 0.82 +CAN-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...) + - gaim 0.82 +CAN-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) + {DSA-549-1} +CAN-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) + {DSA-549-1 DSA-546-1} +CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...) + {DSA-541} +CAN-2004-0780 + NOTE: reserved +CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) + - mozilla 1.7 + - mozilla-firefox 0.9 +CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...) + - cvs 1.12.9 +CAN-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - courier-imap 2.2.2 +CAN-2004-0776 + NOTE: reserved +CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) + NOTE: not-for-us (Windows) +CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...) + NOTE: not-for-us (Real Helix server not in Debian) +CAN-2004-0773 + NOTE: reserved +CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...) + {DSA-543-1} +CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...) + - lha 1.14i-9 +CAN-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...) + - dgen 1.23-6 +CAN-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...) + - lha 1.14i-9 +CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...) + {DSA-536} +CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) + NOTE: not-for-us (NGSEC StackDefender) +CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) + NOTE: not-for-us (NGSEC StackDefender) +CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...) + - mozilla 1.7 + - mozilla-firefox 0.9 +CAN-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) + - mozilla 1.7 + - mozilla-firefox 0.9 +CAN-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...) + - mozilla-firefox 0.9.3 +CAN-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) + - mozilla 1.7 + - mozilla-firefox 0.9 +CAN-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...) + - mozilla 1.7 + - mozilla-firefox 0.9 +CAN-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...) + - mozilla 1.7.2 + - mozilla-firefox 0.9.3 +CAN-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...) + - mozilla 1.7 +CAN-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...) + - mozilla 1.7.2 + - mozilla-firefox 0.9.3 +CAN-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) + - mozilla 1.7 + - mozilla-firefox 0.9 +CAN-2004-0756 + NOTE: reserved +CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) + {DSA-537} + - gaim 1:0.82.1-1 +CAN-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) + - gaim 1:0.82.1-1 +CAN-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...) + {DSA-546-1} +CAN-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...) + - openoffice.org 1.1.2-4 +CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...) + - apache2 2.0.50-11 +CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) + NOTE: not-for-us (Red Hat specific) +CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...) + - subversion 1.0.9-2 +CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) + - apache2 2.0.51 +CAN-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge + - apache2 2.0.51 +CAN-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) + - kdelibs 4:3.2.3-3.sarge.1 + NOTE: in t-p-u; 4.3.3 in unstable also fixes it +CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...) + - lha 1.14i-10 +CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...) + NOTE: not-for-us (MacOS) +CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...) + NOTE: not-for-us (MacOS) +CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...) + NOTE: not-for-us (Sun Java System Portal Server) +CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...) + NOTE: not-for-us (LionMax Software WWW File Share Pro) +CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...) + NOTE: not-for-us (Lexmark) +CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) + NOTE: not-for-us (Whisper FTP Surfer) +CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...) + NOTE: not-for-us (phpnuke) +CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...) + NOTE: not-for-us (phpnuke) +CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...) + NOTE: not-for-us (phpnuke) +CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...) + NOTE: not-for-us (various windows games) +CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...) + NOTE: not-for-us (Web_Store.cgi) +CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) + NOTE: not-for-us (OllyDbg) +CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...) + NOTE: not-for-us (phpnuke) +CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...) + NOTE: not-for-us (phpnuke) +CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...) + - phpbb2 2.0.10 +CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) + - phpbb2 2.0.10 +CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...) + - moodle 1.4 +CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...) + NOTE: not-for-us (Half Life) +CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...) + - mozilla 1.6 +CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) + - konqueror 4:3.2.3-1.sarge.1 + - kdelibs 4:3.2.3-3.sarge.1 + NOTE: in t-p-u; also fixed in 4.3.3 in unstable +CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...) + NOTE: not-for-us (Safari) +CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) + NOTE: not-fos-us (Microsoft) +CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) + NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent + NOTE: upstream versions became vulnerable again, see + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850 + - mozilla (unfixed) + - mozilla-firefox 1.0.4-3 +CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) + NOTE: not-for-us (opera 7.50) +CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) + NOTE: not-for-us (HP-UX) +CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...) + NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) +CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) + NOTE: not-for-us (Cisco) +CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...) + NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) +CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) + NOTE: not-for-us (Cisco) +CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...) + NOTE: not-for-us (HP OpenView Select Access) +CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) + - moin 1.2.2 +CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) + - bugzilla 2.16.7-0.1 +CAN-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...) + NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian +CAN-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + - bugzilla 2.16.7-0.1 +CAN-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...) + - bugzilla 2.16.7-0.1 +CAN-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...) + NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian +CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...) + NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian +CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...) + NOTE: not-for-us (Solaris) +CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...) + {DSA-532} +CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...) + NOTE: not-for-us (Check Point VPN) +CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...) + NOTE: not-for-us (WebSTAR) +CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...) + NOTE: not-for-us (WebSTAR) +CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...) + NOTE: not-for-us (WebSTAR) +CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...) + NOTE: not-for-us (WebSTAR) +CAN-2004-0694 + NOTE: reserved + - lha 1.14i-10 +CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...) + {DSA-542-1} +CAN-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...) + {DSA-542-1} +CAN-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...) + {DSA-542-1} +CAN-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...) + - kdelibs 4:3.2.3-3.sarge.1 + NOTE: in t-p-u, 4.3.3 in unstable is also fixed +CAN-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) + {DSA-539} +CAN-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...) + {DSA-561-1 DSA-560-1} + NOTE: Matej Vela has checked that these are backported to lesstif1 as well + - lesstif1-1 1:0.93.94-9 + NOTE: openmotif is non-free + - openmotif (unfixed; bug #308819) +CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) + {DSA-561-1 DSA-560-1} + NOTE: Matej Vela has checked that these are backported to lesstif1 as well + - lesstif1-1 1:0.93.94-9 + NOTE: openmotif is non-free + - openmotif (unfixed; bug #308819) +CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) + - samba 3.0.5 +CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) + NOTE: Fixed in upstream 2.4.27 +CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) + NOTE: not-for-us (WebSphere Edge Server) +CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...) + NOTE: not-for-us (Norton) +CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...) + NOTE: not-for-us (Comersus Cart) +CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + NOTE: not-for-us (Comersus Cart) +CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...) + NOTE: not-for-us (Zoom DSL modem) +CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...) + NOTE: not-for-us (UnrealIRCd) +CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...) + NOTE: not-for-us (12Planet Chat Server) +CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...) + NOTE: not-for-us (Fastream NETFile FTP Server) +CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...) + NOTE: not-for-us (Fastream NETFile FTP Server) +CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...) + NOTE: not-for-us (c32web.exe) +CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...) + NOTE: not-for-us (Enterasys XSR-1800 series Security Routers) +CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...) + NOTE: not-for-us (SCI Photo Chat Server) +CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) + NOTE: not-for-us (Netegrity IdentityMinder Web Edition) +CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...) + NOTE: not-for-us (Brightmail Spamfilter) +CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...) + NOTE: not-for-us (Rompager) +CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...) + NOTE: not-for-us (Lotus) +CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...) + NOTE: not-for-us (Lotus) +CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...) + NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable. + - kernel-patch-adamantix 1.6 +CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...) + NOTE: not-for-us (popclient not in Debian) +CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...) + NOTE: not-for-us (csFAQ not in Debian) +CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...) + NOTE: not-for-us (PowerPortal) +CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) + NOTE: not-for-us (PowerPortal) +CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) + NOTE: not-for-us (PowerPortal) +CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...) + NOTE: not-for-us (D-Link AirPlus DI-614+) +CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) + NOTE: not-for-us (CuteNews) +CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...) + NOTE: not-for-us (mplayer) +CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...) + NOTE: invalid according to www.osvdb.org/7253 +CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...) + - ntp 4.0 +CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...) + - pure-ftpd 1.0.19-1 +CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...) + NOTE: not-for-us (Gentoo specific) +CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...) + NOTE: not-for-us (Solaris) +CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...) + NOTE: not-for-us (Solaris) +CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) + NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) +CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) + NOTE: JRE is not in Debian, assuming the various wrappers handle + NOTE the new version. Not worrying about upgrades. +CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) + NOTE: not-for-us (Cisco) +CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) + {DSA-530} +CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...) + - mozilla 1.7.1 + - mozilla-firefox 0.9.2 + - mozilla-thunderbird 0.7.2 +CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...) + - shorewall 2.0.3a +CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...) + NOTE: not-for-us (JRun) +CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) + {DSA-579-1 DSA-550-1} +CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...) + {DSA-543-1} +CAN-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...) + {DSA-543-1} +CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...) + {DSA-543-1} +CAN-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...) + NOTE: not-for-us (Thomson hardware ADSL router) +CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...) + {DSA-529} +CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...) + {DSA-535} +CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...) + NOTE: not-for-us (Oracle) +CAN-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...) + NOTE: not-for-us (Oracle) +CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...) + NOTE: not-for-us (AOL Instant Messenger) +CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...) + {DSA-528} +CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...) + - ethereal 0.10.5 +CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...) + - ethereal 0.10.5 +CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...) + NOTE: not-for-us (adobe reader) +CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...) + NOTE: not-for-us (adobe acrobat) +CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...) + NOTE: not-for-us (adobe acrobat) +CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) + NOTE: not-for-us (adobe acrobat) +CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) + NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version +CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) + NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version +CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) + NOTE: fixed after 2.6.6 kernel +CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) + NOTE: not-for-us (Infinity WEB) +CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...) + NOTE: not-for-us (Artmedic links) +CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) + {DSA-590-1} + - gnats 4.0-6.1 +CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...) + NOTE: not-for-us (MacOS) +CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...) + NOTE: not-for-us (Newsletter ZWS) +CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...) + NOTE: not-for-us (vBulletin) +CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...) + NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver) + NOTE: does not seem to be part of linux kernel or other package +CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...) + NOTE: not-for-us (freebsd) +CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...) + NOTE: not-for-us (ArbitroWeb) +CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...) + NOTE: not-for-us (BT Voyager 2000 Wireless ADSL Router) +CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) + NOTE: not-for-us (D-Link DI-614+ SOHO router) +CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...) + NOTE: not-for-us (osTicket) +CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) + NOTE: not-for-us (osTicket) +CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...) + NOTE: not-for-us (ZoneAlarm Pro) +CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...) + NOTE: not-for-us (Netgear FVS318 VPN Router) +CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...) + NOTE: not-for-us (Microsoft MN-500 Wireless Router) +CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) + - rssh 2.2.1 +CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) + NOTE: not-for-us (Unreal Engine) +CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...) + - racoon 0.3.3-1 +CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...) + NOTE: not-for-us (Infoblox DNS One) +CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) + NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug". + NOTE: Does not match posted patch. Mailed Debian maintainer. +CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) + NOTE: not-for-us (giFT-FastTrack not in debian) +CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...) + NOTE: not-for-us (Gentoo-specific bug in gzip introduced by botched security fix) +CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...) + NOTE: not-for-us (FreeBSD) +CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...) + - disctcc 2.18.1-4 +CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...) + - samba 3.0.5 +CAN-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) + {DSA-536} +CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) + {DSA-536} +CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...) + {DSA-536} +CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...) + NOTE: Fixed in upstream ( <= 2.6.7) +CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...) + {DSA-689-1 DSA-531} +CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...) + {DSA-689-1 DSA-531} +CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...) + NOTE: not-for-us (Sygate Enforcer) +CAN-2004-0592 + NOTE: reserved +CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...) + {DSA-533} +CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...) + - freeswan 2.04-10 + - openswan 2.2.0 +CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...) + NOTE: not-for-us (Cisco) +CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...) + - usermin 1.090-1 +CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...) + - qla2x00-source 7.01.01-1 +CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers execute arbitrary ...) + NOTE: not-for-us (Windows) +CAN-2004-0585 + NOTE: rejected +CAN-2004-0584 (Unknown vulnerability in Horde-IMP 3.2.3 and earlier, before a ...) + - imp 3.2.4 +CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) + {DSA-526} + - usermin 1.090-1 + - webmin 1.150-1 +CAN-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...) + {DSA-526} + - usermin 1.090-1 +CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) + NOTE: not-for-us (Mandrake script) +CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...) + NOTE: not-for-us (Linksys routers) +CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) + {DSA-522} +CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) + NOTE: not-for-us (Wingate) +CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...) + NOTE: not-for-us (Wingate) +CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) + NOTE: not-for-us (GNU radius not in Debian) +CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) + NOTE: not-for-us (Windows) +CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...) + NOTE: not-for-us (Windows) +CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...) + NOTE: not-for-us (Windows) +CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...) + NOTE: not-for-us (Windows) +CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0570 + NOTE: reserved +CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...) + NOTE: not-for-us (Windows) +CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...) + NOTE: not-for-us (HyperTerminal) +CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) + NOTE: not-for-us (Windows) +CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) + NOTE: not-for-us (Windows) +CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...) + NOTE: ia64 only + NOTE: appears fixed in 2.4.27/2.6.8 +CAN-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) + {DSA-557-1} +CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...) + {DSA-555-1} +CAN-2004-0562 + NOTE: reserved +CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...) + {DSA-638-1} +CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...) + {DSA-638-1} +CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...) + {DSA-544-1} +CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...) + {DSA-545-1} +CAN-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) + {DSA-565-1} +CAN-2004-0556 + NOTE: reserved +CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) + {DSA-643-1} +CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...) + NOTE: this was a big deal and is fixed in all current kernels +CAN-2004-0553 + NOTE: reserved +CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...) + NOTE: not-for-us (Sophos Small Business Suite) +CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...) + NOTE: not-for-us (Cisco) +CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) + NOTE: not-for-us (Real Player) +CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...) + NOTE: not-for-us (Windows) +CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...) + - aspell 0.50.5-3 +CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) + {DSA-516} +CAN-2004-0546 + NOTE: reserved +CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...) + NOTE: not-for-us (AIX) +CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) + NOTE: not-for-us (AIX) +CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) + NOTE: not-for-us (Oracle) +CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) + NOTE: not-for-us (php4 bug only affects Windows) +CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) + - squid 2.5.5-5 +CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) + NOTE: not-for-us (Windows) +CAN-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...) + NOTE: not-for-us (MacOS) +CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...) + NOTE: not-for-us (MacOS) +CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) + NOTE: not-for-us (Opera) +CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) + - tripwire 2.3.1.2.0-2.1 +CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) + NOTE: fixed in 2.4.27 +CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) + NOTE: not-for-us (Business Objects WebIntelligence) +CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...) + NOTE: not-for-us (Business Objects WebIntelligence) +CAN-2004-0532 + NOTE: reserved +CAN-2004-0531 + NOTE: reserved +CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) + NOTE: not-for-us (Slackware specific rpath issue) +CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) + NOTE: not-for-us (cPanel is not our cpanel) +CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...) + NOTE: not-for-us (Netscape Navigator 7.1) +CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...) + NOTE: konquror 2.2.2 and earlier, later should not be vulnerale + NOTE: but did not check in detail +CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...) + NOTE: not-for-us (Windows) +CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...) + NOTE: not-for-us (iLO) +CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...) + NOTE: not-for-us (Change_passwd SquirrelMail plugin not present in debian) +CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) + {DSA-520} +CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...) + {DSA-512} +CAN-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...) + {DSA-535} +CAN-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) + {DSA-535} +CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) + {DSA-535} +CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) + NOTE: not-for-us (MacOS) +CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...) + NOTE: not-for-us (MacOS) +CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...) + NOTE: not-for-us (MacOS) +CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) + NOTE: not-for-us (MacOS) +CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...) + NOTE: not-for-us (MacOS) +CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to "logging when ...) + NOTE: not-for-us (MacOS) +CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) + NOTE: not-for-us (SCO MMDF) +CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...) + NOTE: not-for-us (SCO MMDF) +CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...) + NOTE: not-for-us (SCO MMDF) +CAN-2004-0509 + NOTE: reserved +CAN-2004-0508 + NOTE: reserved +CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...) + - ethereal 0.10.4 +CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...) + - ethereal 0.10.4 +CAN-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) + - ethereal 0.10.4 +CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...) + - ethereal 0.10.4 +CAN-2004-0503 (Outlook 2003 allows remote attackers to bypass the default zone ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) + - gaim 1:0.81-3 +CAN-2004-0499 + NOTE: reserved +CAN-2004-0498 + NOTE: reserved +CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...) + NOTE: linux kernel fchown hole, fixed in all current kernels +CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) + NOTE: fixed in 2.6.7 +CAN-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...) + NOTE: fixed in 2.4.27-rc1 +CAN-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...) + - gnome-vfs 1.0.1 +CAN-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...) + - apache2 2.0.50-1 +CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...) + {DSA-525} + - apache 1.3.31-2 +CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...) + NOTE: appears redhat specific +CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...) + NOTE: not-for-us (cPanel is not our cpanel) +CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) + NOTE: not-for-us (MacOS) +CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...) + {DSA-532} + - apache2 2.0.50-1 +CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...) + NOTE: not-for-us (Norton) +CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) + NOTE: not-for-us (MacOS) +CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...) + NOTE: not-for-us (MacOS) +CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) + NOTE: not-for-us (IRIX) +CAN-2004-0482 (Multiple "incorrect bounds checking" errors in certain functions for ...) + NOTE: not-for-us (OpenBSD) +CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...) + NOTE: not-for-us (the KCMS on Solaris) +CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...) + NOTE: not-for-us (Lotus Notes) +CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...) + NOTE: only a Mozilla DOS + TODO: not even fixed upstream +CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...) + NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router) +CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...) + NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router) +CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) + NOTE: not-for-us (Microsoft) +CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...) + NOTE: not-for-us (Help Center (HelpCtr.exe)) +CAN-2004-0473 (Opera before 7.50 does not properly filter "-" characters that begin a ...) + NOTE: not-for-us (opera) +CAN-2004-0472 + NOTE: rejected +CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) + NOTE: not-for-us (BEA WebLogic) +CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...) + NOTE: not-for-us (BEA WebLogic) +CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) + NOTE: not-for-us (Check Point VPN) +CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) + NOTE: not-for-us (Juniper JUNOS) +CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...) + NOTE: not-for-us (Juniper JUNOS) +CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...) + NOTE: not-for-us (WebConnect) +CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...) + NOTE: not-for-us (WebConnect) +CAN-2004-0464 + NOTE: reserved +CAN-2004-0463 + NOTE: reserved +CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...) + NOTE: not-for-us (Multiple embedded hardware vendors) +CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) + NOTE: debian probably not vulnerable + - dhcp3 3.0.1 +CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) + - dhcp3 3.0.1 +CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...) + NOTE: not-for-us (DOS in 802.11 protocol) +CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...) + {DSA-503} + - mah-jong 1.6.2-1 +CAN-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...) + {DSA-540} +CAN-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...) + {DSA-527} +CAN-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) + {DSA-523} +CAN-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...) + {DSA-524} +CAN-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...) + - vice 1.14-2 +CAN-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) + {DSA-620-1} +CAN-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) + {DSA-521} +CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...) + {DSA-513} +CAN-2004-0449 + NOTE: reserved +CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) + {DSA-510} +CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) + NOTE: fixed in linux 2.4.26 +CAN-2004-0446 + NOTE: reserved +CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...) + NOTE: not-for-us (Norton) +CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...) + NOTE: not-for-us (Norton) +CAN-2004-0443 + NOTE: reserved +CAN-2004-0442 + NOTE: reserved +CAN-2004-0441 + NOTE: reserved +CAN-2004-0440 + NOTE: reserved +CAN-2004-0439 + NOTE: reserved +CAN-2004-0438 + NOTE: reserved +CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...) + NOTE: not-for-us (Titan FTP Server) +CAN-2004-0436 + NOTE: reserved +CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...) + NOTE: not-for-us (FreeBSD) +CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...) + {DSA-504} +CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...) + NOTE: mplayer not in Debian + - xine-lib 1-rc4 +CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) + - proftpd 1.2.9-4 +CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...) + NOTE: not-for-us (Apple QuickTime) +CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) + NOTE: not-for-us (MacOS) +CAN-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) + NOTE: not-for-us (RAdmin for Mac OS X) +CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) + NOTE: not-for-us (Mac OS X)) +CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) + NOTE: fixed after 2.6.6/2.4.26 kernel +CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) + {DSA-499} +CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...) + NOTE: not-for-us (windows) +CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) + NOTE: fixed after 2.6.4/2.4.26 kernel +CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) + NOTE: bug still exists in the ssmtp source, but is only activated if + NOTE: --enable-logfile is used in ./configure + NOTE: The package doesn't enable that flag so it is safe. +CAN-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...) + {DSA-500} +CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...) + {DSA-498} +CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...) + NOTE: not-for-us (windows) +CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...) + NOTE: reserved (baruch) +CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) + {DSA-519} + - cvs 1:1.12.9-1 +CAN-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...) + {DSA-519} + - cvs 1:1.12.9-1 +CAN-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...) + {DSA-519} + - cvs 1:1.12.9-1 +CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) + NOTE: fixed in 2.4.27-rc6 +CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) + - cvs 1:1.12.9-1 +CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...) + - subversion 1.0.5-1 +CAN-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) + - mailman 2.1.4-5 +CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...) + {DSA-518} +CAN-2004-0410 + NOTE: reserved + NOTE: An empty CAN, never published. +CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) + {DSA-493} + - chat 2.0.8-1 +CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...) + {DSA-494} +CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) + NOTE: not-for-us (ColdFusion) +CAN-2004-0406 + NOTE: reserved +CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) + {DSA-486} + - cvs 1:1.12.5-4 +CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...) + {DSA-488} +CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...) + - racoon 0.3.1-3 +CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...) + {DSA-508} +CAN-2004-0401 (Vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, ...) + - libtasn1 0.1.2-2 +CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...) + {DSA-502 DSA-501} + - exim 3.36-11 +CAN-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) + {DSA-502 DSA-501} + - exim 3.36-11 +CAN-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...) + {DSA-507 DSA-506} + +CAN-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...) + - subversion 1.0.3-1 + NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791 +CAN-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) + {DSA-505} + - cvs 1:1.12.5-6 +CAN-2004-0395 (The xatitv program in the gatos package does not properly drop root ...) + {DSA-509} +CAN-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) + NOTE: apparently not very exploitable, does not affect 2.6 + NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch + NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug +CAN-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...) + {DSA-524} +CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) + - apache 1.3.31-2 +CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) + NOTE: not-for-us (Cisco Wireless LAN Solution Engine) +CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) + NOTE: not-for-us (SCO OpenServer) +CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) + NOTE: not-for-us (RealNetworks Helix Universal Server) +CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) + {DSA-483} +CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...) + NOTE: not-for-us (RealPlayer plugin) +CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...) + NOTE: not-for-us (mplayer; not in the archive) +CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...) + NOTE: not-for-us (Oracle 9i Application Server Web Cache) +CAN-2004-0384 + NOTE: reserved +CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...) + NOTE: not-for-us (Mail for Mac OS X) +CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...) + NOTE: not-for-us (CUPS printing system in Mac OS X) +CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) + {DSA-483} +CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...) + NOTE: not-for-us (Microsoft Outlook Express) +CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) + NOTE: not-for-us (Microsoft SharePoint Portal Server 2001) +CAN-2004-0378 + NOTE: reserved +CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) + NOTE: not-for-us (perl; Win32 is affected, UNIX systems not) +CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) + {DSA-473} +CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) + NOTE: not-for-us (Symantec Norton Internet Security) +CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...) + {DSA-471} +CAN-2004-0373 + NOTE: reserved +CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...) + {DSA-477} +CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...) + {DSA-476} +CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) + NOTE: not-for-us (KAME) +CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) + NOTE: not-for-us (Entrust LibKmp ISAKMP library) +CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) + NOTE: not-for-us (CDE) +CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) + - ethereal 0.10.3 +CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...) + {DSA-469} + NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask + NOTE: for approval on d-release + - pam-pgsql 0.5.2-9 +CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...) + - ethereal 0.10.3 +CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...) + NOTE: not-for-us (WrapNISUM ActiveX) +CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...) + NOTE: not-for-us (SymSpamHelper ActiveX) +CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...) + NOTE: not-for-us (ISS Protocol Analysis Module) +CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...) + NOTE: not-for-us (safari) +CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) + NOTE: not-for-us (solaris) +CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...) + NOTE: not-for-us (Invision Power Board) +CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) + NOTE: not-for-us (VirtuaNews Admin Panel) +CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...) + NOTE: not-for-us (SL Mail Pro) +CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...) + NOTE: not-for-us (Invision Power Board) +CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...) + NOTE: not-for-us (GNU Anubis) +CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...) + NOTE: not-for-us (GNU Anubis) +CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...) + NOTE: not-for-us (Cisco) +CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) + NOTE: not-for-us (Spider Sales) +CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...) + NOTE: not-for-us (Spider Sales) +CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...) + NOTE: not-for-us (GWeb HTTP Server) +CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...) + NOTE: not-for-us (SpiderSales) +CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...) + - proftpd 1.2.9 +CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...) + NOTE: not-for-us (Red Faction) +CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...) + NOTE: not-for-us (YaBB SE) +CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) + NOTE: not-for-us (YaBB SE) +CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1 allows local users to cause a denial ...) + NOTE: not-for-us (WFPTD) +CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) + NOTE: not-for-us (WFPTD) +CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...) + NOTE: not-for-us (WFPTD) +CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...) + - phpbb2 2.0.6d +CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...) + NOTE: not-for-us (Invision Board Forum) +CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) + NOTE: not-for-us (602LAN SUITE) +CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...) + NOTE: not-for-us (602LAN SUITE) +CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...) + NOTE: not-for-us (AXIS 2100) +CAN-2004-0333 (Buffer overflow in the UUDeview package for WinZip 6.2 through WinZip ...) + NOTE: not-for-us (WinZip) +CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...) + NOTE: not-for-us (extremail) +CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) + NOTE: not-for-us (Dell OpenManage Web Server) +CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...) + NOTE: not-for-us (Serv-U) +CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (FreeChat) +CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...) + NOTE: not-for-us (Gigabyte Broadband Router) +CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...) + NOTE: not-for-us (PhpNewsManager) +CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) + NOTE: not-for-us (GateKeeper Pro) +CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...) + NOTE: not-for-us (TypSoft) +CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...) + NOTE: not-for-us (confirm 0.70) +CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...) + NOTE: not-for-us (xmb 1.8 final sp2) +CAN-2004-0322 (Cross-site scripting (XSS) vulnerability in XMB 1.8 Final SP2 allows ...) + NOTE: not-for-us (xmb 1.8 final sp2) +CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) + NOTE: not-for-us (Team Factor) +CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...) + NOTE: not-for-us (ezBoard) +CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...) + NOTE: not-for-us (Load Sharing Facility) +CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...) + NOTE: not-for-us (Load Sharing Facility) +CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...) + NOTE: not-for-us (Avirt) +CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) + NOTE: not-for-us (Avirt) +CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...) + NOTE: not-for-us (WebzEdit) +CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...) + NOTE: not-for-us (PSOProxy) +CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...) + NOTE: not-for-us (LINKSYS) +CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) + NOTE: not-for-us (APC) +CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...) + NOTE: not-for-us (LiveJournal) +CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...) + NOTE: not-for-us (ZoneLabs) +CAN-2004-0308 + NOTE: not-for-us (cisco) +CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...) + NOTE: not-for-us (WebCortex WebStores) +CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) + NOTE: not-for-us (WebCortex WebStores) +CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...) + NOTE: not-for-us (OWLS 1.0) +CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) + NOTE: not-for-us (OWLS 1.0) +CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) + NOTE: not-for-us (Online Store Kit) +CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...) + NOTE: not-for-us (Online Store Kit) +CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) + NOTE: not-for-us (smallftpd; not in Debian) +CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (CesarFTP; Win32) +CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) + NOTE: not-for-us (Broker FTP 6.1.0.0; Win32) +CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) + NOTE: not-for-us (Broker FTP 6.1.0.0 again; Win32) +CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...) + NOTE: not-for-us (yabb; not in Debian) +CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...) + NOTE: not-for-us (ShopCartCGI 2.3; not in Debian) +CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...) + NOTE: not-for-us (KarjaSoft Sami HTTP Server 1.0.4; Win32) +CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...) + NOTE: not-for-us (YaBB; not in Debian) +CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...) + NOTE: not-for-us (Purge Jihad; not in Debian) +CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) + NOTE: not-for-us (SignatureDB; not in Debian) +CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) + - mnogosearch 3.2.18 + NOTE: it's not quite clear which version exactly fixes the problem; + NOTE: I checked the source code of the most recent version and compared + NOTE: it with the problematic section described in the advisory + NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2) + NOTE: and I can confirm the buffer overflow is fixed there +CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...) + NOTE: not-for-us (Xlight FTP server 1.52; not in Debian) +CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) + NOTE: not-for-us (RobotFTP; not in Debian) +CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...) + NOTE: not-for-us (PHP scripts not in Debian) +CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) + NOTE: not-for-us (MSIE bugs) +CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...) + NOTE: not-for-us (mailmgr; not in Debian) +CAN-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Crob FTP; not in Debian) +CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...) + NOTE: not-for-us (Caucho Technology Resin; not in Debian) +CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...) + NOTE: not-for-us (Caucho Technology Resin; not in Debian) +CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) + NOTE: not-for-us (AIMSniff; not in Debian) +CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...) + NOTE: not-for-us (Ratbag game engine; not in Debian) +CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) + NOTE: not-for-us (Dream FTP; not in Debian) +CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...) + NOTE: not-for-us (BosDates; not in Debian) +CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) + NOTE: not-for-us (MaxWebPortal; not in Debian) +CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...) + NOTE: not-for-us (MaxWebPortal; not in Debian) +CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) + NOTE: not-for-us (PHP-Nuke; not in Debian) +CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...) + NOTE: not-for-us (EvolutionX; not in Debian) +CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...) + NOTE: not-for-us (eTrust InoculateIT; not in Debian) +CAN-2004-0266 (SQL injection vulnerability in the "public message" capability ...) + NOTE: not-for-us (PHP-Nuke; not in Debian) +CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...) + NOTE: not-for-us (PHP-Nuke; not in Debian) +CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...) + NOTE: not-for-us (PalmOS) +CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...) + NOTE: not-for-us (The Palace; not in Debian) +CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) + NOTE: not-for-us (CactuShop; not in Debian) +CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...) + NOTE: not-for-us (formmail.php; not in Debian) +CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...) + NOTE: not-for-us (RealPlayer) +CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...) + NOTE: not-for-us (Xlight; not in Debian) +CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) + NOTE: not-for-us (Discuz; not in Debian) +CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...) + NOTE: not-for-us (IBM Cloudscape) +CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (TYPSoft FTP Server) +CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) + NOTE: not-for-us (rxgoogle.cgi) +CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...) + NOTE: not-for-us (PhotoPost PHP Pro) +CAN-2004-0249 (PHPX 3.2.3 allows remote attackers to gain access to other accounts by ...) + NOTE: not-for-us (PHPX) +CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...) + NOTE: not-for-us (PHPX) +CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...) + NOTE: not-for-us (Chaser) +CAN-2004-0246 (Multiple PHP remote code injection vulnerabilities in (1) ...) + NOTE: not-for-us (Les Commentaires) +CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Web Crossing) +CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) + NOTE: not-for-us (Cisco Systems) +CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) + NOTE: not-for-us (AIX) +CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) + NOTE: not-for-us (X-Cart 3.4.3) +CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) + NOTE: not-for-us (X-Cart 3.4.3) +CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...) + NOTE: not-for-us (X-Cart 3.4.3) +CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) + NOTE: not-for-us (PhotoPost PHP Pro) +CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...) + - overkill 0.16-7 +CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) + NOTE: not-for-us (Aprox PHP Portal) +CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) + NOTE: not-for-us (thePHOTOtool) +CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) + {DSA-515} +CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...) + {DSA-515} +CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...) + NOTE: not-for-us (utempter) +CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...) + {DSA-497} +CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) + {DSA-497} +CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...) + NOTE: not-for-us (famous TCP RST bug) +CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) + NOTE: not-for-us (Kernel 2.6 framebuffer bug) +CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) + NOTE: fixed in linux 2.4.27-pre3 +CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...) + NOTE: not-for-us (ZoneMinder) +CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) + {DSA-497} +CAN-2004-0225 + NOTE: reserved +CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...) + - courier 0.45.1-1 +CAN-2004-0223 + NOTE: reserved +CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...) + NOTE: not-for-us (isakmpd in OpenBSD) +CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (isakmpd in OpenBSD) +CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (isakmpd in OpenBSD) +CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (isakmpd in OpenBSD) +CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (isakmpd in OpenBSD) +CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...) + NOTE: not-for-us (Symantec AntiVirus Scan Engine for Red Hat) +CAN-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...) + NOTE: not-for-us (MSIE bug) +CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...) + NOTE: not-for-us (MS-Outlook-Express) +CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) + NOTE: not-for-us (MSIE bug) +CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0207 ("Shatter" style vulnerability in the Window Management application ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...) + NOTE: not-for-us (Visual Studio bug) +CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...) + NOTE: not-for-us (Exchange bug) +CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...) + NOTE: not-for-us (DirectX) +CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...) + NOTE: not-for-us (Windows HTML Help) +CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...) + NOTE: not-for-us (famous Windows GDI+ JPEG parsing bug) +CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0198 + NOTE: reserved +CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...) + NOTE: not-for-us (MSJet bug) +CAN-2004-0196 + NOTE: reserved +CAN-2004-0195 + NOTE: reserved +CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) + NOTE: not-for-us (Symantec Gateway Security) +CAN-2004-0189 + {DSA-474} +CAN-2004-0188 + {DSA-461} +CAN-2004-0187 + NOTE: rejected +CAN-2004-0186 + {DSA-463} +CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) + {DSA-478} + - tcpdump 3.7.2-4 +CAN-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) + {DSA-478} + - tcpdump 3.7.2-4 +CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (mailman; RedHat specific bug) +CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...) + NOTE: fixed in 2.4.26-pre5 +CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) + {DSA-486} +CAN-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) + {DSA-487} +CAN-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-pre3 +CAN-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-pre4 +CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...) + {DSA-511} + - ethereal 0.10.3-1 +CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) + NOTE: openssh bug #270770 + NOTE: this bug is old and known; see the bug discussion for further information. + NOTE: apparently the security team thinks this is a minor issue; nevertheless, + NOTE: the bug is still open, so they should close it if it really is neglectible. + NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH +CAN-2004-0174 (Apache before 2.0.49, when using multiple listening sockets on certain ...) + - apache 1.3.29.0.2-5 +CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) + NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this SUID root) +CAN-2004-0170 + NOTE: reserved +CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...) + NOTE: not-for-us (CoreFoundation for Mac OS X) +CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...) + NOTE: not-for-us (Safari) +CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...) + - ipsec-tools 0.3.3-1 + NOTE: not mentioned in the changelog, so I don't know which version exactly fixes + NOTE: the problem, but the patch that fixes the bug is applied: + NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 +CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) + NOTE: not-for-us (Sygate Secure Enterprise) +CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: not-for-us (general MIME bug with security gateways) +CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: not-for-us (general MIME bug with security gateways) +CAN-2004-0160 + {DSA-446} +CAN-2004-0159 + {DSA-447} +CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) + {DSA-445} +CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...) + {DSA-484} +CAN-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...) + {DSA-485} +CAN-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) + - racoon 0.2.5-2 +CAN-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) + - nfs-utils 1:1.0.5-3 +CAN-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...) + {DSA-468} +CAN-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) + {DSA-468} +CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) + {DSA-462} +CAN-2004-0150 + {DSA-458-2 DSA-458} +CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...) + {DSA-451} +CAN-2004-0147 + NOTE: reserved +CAN-2004-0146 + NOTE: reserved +CAN-2004-0145 + NOTE: reserved +CAN-2004-0144 + NOTE: reserved +CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) + NOTE: not-for-us (Nokia mobile phones) +CAN-2004-0142 + NOTE: reserved +CAN-2004-0141 + NOTE: reserved +CAN-2004-0140 + NOTE: reserved +CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) + NOTE: not-for-us (SGI IRIX) +CAN-2004-0138 + NOTE: reserved +CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) + NOTE: not-for-us (IRIX init) +CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) + NOTE: not-for-us (IRIX) +CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...) + NOTE: not-for-us (IRIX) +CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...) + NOTE: not-for-us (IRIX) +CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) + NOTE: fixed in 2.4.26-pre2 +CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...) + NOTE: not-for-us (ezContents) +CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) + NOTE: not-for-us (phpGedView) +CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...) + NOTE: not-for-us (phpGedView) +CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...) + NOTE: not-for-us (FreeBSD jail) +CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...) + NOTE: not-for-us (Windows bug) +CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...) + - openssl 0.9.7d-1 +CAN-2004-0111 + {DSA-464} +CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) + {DSA-455} +CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-rc4 +CAN-2004-0108 + {DSA-460} +CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...) + - sysstat 5.0.2-1 +CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) + {DSA-443} +CAN-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...) + {DSA-449} +CAN-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...) + {DSA-449} +CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) + {DSA-432} +CAN-2004-0102 + NOTE: reserved +CAN-2004-0101 + NOTE: reserved +CAN-2004-0100 + NOTE: reserved +CAN-2004-0098 + NOTE: reserved +CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) + {DSA-448} +CAN-2004-0094 + {DSA-443} +CAN-2004-0093 + {DSA-443} +CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...) + NOTE: not-for-us (Safari) +CAN-2004-0091 (** DISPUTED ** ...) + NOTE: not-for-us (vBulletin) +CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...) + NOTE: not-for-us (MacOS) +CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) + NOTE: not-for-us (MacOS) +CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) + NOTE: not-for-us (MacOS) +CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 with ...) + NOTE: not-for-us (MacOS) +CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) + NOTE: not-for-us (MacOS) +CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...) + {DSA-443} +CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...) + {DSA-443} +CAN-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...) + {DSA-465} +CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...) + {DSA-465} + - openssl096 0.9.6m-1 +CAN-2004-0077 + {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438} + NOTE: fixed in 2.4.26-pre3 +CAN-2004-0076 + NOTE: rejected +CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) + NOTE: turned out not to be vulnerable. See bug #278777 +CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...) + NOTE: not-for-us (EasyDynamicPages) +CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) + NOTE: not-for-us (Accipiter Direct Server 6.0) +CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...) + NOTE: not-for-us (PHP Man Page Lookup 1.2.0) +CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...) + NOTE: not-for-us (HD Soft Windows FTP Server 1.6) +CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...) + NOTE: not-for-us (phpGedView) +CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) + NOTE: not-for-us (phpGedView) +CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) + NOTE: not-for-us (phpGedView) +CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...) + NOTE: not-for-us (SuSE YaST) +CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...) + NOTE: not-for-us (FishCart) +CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) + NOTE: not-for-us (WWW File Share Pro 2.42) +CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) + NOTE: not-for-us (WWW File Share Pro 2.42) +CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...) + NOTE: not-for-us (WWW File Share Pro 2.42) +CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...) + NOTE: not-for-us (Antivir) +CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) + {DSA-425} +CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...) + NOTE: not-for-us (Nortel Networks products) +CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) + {DSA-425} +CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) + NOTE: not-for-us (Cisco IOS) +CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: not-for-us (Multiple security gateways MIME parsing stuff) +CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: not-for-us (Multiple security gateways MIME parsing stuff) +CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: not-for-us (Multiple security gateways MIME parsing stuff) +CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...) + NOTE: not-for-us (Verity Ultraseek) +CAN-2004-0048 + NOTE: reserved +CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) + {DSA-430} +CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) + NOTE: not-for-us (SnapStream PVS LITE) +CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...) + NOTE: not-for-us (Yahoo Instant Messenger) +CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...) + - vsftpd 2.0.1-1 + NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't + NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html +CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...) + {DSA-421} +CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...) + NOTE: not-for-us (Check Point Firewall) +CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) + NOTE: not-for-us (McAfee) +CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...) + NOTE: not-for-us (FistClass Desktop Client) +CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) + NOTE: not-for-us (Phorum) +CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...) + NOTE: not-for-us (PHPGEDVIEW) +CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) + NOTE: not-for-us (Lotus Notes Domino) +CAN-2004-0028 + {DSA-420} +CAN-2004-0027 + NOTE: reserved +CAN-2004-0026 + NOTE: reserved +CAN-2004-0025 + NOTE: reserved +CAN-2004-0024 + NOTE: reserved +CAN-2004-0023 + NOTE: reserved +CAN-2004-0022 + NOTE: reserved +CAN-2004-0021 + NOTE: reserved +CAN-2004-0020 + NOTE: reserved +CAN-2004-0019 + NOTE: reserved +CAN-2004-0018 + NOTE: reserved +CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...) + {DSA-419} +CAN-2004-0016 + {DSA-419} +CAN-2004-0015 + {DSA-418} +CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) + {DSA-412} +CAN-2004-0013 + {DSA-414} +CAN-2004-0012 + NOTE: reserved +CAN-2004-0011 + {DSA-416} +CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.25-pre7 +CAN-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...) + {DSA-434} + - gaim 1:0.75-2 +CAN-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) + {DSA-434} + - gaim 1:0.75-2 +CAN-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) + {DSA-434} + - gaim 1:0.75-2 +CAN-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) + {DSA-434} +CAN-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) + {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} + NOTE: fixed in 2.4.26-rc4 +CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...) + NOTE: not-for-us (FreeBSD netinet) +CAN-2003-1565 + NOTE: rejected +CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...) + NOTE: not-for-us (microsoft) +CAN-2003-1047 + NOTE: rejected +CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) + - bugzilla 2.16.4-1 +CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...) + - bugzilla 2.16.4-1 +CAN-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) + - bugzilla 2.16.4-1 +CAN-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) + - bugzilla 2.16.4-1 +CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) + - bugzilla 2.16.4-1 +CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...) + NOTE: not-for-us (microsoft) +CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...) + NOTE: linux kernel kmod local DoS, fixed in all current kernels +CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) + NOTE: not-for-us (SAP) +CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...) + NOTE: not-for-us (SAP) +CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...) + NOTE: not-for-us (SAP) +CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...) + NOTE: not-for-us (SAP) +CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...) + NOTE: not-for-us (SAP) +CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...) + NOTE: not-for-us (SAP) +CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) + NOTE: not-for-us (SAP) +CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) + NOTE: not-for-us (Pi3Web not in debian) +CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) + NOTE: not-for-us (VBulletin) +CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...) + NOTE: not-for-us (Dameware) +CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...) + {DSA-425} +CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...) + NOTE: not-for-us (microsoft) +CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) + NOTE: not-for-us (microsoft) +CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) + NOTE: not-for-us (microsoft) +CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) + NOTE: not-for-us (microsoft) +CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) + NOTE: not-for-us (solaris) +CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) + {DSA-424} +CAN-2003-1022 + {DSA-416} +CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...) + NOTE: not-for-us (SCO) +CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...) + - irssi-text 0.8.9-0.1 +CAN-2003-1019 + NOTE: reserved +CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...) + NOTE: not-for-us (AIX) +CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) + - flashplugin-nonfree 7.0.25-1 +CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: Multiple vendor MIME quote bypass filtering + TODO: unchecked +CAN-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) + - mime-tools 5.411-2 +CAN-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) + NOTE: Multiple vendor MIME RFC822 comment bypass filtering + TODO: unchecked +CAN-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...) + - ethereal 0.10.0-1 +CAN-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) + - ethereal 0.10.0-1 +CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...) + NOTE: not-for-us (Apple) +CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...) + NOTE: not-for-us (Apple) +CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...) + NOTE: not-for-us (Apple) +CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) + NOTE: not-for-us (Apple) +CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...) + NOTE: not-for-us (Apple) +CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) + NOTE: not-for-us (Apple) +CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...) + NOTE: not-for-us (Apple) +CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) + NOTE: not-for-us (Cisco) +CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) + NOTE: not-for-us (Cisco) +CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) + NOTE: not-for-us (Cisco) +CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) + NOTE: not-for-us (Cisco) +CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...) + - xchat 2.0.7 + NOTE: apparently only DOS +CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...) + NOTE: not-for-us (Solaris) +CAN-2003-0998 (Unknown "potential system security vulnerability" in Computer ...) + NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control) +CAN-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...) + NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control) +CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) + - mailman 2.1.3 +CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) + NOTE: apparenlty false/bad advisory + NOTE: http://www.securityfocus.com/archive/1/348366 + NOTE: possible problemsm before 1.4.2, 1.4.2 ok +CAN-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...) + {DSA-425} + - tcpdump 3.8.1 +CAN-2003-0987 (mod_digest for Apache does not properly verify the nonce of a client ...) + - apache 1.3.29.0.2-5 +CAN-2003-0986 + NOTE: reserved +CAN-2003-0985 + {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} + NOTE: fixed in 2.4.24-rc1 +CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) + NOTE: fixed in 2.4.24-rc1 +CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) + NOTE: not-for-us (Cisco Unity on IBM servers) +CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) + NOTE: not-for-us (Cisco) +CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) + NOTE: not-for-us (visitorbook.pl) +CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) + NOTE: not-for-us (visitorbook.pl) +CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...) + NOTE: not-for-us (visitorbook.pl) +CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...) + NOTE: not-for-us (gpgkeys_hkp) +CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) + - cvs 1:1.11.10 +CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) + NOTE: not-for-us (netware) +CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...) + NOTE: nor-for-us (MacOS) +CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...) + NOTE: not-for-us (Applied Watch Command Center) +CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...) + {DSA-452} +CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...) + {DSA-408} + - screen 4.0.2-0.1 +CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...) + {DSA-429} +CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...) + NOTE: not-for-us (Sun Fire B1600) +CAN-2003-0969 + {DSA-411} +CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...) + NOTE: freeradius module in question is not built in debian package + NOTE: buffer overflow apparently fixed in freeradius 1.0.1 +CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) + - freeradius 0.9.2-4 +CAN-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...) + NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control) +CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...) + {DSA-436} +CAN-2003-0964 + NOTE: rejected +CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) + - lftp 2.6.10 +CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...) + {DSA-404} +CAN-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...) + {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} + NOTE: do_brk hole + NOTE: fixed in 2.4.23-pre7 +CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) + NOTE: not-for-us (OpenCA) +CAN-2003-0959 + NOTE: reserved +CAN-2003-0958 + NOTE: reserved +CAN-2003-0957 + NOTE: reserved +CAN-2003-0956 + NOTE: reserved +CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) + NOTE: not-for-us (OpenBSD) +CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) + NOTE: not-for-us (rcp) +CAN-2003-0953 + NOTE: reserved +CAN-2003-0952 + NOTE: reserved +CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) + NOTE: not-for-us (HP-UX) +CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) + NOTE: not-for-us (PeopleSoft PeopleTools) +CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...) + {DSA-405} +CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...) + NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. +CAN-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) + NOTE: not vulnerable, iwconfig not setuid/setgid in Debian. +CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...) + - clamav 0.65 +CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...) + NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) +CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...) + NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) +CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...) + NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) +CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...) + NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) +CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) + NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) +CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) + NOTE: not-for-us (Web Database Manager in web-tools for SAP DB) +CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...) + NOTE: not-for-us (SAP database server (SAP DB)) +CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) + NOTE: not-for-us (SAP database server (SAP DB)) +CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...) + NOTE: not-for-us (UnixWare) +CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...) + NOTE: not-for-us (PCAnywhere) +CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) + - net-snmp 5.0.9 +CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...) + NOTE: not-for-us (Symbol Access Portable Data Terminal) +CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) + {DSA-398} +CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...) + {DSA-400} +CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) + NOTE: not-for-us (Sygate Enforcer) +CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...) + NOTE: not-for-us (Clearswift MAILsweeper) +CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) + NOTE: not-for-us (Clearswift MAILsweeper) +CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) + NOTE: not-for-us (Clearswift MAILsweeper) +CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...) + - ethereal 0.9.16-0.1 +CAN-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) + - ethereal 0.9.16-0.1 +CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) + - ethereal 0.9.16-0.1 +CAN-2003-0924 + {DSA-426} +CAN-2003-0923 + NOTE: reserved +CAN-2003-0922 + NOTE: reserved +CAN-2003-0921 + NOTE: reserved +CAN-2003-0920 + NOTE: reserved +CAN-2003-0919 + NOTE: reserved +CAN-2003-0918 + NOTE: reserved +CAN-2003-0917 + NOTE: reserved +CAN-2003-0916 + NOTE: reserved +CAN-2003-0915 + NOTE: reserved +CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...) + {DSA-409} +CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...) + NOTE: not-for-us (MacOS) +CAN-2003-0912 + NOTE: reserved +CAN-2003-0911 + NOTE: reserved +CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...) + NOTE: not-for-us (Windows) +CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...) + NOTE: not-for-us (Windows) +CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...) + NOTE: not-for-us (Windows) +CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) + NOTE: not-for-us (Windows) +CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) + NOTE: not-for-us (Windows) +CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) + NOTE: not-for-us (Windows) +CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) + {DSA-402} +CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...) + {DSA-397} +CAN-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...) + - perl 5.8.2 +CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...) + {DSA-396} +CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) + NOTE: not-for-us (microsoft) +CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) + NOTE: not-for-us (Sun/Java) +CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) + NOTE: not-for-us (Apple) +CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...) + NOTE: not-for-us (Oracle) +CAN-2003-0893 + NOTE: reserved +CAN-2003-0892 + NOTE: reserved +CAN-2003-0891 + NOTE: reserved +CAN-2003-0890 + NOTE: reserved +CAN-2003-0889 + NOTE: reserved +CAN-2003-0888 + NOTE: reserved +CAN-2003-0887 + NOTE: reserved +CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) + {DSA-401} +CAN-2003-0885 + NOTE: reserved +CAN-2003-0884 + NOTE: reserved +CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) + NOTE: not-for-us (Apple) +CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...) + NOTE: not-for-us (Apple) +CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...) + NOTE: not-for-us (Apple) +CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...) + NOTE: not-for-us (Apple) +CAN-2003-0879 + NOTE: rejected +CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...) + NOTE: not-for-us (Apple) +CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...) + NOTE: not-for-us (Apple) +CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...) + NOTE: not-for-us (Apple) +CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...) + NOTE: source package only + NOTE: openslp: slpd.all_init symlink vuln + NOTE: this file is not used in Debian, so it's not a problem for us. + NOTE: source package still distributes the file, however. + - openslp 1.0.11a-1 +CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) + NOTE: not-for-us (Deskpro) +CAN-2003-0873 + NOTE: reserved +CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) + NOTE: not-for-us (SCO) +CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) + NOTE: not-for-us (Apple) +CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) + NOTE: not-for-us (Opera) +CAN-2003-0869 + NOTE: reserved +CAN-2003-0868 + NOTE: reserved +CAN-2003-0867 + NOTE: rejected +CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) + {DSA-395} +CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) + {DSA-435} + - mpg123 0.59r-15 +CAN-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...) + - ircd-irc2 2.10.3p5-1 +CAN-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...) + NOTE: php4, this bug appears not to have been fixed. + NOTE: submitted to BTS on libapache-mod-php4 + NOTE: developer claims there is no problem +CAN-2003-0862 + NOTE: rejected +CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) + - php4 4:4.3.3-1 +CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...) + - php4 4:4.3.3-1 +CAN-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...) + NOTE: affects glibc 2.2.4, Debian uses 2.3.2 +CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) + {DSA-415} +CAN-2003-0857 + NOTE: reserved +CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...) + {DSA-492} + - iproute 20010824-13.1 +CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...) + - pan 0.13.4-1 +CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...) + {DSA-705-1} + - coreutils 5.2.1-1 +CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...) + - coreutils 5.2.1-1 +CAN-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) + - sylpheed-claws 0.9.8claws-1 +CAN-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...) + NOTE: affects openssl 0.9.6. Testing uses 0.9.7. +CAN-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) + {DSA-410} + - libnids1 1.18-1 +CAN-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...) + - cfengine2 2.0.9+2.1.0b3-1 +CAN-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...) + {DSA-428} + - slocate 2.7-3 +CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...) + NOTE: not-for-us (SuSE) +CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...) + NOTE: not-for-us (SuSE) +CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) + NOTE: not-for-us (JBoss) +CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) + NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode + NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. +CAN-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) + NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode + NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. +CAN-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) + NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode + NOTE: Debian doesn't enable MOD_GZIP_DEBUG1. +CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...) + NOTE: not-for-us (Peoplesoft) +CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...) + NOTE: not-for-us (HPUX) +CAN-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) + NOTE: not-for-us (microsoft) +CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) + NOTE: not-for-us (microsoft) +CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) + NOTE: not-for-us (mplayer) +CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) + NOTE: not-for-us (CDE) +CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) + {DSA-392} + - webfs 1.20 +CAN-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...) + {DSA-392} + - webfs 1.20 +CAN-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...) + - proftpd 1.2.9-1 +CAN-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...) + {DSA-390} + NOTE: marbles package not in testing or unstable +CAN-2003-0829 + NOTE: reserved +CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...) + {DSA-391} + - freesweep 0.88-4.1 +CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...) + {DSA-717-1} + - lsh-server 1.4.2-6 +CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...) + NOTE: not-for-us (microsoft) +CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) + NOTE: not-for-us (microsoft) +CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) + NOTE: not-for-us (microsoft) +CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) + NOTE: not-for-us (microsoft) +CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...) + NOTE: not-for-us (microsoft) +CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) + NOTE: not-for-us (microsoft) +CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) + NOTE: not-for-us (microsoft) +CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) + NOTE: not-for-us (microsoft) +CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) + NOTE: not-for-us (microsoft) +CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) + NOTE: not-for-us (microsoft) +CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) + NOTE: not-for-us (microsoft) +CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) + NOTE: not-for-us (microsoft) +CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...) + NOTE: not-for-us (microsoft) +CAN-2003-0811 + NOTE: reserved +CAN-2003-0810 + NOTE: reserved +CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...) + NOTE: not-for-us (microsoft) +CAN-2003-0808 + NOTE: reserved +CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) + NOTE: not-for-us (microsoft) +CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...) + NOTE: not-for-us (microsoft) +CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...) + {DSA-387} + NOTE: gopherd not in testing or unstable (deprecated) +CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...) + NOTE: not-for-us (BSD) +CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) + NOTE: not-for-us (Nokia) +CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) + NOTE: not-for-us (Nokia) +CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) + NOTE: not-for-us (Nokia) +CAN-2003-0800 + NOTE: reserved +CAN-2003-0799 + NOTE: reserved +CAN-2003-0798 + NOTE: reserved +CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) + NOTE: not-for-us (SGI IRIX) +CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) + NOTE: not-for-us (SGI IRIX) +CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...) + {DSA-415} +CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) + - gdm 2.4.4.4 +CAN-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...) + - gdm 2.4.4.4 +CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) + - fetchmail 6.2.5 +CAN-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...) + - mozilla-browser 2:1.5 +CAN-2003-0790 + NOTE: rejected +CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) + - apache2 2.0.48 +CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...) + - cupsys 1.1.19 +CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) + - ssh 1:3.7.1p2 +CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...) + - ssh 1:3.7.1p2 +CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...) + {DSA-389} +CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) + NOTE: not-for-us (IBM TSM) +CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) + {DSA-385} +CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...) + {DSA-467} +CAN-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...) + {DSA-467} +CAN-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...) + {DSA-381} +CAN-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...) + - asterisk 0.7.0 +CAN-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) + {DSA-379} +CAN-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...) + {DSA-379} +CAN-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) + {DSA-379} +CAN-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...) + {DSA-379} +CAN-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...) + {DSA-379} +CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) + {DSA-379} +CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) + NOTE: not-for-us (WS_FTP server) +CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...) + - libapache-gallery-perl 0.7 +CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...) + NOTE: not-for-us (IkonBoard not in Debian) +CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...) + NOTE: not-for-us (ICQ Web Front) +CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) + NOTE: not-for-us (microsoft) +CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...) + NOTE: not-for-us (RogerWilco not in Debian) +CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...) + NOTE: not-for-us (ftp desktop (windows)) +CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...) + NOTE: not-for-us (winamp) +CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...) + NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian) +CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) + NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian) +CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...) + NOTE: not-for-us (foxweb) +CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...) + - asterisk 0.5.0 +CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (optisoft blubster) +CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...) + NOTE: not-for-us (IBM DB2) +CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) + NOTE: not-for-us (check point firewall) +CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...) + NOTE: not-for-us (sitebuilder not in Debian) +CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...) + NOTE: not-for-us (gtkftpd not in Debian) +CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) + NOTE: not-for-us (newsPHP not in Debian) +CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...) + NOTE: not-for-us (newsPHP not in Debian) +CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...) + NOTE: not-for-us (AttilaPHP not in Debian) +CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...) + NOTE: not-for-us (PY-Membres not in Debian) +CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...) + NOTE: not-for-us (PY-Membres not in Debian) +CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) + NOTE: not-for-us (SAP) +CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...) + NOTE: not-for-us (SAP) +CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...) + NOTE: not-for-us (SAP) +CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...) + NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb) +CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...) + NOTE: not-for-us (castlerock SNMPc) +CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...) + - leafnode 1.9.42 +CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) + {DSA-376} +CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) + NOTE: not-for-us (SCO) +CAN-2003-0741 + NOTE: reserved +CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) + - stunnel 2:3.26 + - stunnel4 2:4.04 +CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...) + NOTE: not-for-us (VMware) +CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) + NOTE: not-for-us (phpWebSite not in Debian) +CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) + NOTE: not-for-us (phpWebSite not in Debian) +CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...) + NOTE: not-for-us (phpWebSite not in Debian) +CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) + NOTE: not-for-us (phpWebSite not in Debian) +CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...) + - libpam-ldap 164-1 + - libnss-ldap 207-1 +CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...) + NOTE: not-for-us (BEA weblogic) +CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) + NOTE: not-for-us (cisco) +CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) + NOTE: not-for-us (cisco) +CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...) + {DSA-380} +CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...) + NOTE: not-for-us (tellurian tftpdNT) +CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) + - horde2 2.2.4 +CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) + NOTE: not-for-us (oracle) +CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) + NOTE: not-for-us (RealOne player) +CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...) + NOTE: not-for-us (Real Networks Server / Helix Server) +CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...) + NOTE: not-for-us (HP Tru64) +CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) + - gkrellmd 2.1.14 +CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...) + NOTE: not-for-us (solaris) +CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...) + - pine 4.58 + - pine-tracker 4.58 +CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) + - pine 4.58 + - pine-tracker 4.58 +CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) + NOTE: not-for-us (microsoft) +CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...) + NOTE: not-for-us (microsoft) +CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...) + NOTE: not-for-us (microsoft) +CAN-2003-0716 + NOTE: reserved +CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...) + NOTE: not-for-us (microsoft) +CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...) + NOTE: not-for-us (microsoft) +CAN-2003-0713 + NOTE: reserved +CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) + NOTE: not-for-us (microsoft) +CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...) + NOTE: not-for-us (pchealth for windows) +CAN-2003-0710 + NOTE: reserved +CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...) + - whois 4.6.7 +CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) + {DSA-375} +CAN-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...) + {DSA-375} +CAN-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...) + {DSA-378} +CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) + {DSA-378} +CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...) + NOTE: not-for-us (KisMAC for Mac OS X) +CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...) + NOTE: not-for-us (KisMAC for Mac OS X) +CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) + NOTE: not-for-us (microsoft) +CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) + NOTE: not-for-us (microsoft) +CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...) + NOTE: fixed in 2.4.22-pre3 +CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) + NOTE: fixed in 2.4.21-rc2 +CAN-2003-0698 + NOTE: rejected + - exim 3.36-8 +CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) + NOTE: not-for-us (AIX) +CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...) + NOTE: not-for-us (AIX) +CAN-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) + {DSA-383 DSA-382} +CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...) + {DSA-384} +CAN-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...) + {DSA-383 DSA-382} + - openssh 1:3.6.1p2-6.0 +CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...) + {DSA-388} +CAN-2003-0691 + NOTE: reserved +CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...) + {DSA-443 DSA-388} +CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) + - libc6 2.2.5 +CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...) + - sendmail 8.12.9 +CAN-2003-0687 + NOTE: rejected +CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...) + {DSA-374} +CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...) + {DSA-372} +CAN-2003-0684 + NOTE: reserved +CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) + NOTE: not-for-us (SGI) +CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) + {DSA-383 DSA-382} + - openssh 1:3.6.1p2-9 +CAN-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) + {DSA-384} +CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) + NOTE: not-for-us (SGI IRIX) +CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) + NOTE: not-for-us (SGI IRIX) +CAN-2003-0678 + NOTE: reserved +CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) + NOTE: not-for-us (Cisco) +CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) + NOTE: not-for-us (Sun iPlanet) +CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...) + {DSA-370} +CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) + NOTE: not-for-us (sustworks IPNetSentryX) +CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...) + NOTE: not-for-us (sustworks IPNetSentryX) +CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...) + NOTE: not-for-us (solaris) +CAN-2003-0668 + NOTE: reserved +CAN-2003-0667 + NOTE: reserved +CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...) + NOTE: not-for-us (microsoft) +CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...) + NOTE: not-for-us (microsoft) +CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...) + NOTE: not-for-us (microsoft) +CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...) + NOTE: not-for-us (microsoft) +CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...) + NOTE: not-for-us (microsoft) +CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) + NOTE: not-for-us (microsoft) +CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...) + NOTE: not-for-us (microsoft) +CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...) + NOTE: not-for-us (microsoft) +CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...) + NOTE: not-for-us (docview / caldera) +CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...) + {DSA-365} +CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) + {DSA-366} +CAN-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...) + - cdrecord 4:2.0+a18-1 +CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...) + {DSA-373} +CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...) + NOTE: not-for-us (NetBSD) +CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...) + {DSA-367} +CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...) + NOTE: not-for-us (mod_mylo for apache) not in debian +CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...) + NOTE: not-for-us (gamespy) +CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...) + {DSA-368} +CAN-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...) + {DSA-472} +CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...) + NOTE: not-for-us (Cisco) +CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...) + NOTE: not-for-us (ActiveX) +CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) + {DSA-364} +CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...) + - kdbg 1.2.9-1 +CAN-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...) + {DSA-358} + NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3) +CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...) + NOTE: not-for-us (Watchguard / win) +CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...) + NOTE: not-for-us (Watchguard / win) +CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...) + NOTE: not-for-us (BEA WebLogic) +CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...) + NOTE: not-for-us (novell ichain) +CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...) + NOTE: not-for-us (novell ichain) +CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...) + NOTE: not-for-us (novell ichain) +CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) + NOTE: not-for-us (novell ichain) +CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...) + NOTE: not-for-us (novell ichain) +CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...) + NOTE: not-for-us (oracle) +CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) + NOTE: not-for-us (oracle) +CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) + NOTE: not-for-us (oracle) +CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...) + NOTE: not-for-us (VMware) +CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...) + {DSA-359} +CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...) + NOTE: not-for-us (peoplesoft) +CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) + NOTE: not-for-us (peoplesoft) +CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) + NOTE: not-for-us (peoplesoft) +CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) + NOTE: not-for-us (peoplesoft) +CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) + {DSA-360} +CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) + NOTE: not-for-us (BEA WebLogic) +CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) + NOTE: not-for-us (BEA Tuxedo) +CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) + NOTE: not-for-us (BEA Tuxedo) +CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) + NOTE: not-for-us (BEA Tuxedo) +CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) + {DSA-364} +CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...) + {DSA-358} + NOTE: fixed in 2.4.21-pre3 +CAN-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...) + {DSA-431} +CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) + {DSA-362} +CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...) + NOTE: not-for-us (McAfee) +CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...) + {DSA-371} +CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) + {DSA-355} +CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...) + {DSA-369} +CAN-2003-0612 (Buffer overflow in main.c for Crafty 19.3 allows local users to gain ...) + - crafty 19.3-1 +CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...) + {DSA-356} +CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...) + NOTE: not-for-us (McAfee) +CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) + NOTE: not-for-us (Solaris) +CAN-2003-0608 + NOTE: reserved +CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...) + {DSA-354} +CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...) + {DSA-353} + - sup 1.8-9 +CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...) + - bugzilla 2.16.3 + NOTE: in 2.17.x : we need at least 2.17.4 +CAN-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) + - bugzilla 2.16.3 + NOTE: in 2.17.x : we need at least 2.17.4 +CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...) + NOTE: not-for-us (Apple) +CAN-2003-0600 + NOTE: reserved +CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) + {DSA-365} +CAN-2003-0598 + NOTE: rejected +CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...) + NOTE: not-for-us (Unixware) +CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...) + {DSA-352} + - fdclone 2.02a +CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...) + NOTE: not-for-us (WiTango Application Server and Tango 2000) +CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...) + NOTE: cannot find reference to it being fixed. + TODO: check +CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...) + NOTE: not-for-us (opera) +CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...) + {DSA-459} +CAN-2003-0591 + NOTE: rejected +CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) + NOTE: not-for-us (Splatt Forum) +CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...) + NOTE: not-for-us (Digi-ads) +CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...) + NOTE: not-for-us (Digi-news) +CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) + NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB)) +CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...) + NOTE: not-for-us (Brooky eStore) +CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...) + NOTE: not-for-us (Brooky eStore) +CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...) + NOTE: not-for-us (BRU) +CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) + NOTE: not-for-us (BRU) +CAN-2003-0582 + NOTE: rejected +CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) + {DSA-360} +CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...) + NOTE: not-for-us (IBM U2 UniVerse) +CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...) + NOTE: not-for-us (IBM U2 UniVerse) +CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) + NOTE: not-for-us (IBM U2 UniVerse) +CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) + - mpg123 0.59r-1 +CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) + NOTE: not-for-us (IRIX) +CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) + NOTE: not-for-us (IRIX) +CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...) + NOTE: not-for-us (IRIX) +CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) + NOTE: not-for-us (IRIX) +CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) + NOTE: not-for-us (IRIX) +CAN-2003-0571 + NOTE: reserved +CAN-2003-0570 + NOTE: reserved +CAN-2003-0569 + NOTE: reserved +CAN-2003-0568 + NOTE: reserved +CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) + NOTE: not-for-us (Cisco) +CAN-2003-0566 + NOTE: reserved +CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...) + NOTE: affects many implementations of the X.400 protocol + TODO: see if anything in debian uses X.400 and is vulnerable. +CAN-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...) + NOTE: affects multiple S/MIME implementations + NOTE: checked current mozilla, which contains safe NSS 3.9.1 + - mozilla 2:1.7.3 + TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable +CAN-2003-0563 + NOTE: reserved +CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) + NOTE: not-for-us (Novell Netware) +CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) + NOTE: not-for-us (IglooFTP) +CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...) + NOTE: not-for-us (VP-ASP) +CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) + NOTE: not-for-us (phpforum) +CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...) + NOTE: not-for-us (LeapFTP) +CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...) + NOTE: not-for-us (StoreFront) +CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...) + NOTE: not-for-us (Polycom MGC) +CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) + NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 +CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...) + NOTE: not-for-us (NeoModus Direct Connect) +CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) + NOTE: not-for-us (Netscape) +CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre3 +CAN-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre3 +CAN-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre3 +CAN-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) + - gdm 2.4.1.5 +CAN-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) + - gdm 2.4.1.5 +CAN-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...) + - gdm 2.4.1.5 +CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) + NOTE: not-for-us (up2date) +CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) + {DSA-394 DSA-393} +CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...) + {DSA-394 DSA-393} +CAN-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) + {DSA-394 DSA-393} +CAN-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...) + - apache2 2.0.48 + - apache 1.3.29 +CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...) + {DSA-710-1} + NOTE: does not affect evolution on debian + - gtkhtml 1.0.4-6.2 +CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...) + {DSA-363} +CAN-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...) + {DSA-343} +CAN-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...) + {DSA-342} +CAN-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...) + {DSA-341} +CAN-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) + {DSA-346} +CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...) + {DSA-345} +CAN-2003-0534 + NOTE: reserved +CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0529 + NOTE: reserved +CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0527 + NOTE: reserved +CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...) + NOTE: appears specific to the knoppix CD +CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...) + NOTE: not-for-us (ProductCart) +CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...) + NOTE: not-for-us (ProductCart) +CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) + NOTE: not-for-us (cPanel is not our cpanel) +CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) + NOTE: not-for-us (Trillian) +CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) + NOTE: not-for-us (MacOS) +CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...) + - mgetty 1.1.29 +CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...) + - mgetty 1.1.29 +CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...) + {DSA-347} +CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) + NOTE: not-for-us (Safari) +CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) + NOTE: not-for-us (MSIE) +CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) + NOTE: not-for-us (Cisco) +CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) + NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices) +CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) + NOTE: not-for-us (ezbounce) +CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) + NOTE: not-for-us (Cyberstrong eShop) +CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...) + NOTE: not-for-us (acroread) +CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) + {DSA-365} +CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) + NOTE: not-for-us (Apple Quicktime) +CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre10 +CAN-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...) + {DSA-338} +CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) + {DSA-335} +CAN-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...) + NOTE: not-for-us (Intersystems Cache database) +CAN-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...) + NOTE: not-for-us (Intersystems Cache database) +CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) + NOTE: not-for-us (lednews; not in debian) +CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...) + NOTE: not-for-us (snitz forums; not in debian) +CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) + NOTE: not-for-us (snitz forums; not in debian) +CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...) + NOTE: not-for-us (snitz forums; not in debian) +CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) + NOTE: not-for-us (xoop; not in debian) +CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) + NOTE: not-for-us (Dantz Retrospect) +CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...) + {DSA-330} +CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) + NOTE: not-for-us (Kerio Mail server) +CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...) + NOTE: not-for-us (Kerio Mail server) +CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...) + - phpbb2 2.0.6 +CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...) + NOTE: not-for-us (Progress 4GL Compiler) +CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...) + - phpbb2 2.0.6d-3 +CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) + NOTE: not-for-us (XMB Forum) +CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...) + - tutos 1.1.20030715-1 +CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) + - tutos 1.1.20030715-1 +CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...) + NOTE: not-for-us (VMware) +CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...) + NOTE: not-for-us (WebBBS; not in debian) +CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...) + NOTE: not-for-us (bahamut and other irc daemons; not in debian) +CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...) + - wzdftpd 0.2 +CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...) + {DSA-423 DSA-358} + NOTE: fixed in 2.4.22-pre4 +CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...) + NOTE: not-for-us (iWeb server) +CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...) + NOTE: not-for-us (iWeb server) +CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...) + NOTE: not-for-us (SGI IRIX) +CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) + NOTE: not-for-us (SGI IRIX) +CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...) + NOTE: not-for-us (webadmin / win) +CAN-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...) + NOTE: not-for-us (symantec activex) +CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) + NOTE: not-for-us (microsoft) +CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...) + {DSA-363} +CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...) + NOTE: fixed in linux 2.4.21 +CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) + {DSA-357} +CAN-2003-0465 strncpy in kernel does not pad with zeroes + NOTE: generic .c version fixed in 2.6.x but not in 2.4.x + NOTE: arch specific asm versions: + NOTE: x86 is not affected + NOTE: ppc32 fixed in 2.4.22-rc4 + NOTE: not an issue on alpha, see bug #280492 + - kernel-source-2.4.27 2.4.27-8 + NOTE: above fixes s390x, ppc64 and s390 and generic C version +CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) + NOTE: fixed in linux 2.4.22-pre8 +CAN-2003-0463 + NOTE: reserved +CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...) + {DSA-423 DSA-358} +CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...) + {DSA-423 DSA-358} +CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...) + NOTE: not-for-us (apache for win and os/2) +CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) + {DSA-361} +CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) + NOTE: not-for-us (HP) +CAN-2003-0457 + NOTE: reserved + - mysql-dfsg 4.0.21-4 +CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...) + NOTE: not-for-us (visnetic website) +CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...) + {DSA-331} +CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...) + {DSA-334} +CAN-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...) + {DSA-348} +CAN-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...) + {DSA-329} +CAN-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) + {DSA-327} +CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...) + {DSA-321} +CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...) + NOTE: not-for-us (progress database) +CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...) + NOTE: not-for-us (portmon; not in debian) +CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...) + NOTE: not-for-us (microsoft) +CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) + NOTE: not-for-us (microsoft) +CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...) + {DSA-328} +CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...) + {DSA-337} +CAN-2003-0443 + NOTE: reserved +CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...) + {DSA-351} +CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...) + {DSA-326} +CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) + {DSA-339} +CAN-2003-0439 + NOTE: reserved +CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) + {DSA-325} +CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...) + - mnogosearch-common 3.2.11 +CAN-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...) + - mnogosearch-common 3.2.11 +CAN-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...) + {DSA-322} +CAN-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) + NOTE: various pdf viewers + NOTE: kpdf does not seem to support hyperlinks; so not vulnerable + NOTE: gpdf 2.8.0 does not seem to be vulnerable + - xpdf 2.02pl1-1 +CAN-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...) + {DSA-315} +CAN-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) + {DSA-324} +CAN-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) + {DSA-324} +CAN-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...) + - ethereal 0.9.13 +CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...) + {DSA-324} +CAN-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...) + {DSA-324} +CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) + {DSA-320} +CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...) + NOTE: not-for-us (Apple) +CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...) + NOTE: not-for-us (Apple) +CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) + NOTE: not-for-us (Apple) +CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...) + NOTE: not-for-us (Apple) +CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) + NOTE: not-for-us (Apple) +CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) + NOTE: not-for-us (Apple) +CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...) + NOTE: not-for-us (Apple) +CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) + NOTE: not-for-us (SMC) +CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) + NOTE: only linux 2.0.x +CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...) + NOTE: not-for-us (Son hServer) +CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) + NOTE: not-for-us (bandmin; not in Debian) +CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) + NOTE: not-for-us (Remote PC Access) +CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) + NOTE: not-for-us (Sun ONE) +CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) + NOTE: not-for-us (Sun ONE) +CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...) + NOTE: not-for-us (Sun ONE) +CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...) + NOTE: not-for-us (Sun ONE) +CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...) + NOTE: not-for-us (AnalogX proxy) +CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...) + NOTE: not-for-us (BRS WebWeaver) +CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) + NOTE: not-for-us (Uptimes Project upclient; not in Debian) +CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...) + - gbatnav 1.0.4-4 +CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...) + NOTE: not-for-us (PalmVNC) +CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...) + NOTE: not-for-us (Vignette) +CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...) + NOTE: not-for-us (Vignette) +CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...) + NOTE: not-for-us (Vignette) +CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) + NOTE: not-for-us (Vignette) +CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...) + NOTE: not-for-us (Vignette) +CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) + NOTE: not-for-us (Vignette / AIX) +CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...) + NOTE: not-for-us (Vignette StoryServer) +CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...) + NOTE: not-for-us (Vignette StoryServer) +CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) + NOTE: not-for-us (FastTrack network code (Kazaa)) +CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...) + - linux-arm 2.4.1 +CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...) + NOTE: not-for-us (Ultimate PHP Board) +CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...) + NOTE: not-for-us (BLNews) +CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...) + NOTE: not-for-us (Privacyware Privatefirewall) +CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) + NOTE: not-for-us (ST FTP Service (DOS)) +CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) + NOTE: not-for-us (Magic WinMail Server) +CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) + - opt 3.19 +CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...) + NOTE: not-for-us (RSA ACE/Agent) +CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...) + NOTE: pam is not vulnerable in default confuguration + NOTE: pam is not vulnerable at all in sarge, according to maintainer +CAN-2003-0387 + NOTE: reserved +CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) + NOTE: fixed in current openssh, which always does reverse mapping now +CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...) + {DSA-310} + - xaos 3.1r-4 +CAN-2003-0384 + NOTE: reserved +CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...) + {DSA-309} +CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...) + {DSA-323} +CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...) + {DSA-314} +CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) + NOTE: not-for-us (MaxOS) +CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) + NOTE: not-for-us (MaxOS) +CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) + NOTE: not-for-us (iisPROTECT) +CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...) + NOTE: not-for-us (Eudora) +CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) + NOTE: not-for-us (XMBforum aka Partagium)) +CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) + - nessus 2.0.6 +CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...) + - nessus 2.0.6 +CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...) + - nessus 2.0.6 +CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) + NOTE: not-for-us (Prishtina FTP client) +CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...) + {DSA-361} +CAN-2003-0369 + NOTE: reserved +CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...) + NOTE: not-for-us (Nokia Gateway GPRS) +CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...) + {DSA-308} +CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) + {DSA-318} +CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...) + NOTE: not-for-us (ICQLite) +CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) + {DSA-442 DSA-336 DSA-332 DSA-311} +CAN-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...) + - licq 1.2-7-1 +CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) + {DSA-307} +CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) + {DSA-307} +CAN-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) + {DSA-307} +CAN-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...) + {DSA-316} +CAN-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...) + {DSA-350 DSA-316} +CAN-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...) + {DSA-313} +CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...) + {DSA-313} +CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) + NOTE: not-for-us (Safari) +CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) + - gs-gpl 7.07 +CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0351 + NOTE: rejected +CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) + NOTE: not-for-us (BlackMoon FTP Server) +CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) + NOTE: not-for-us (BlackMoon FTP Server) +CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...) + NOTE: not-for-us (Owl Intranet Engine) +CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...) + NOTE: not-for-us (Puresecure) +CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...) + NOTE: not-for-us (WsMp3) +CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) + NOTE: not-for-us (WsMp3) +CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...) + NOTE: not-for-us (lsadmin) +CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) + NOTE: not-for-us (Eudora) +CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...) + NOTE: not-for-us (Slaskware specific) +CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...) + - ircii-pana 1:1.0-0c19.20030512-1 +CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) + NOTE: not-for-us (C-Kermit on HP-UX) +CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...) + NOTE: not-for-us (BadBlue) +CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...) + NOTE: not-for-us (ttForum) +CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) + NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. +CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...) + NOTE: not-for-us (CesarFTP) +CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...) + {DSA-399 DSA-306} +CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...) + NOTE: not-for-us (Sybase Adaptive Server Enterprise) +CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) + NOTE: bug does exist in slocate. + NOTE: only impacts security if kernel has been recompiled to allow + NOTE: an absurd 536870912 bytes of command line arguments. This is + NOTE: very unlikely, and if you do exploit it, you get only slocate + NOTE: gid. +CAN-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...) + NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed. +CAN-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...) + {DSA-287} +CAN-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...) + {DSA-298 DSA-291} +CAN-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...) + {DSA-306} +CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...) + {DSA-306} +CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) + NOTE: not-for-us (ttCMS) +CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...) + NOTE: not-for-us (SmartMax MailMax) +CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...) + NOTE: not-for-us (iisPROTECT) +CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...) + NOTE: not-for-us (Venturi Client) +CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Snowblind Web Server) +CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Snowblind Web Server) +CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) + NOTE: not-for-us (Snowblind Web Server) +CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) + NOTE: not-for-us (Snowblind Web Server) +CAN-2003-0311 + NOTE: reserved +CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...) + NOTE: author apparently fixed hole by time vuln was reported, + NOTE: and I guess that fix made it into new upstream versions, + NOTE: but I did not check in detail +CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) + NOTE: not-for-us (MSIE) +CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) + {DSA-305} +CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...) + NOTE: not-for-us (Poster version.two) +CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...) + NOTE: not-for-us (Windows) +CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) + NOTE: not-for-us (Cisco) +CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...) + NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk) +CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...) + NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk) +CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) + NOTE: not-for-us (Eudora) +CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...) + NOTE: not-for-us (Microsort) +CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...) + NOTE: sylpheed and sylpheed-claws might still be vulnerable + NOTE: but it's only a crasher +CAN-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) + NOTE: mutt and balse might still be vulnerable + NOTE: but it's only a crasher +CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) + - mozilla 1.4b +CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...) + - uw-imap 7:2002c + NOTE: did not check pine +CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...) + - evolution 1.3.2 +CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) + NOTE: not-for-us (vBulletin) +CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) + NOTE: not-for-us (php-proxima) +CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...) + NOTE: not-for-us (PalmOS) +CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...) + NOTE: not-for-us (Inktomi) +CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...) + NOTE: not-for-us (3com OfficeConnect Remote 812 ADSL Router) +CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) + NOTE: not-for-us (eServ) +CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...) + - cdrtools 4:2.0+a14-1 +CAN-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...) + NOTE: not-for-us (IP Messenger for Win) +CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...) + NOTE: not-for-us (Movable Type) +CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...) + NOTE: not-for-us (Snitz Forums) +CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) + NOTE: not-for-us (bad sendmail config on AIX) +CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...) + NOTE: not-for-us (Adobe Acrobat) +CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) + NOTE: not-for-us (Phorum) +CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...) + {DSA-344} +CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...) + - firebird2 1.5.1-1 + NOTE: firebird (1) in debian is very insecure and vulnerable, but + NOTE: the server is not included, just the libraries. See bug #251458 +CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...) + NOTE: not-for-us (SMTP Service for ESMTP CMailServer ) +CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) + NOTE: not-for-us (PHP-Nuke) +CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...) + NOTE: not-for-us (HappyMail) +CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...) + NOTE: not-for-us (HappyMail) +CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...) + NOTE: not-for-us (Pi3Web) +CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (YaBB SE) +CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...) + NOTE: not-for-us (ListProc) +CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...) + NOTE: old version of Request Tracker not in debian. +CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...) + NOTE: not-for-us (miniPortail) +CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...) + NOTE: not-for-us (Personal FTP Server) +CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) + NOTE: not-for-us (Apple Airport) +CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) + NOTE: not-for-us (youbin) +CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) + NOTE: not-for-us (SLWebMail on Windows) +CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...) + NOTE: not-for-us (SLWebMail on Windows) +CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...) + NOTE: not-for-us (SLWebMail on Windows) +CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...) + NOTE: not-for-us (SDBINST for SAP database) +CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) + NOTE: not-for-us (SLMail) +CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...) + NOTE: not-for-us (FTGatePro) +CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) + {DSA-299} +CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...) + {DSA-302} +CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) + NOTE: not-for-us (Cisco) +CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) + NOTE: not-for-us (Cisco) +CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) + NOTE: not-for-us (Cisco) +CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) + NOTE: not-for-us (AIX) +CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) + - kopete 3.2.0 +CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...) + - gnupg 1.2.2 +CAN-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) + - apache2 2.0.47 +CAN-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...) + - apache2 2.0.47 +CAN-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) + {DSA-349} +CAN-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) + NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 + - nis 3.11 +CAN-2003-0250 + NOTE: reserved +CAN-2003-0249 + NOTE: reserved +CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CAN-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CAN-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...) + - apache2 2.0.46 +CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...) + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) + NOTE: not-for-us (Happycgi.com Happymall) +CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...) + NOTE: not-for-us (MacOS) +CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...) + NOTE: not-for-us (FrontRange GoldMine / win) +CAN-2003-0240 (The web-based administration capability for various Axis Network ...) + NOTE: not-for-us (Axis Network Camera) +CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...) + NOTE: not-for-us (Mirabilis ICQ / windows) +CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...) + NOTE: not-for-us (Mirabilis ICQ / windows) +CAN-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) + NOTE: not-for-us (Mirabilis ICQ / windows) +CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...) + NOTE: not-for-us (Mirabilis ICQ / windows) +CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) + NOTE: not-for-us (Mirabilis ICQ / windows) +CAN-2003-0234 + NOTE: reserved +CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...) + NOTE: not-for-us (microsoft) +CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...) + NOTE: not-for-us (microsoft) +CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...) + NOTE: not-for-us (microsoft) +CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...) + NOTE: not-for-us (microsoft) +CAN-2003-0229 + NOTE: reserved +CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...) + NOTE: not-for-us (microsoft) +CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) + NOTE: not-for-us (microsoft) +CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...) + NOTE: not-for-us (microsoft) +CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) + NOTE: not-for-us (microsoft) +CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...) + NOTE: not-for-us (microsoft) +CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...) + NOTE: not-for-us (microsoft) +CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) + NOTE: not-for-us (oracle) +CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) + NOTE: not-for-us (HP tru64) +CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) + NOTE: not-for-us (Kerio Personal Firewall) +CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) + NOTE: not-for-us (Kerio Personal Firewall) +CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...) + NOTE: not-for-us (Monkey http daemon; not in debian) +CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...) + NOTE: not-for-us (Neoteris Instant Virtual Extranet) +CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...) + NOTE: not-for-us (cisco) +CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...) + NOTE: not-for-us (bttlxeForum / win) +CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...) + {DSA-292} +CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...) + {DSA-295} +CAN-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...) + {DSA-289} +CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) + - xinetd 2.3.11 +CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...) + NOTE: not-for-us (cisco) +CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...) + {DSA-297} +CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...) + NOTE: not-for-us (macromedia flash) +CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...) + {DSA-286} +CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) + {DSA-294} +CAN-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) + {DSA-294} +CAN-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...) + {DSA-296 DSA-293 DSA-284} +CAN-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) + {DSA-281} +CAN-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...) + {DSA-279} +CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) + {DSA-280} +CAN-2003-0200 + NOTE: reserved +CAN-2003-0199 + NOTE: reserved +CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) + NOTE: not-for-us (MacOS) +CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) + NOTE: not-for-us (Interbase Database) +CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...) + {DSA-280} +CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...) + {DSA-317} +CAN-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...) + NOTE: apparently a redhat specific compilation prolem of tcpdump +CAN-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) + {DSA-575-1} + - catdoc 0.91.5-2 +CAN-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...) + - apache2 2.0.47 +CAN-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...) + - ssh 1:3.8.1p1-8.sarge.4 +CAN-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...) + - apache2 2.0.46 +CAN-2003-0188 (lv reads a .lv file from the current working directory, which allows ...) + {DSA-304} +CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...) + NOTE: only affects kernel 2.4.19, 2.4.20. +CAN-2003-0186 + NOTE: reserved +CAN-2003-0185 + NOTE: reserved +CAN-2003-0184 + NOTE: reserved +CAN-2003-0183 + NOTE: reserved +CAN-2003-0182 + NOTE: reserved +CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) + NOTE: not-for-us (Lotus Domino Web Server) +CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) + NOTE: not-for-us (Lotus Domino Web Server) +CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...) + NOTE: not-for-us (Lotus Domino Web Server) +CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...) + NOTE: not-for-us (Lotus Domino Web Server) +CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...) + NOTE: not-for-us (IRIX) +CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...) + NOTE: not-for-us (IRIX) +CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) + NOTE: not-for-us (IRIX) +CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...) + NOTE: not-for-us (IRIX) +CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...) + {DSA-283} +CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) + NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) +CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...) + NOTE: not-for-us (MacOS) +CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...) + NOTE: not-for-us (AIX) +CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) + NOTE: not-for-us (HP Instant TopTools) +CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...) + NOTE: not-for-us (Apple QuickTime Player) +CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...) + {DSA-300 DSA-274} +CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...) + NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2) +CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) + - eog 2.2.1 +CAN-2003-0164 + NOTE: reserved +CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) + NOTE: Gaim-Encryption Plugin not in debian +CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) + {DSA-271} +CAN-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) + {DSA-290 DSA-278} +CAN-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) + - squirrelmail 1:1.2.11 +CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) + - ethereal 0.9.10 +CAN-2003-0158 + NOTE: rejected +CAN-2003-0157 + NOTE: rejected +CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...) + {DSA-264} +CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...) + {DSA-265} +CAN-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) + {DSA-265} +CAN-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) + {DSA-265} +CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...) + {DSA-265} +CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...) + NOTE: not-for-us (BEA WebLogic Server) +CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...) + {DSA-303} +CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...) + NOTE: not-for-us (McAfee ePolicy Orchestrator) +CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...) + NOTE: not-for-us (McAfee ePolicy Orchestrator) +CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...) + {DSA-288} +CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...) + {DSA-263} +CAN-2003-0145 + {DSA-261} +CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) + {DSA-275 DSA-267} +CAN-2003-0143 + {DSA-259} +CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...) + NOTE: not-for-us (acroread) +CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...) + NOTE: not-for-us (Real) +CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) + {DSA-268} +CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) + {DSA-273 DSA-266} +CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...) + {DSA-273 DSA-269 DSA-266} +CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) + NOTE: not-for-us (Nokia Serving GPRS support node) +CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...) + {DSA-285} +CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...) + NOTE: red-hat specific compilation problem of vsftpd +CAN-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...) + - apache2 2.0.46 +CAN-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...) + - evolution 1.2.4 +CAN-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) + - apache2 2.0.45 +CAN-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) + {DSA-288} +CAN-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...) + - evolution 1.2.3 +CAN-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...) + - evolution 1.2.3 +CAN-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) + - evolution 1.2.3 +CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...) + {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} +CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) + NOTE: not-for-us (SOHO Routefinder 550 firmware) +CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...) + NOTE: not-for-us (Clearswift MAILsweeper) +CAN-2003-0120 + {DSA-256} +CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...) + NOTE: not-for-us (AIX) +CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0108 + {DSA-255} + - tcpdump 3.7.1-1.2 +CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) + NOTE: not-for-us (Symantec Enterprise Firewall) +CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...) + NOTE: not-for-us (ServerMask) +CAN-2003-0102 + {DSA-260} +CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...) + {DSA-319} +CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...) + {DSA-277} +CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...) + {DSA-277} +CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) + NOTE: not-for-us (Oracle) +CAN-2003-0093 + {DSA-261} +CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...) + NOTE: not-for-us (Solaris) +CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...) + NOTE: not-for-us (Solaris) +CAN-2003-0090 + NOTE: rejected +CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...) + NOTE: not-for-us (HP-UX) +CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...) + {DSA-262} +CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...) + {DSA-262} +CAN-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...) + NOTE: mod_auth_any not in Debian +CAN-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) + - apache2 2.0.46 + - apache 1.3.25 +CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) + {DSA-266} +CAN-2003-0081 + {DSA-258} +CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...) + - gnome-lokkit 0.50.22-4 +CAN-2003-0078 + {DSA-253} +CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...) + - dcgui 0.2.2 +CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...) + - plptools 0.12-0 +CAN-2003-0073 + {DSA-303} +CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) + {DSA-266} +CAN-2003-0071 + {DSA-380} +CAN-2003-0068 + {DSA-496} +CAN-2003-0063 + {DSA-380} +CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...) + NOTE: not-for-us (HP UX) +CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) + - krb5 1.2.4 +CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) + {DSA-248} +CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...) + {DSA-252} +CAN-2003-0049 (AFP in Mac OS X before 10.2.4 allows administrators to log in as other ...) + NOTE: not-for-us (MacOS) +CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) + NOTE: apparently fixed upstream 2002-11-12 changelog +CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...) + NOTE: not-for-us (commercial ssh clients) +CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...) + NOTE: not-for-us (commercial ssh clients) +CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) + {DSA-246} +CAN-2003-0043 + {DSA-246} +CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) + {DSA-246} +CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) + NOTE: verified sarge version of krb5-clients not vulnerable + NOTE: nothing in changelogs +CAN-2003-0040 + {DSA-247} +CAN-2003-0039 + {DSA-245} +CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) + {DSA-436} +CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) + {DSA-244} +CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) + NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux) +CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...) + NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux) +CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...) + NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in + NOTE: chooser/mtinkc.c's version, which goes into mtinkc + NOTE: it's not installed setuid or setgid, so this is not exploitable +CAN-2003-0033 + {DSA-297} +CAN-2003-0032 + {DSA-228} +CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) + {DSA-228} +CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) + NOTE: not-for-us (Protegrity Secure.Data Extension Feature) +CAN-2003-0029 + NOTE: reserved +CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) + {DSA-282 DSA-272 DSA-266} +CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...) + {DSA-231} +CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) + {DSA-229} +CAN-2003-0020 + - apache2 2.0.49 + - apache 1.3.29.0.2-4 +CAN-2003-0018 + {DSA-423 DSA-358} +CAN-2003-0017 + - apache2 2.0.44 +CAN-2003-0016 + - apache2 2.0.44 +CAN-2003-0015 + {DSA-233} + - cvs 1.11.2-5.1 +CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...) + {DSA-633-1} +CAN-2003-0013 + {DSA-230} +CAN-2003-0012 + {DSA-230} +CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...) + NOTE: not-for-us (Microsoft) +CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...) + NOTE: not-for-us (Windows Script Engine for JScript) +CAN-2003-0008 + NOTE: reserved +CAN-2003-0006 + NOTE: reserved +CAN-2003-0005 + NOTE: reserved +CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...) + {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} +CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...) + NOTE: not-for-us (IBM DB2) +CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...) + NOTE: mailreader. Affects 2.3.30 and 2.3.31. + NOTE: Sarge uses 2.3.29. +CAN-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...) + {DSA-534} + - mailreader 2.3.29-9 +CAN-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...) + {DSA-215} + - cyrus-imapd 1.5.19-9.10 +CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...) + NOTE: not-for-us (SAP) +CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) + NOTE: not-for-us (SAP) +CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...) + NOTE: not-for-us (SAP) +CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...) + NOTE: not-for-us (SAP) +CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...) + {DSA-437} + - cgiemail 1.6-20 +CAN-2002-1573 + NOTE: reserved +CAN-2002-1572 + NOTE: reserved +CAN-2002-1571 + NOTE: reserved +CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...) + - ucd-snmp 4.2.3-2 +CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...) + - gv 1:3.5.8-27 +CAN-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) + - openssl 0.9.6g-1 +CAN-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) + NOTE: tomcat4 cross-site scripting vuln + NOTE: not sure if it's a problem or not + NOTE: contacted package maintainers, they think it's not vulnerable. + TODO: waiting for further information. +CAN-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) + - netris 0.52-1 +CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) + - wget 1.8.1-6.1 +CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...) + NOTE: not-for-us (microsoft) +CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...) + - stunnel4 4.04-1 + - stunnel 2:3.24-1 +CAN-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...) + {DSA-396} + - thttpd 2.23beta1-2.3 +CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...) + NOTE: not-for-us (microsoft) +CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...) + NOTE: not-for-us (ion-p) +CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) + NOTE: not-for-us (cisco) +CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) + NOTE: not-for-us (cisco) +CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) + NOTE: not-for-us (cisco) +CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...) + NOTE: not-for-us (cisco) +CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...) + NOTE: not-for-us (cisco) +CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...) + NOTE: not-for-us (cisco) +CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) + NOTE: not-for-us (AIX) +CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...) + NOTE: not-for-us (Webweaver) +CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...) + NOTE: not-for-us (Coolsoft) +CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...) + NOTE: not-for-us (Coolsoft) +CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...) + NOTE: not-for-us (SolarWinds) +CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) + NOTE: not-for-us (MDaemon) +CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (Molly) +CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...) + NOTE: not-for-us (Symantec) +CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...) + NOTE: problem in jetty 4.1.0, Debian started with 4.2 +CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...) + NOTE: not-for-us (EMU Webmail) +CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...) + NOTE: not-for-us (EMU Webmail) +CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...) + NOTE: not-for-us (Sun) +CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...) + NOTE: not-for-us (Miniserver) +CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...) + NOTE: not-for-us (PowerFTP) +CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) + NOTE: not-for-us (Coolforum) +CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) + NOTE: not-for-us (BRU) +CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...) + {DSA-227} + - openldap2 2.0.27-3 +CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...) + NOTE: not-for-us (Unreal) +CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...) + NOTE: linuxconf not in unstable or testing +CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) + NOTE: not-for-us (webserver-4everyone) +CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) + NOTE: AFD not in debian +CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...) + NOTE: not-for-us (NetBSD) +CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...) + NOTE: not-for-us (FactoSystem) +CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...) + NOTE: not-for-us (SWServer) +CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...) + NOTE: not-for-us (Jawmail) +CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) + NOTE: not-for-us (Cisco) +CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) + NOTE: not-for-us (PlanetDNS) +CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) + NOTE: not-for-us (Trillian) +CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...) + NOTE: not-for-us (Trillian) +CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...) + NOTE: not-for-us (Trillian) +CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) + NOTE: not-for-us (Trillian) +CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...) + NOTE: not-for-us (db4web) +CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) + NOTE: not-for-us (db4web) +CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...) + NOTE: phpGB not in Debian +CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...) + NOTE: phpGB not in Debian +CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...) + NOTE: phpGB not in Debian +CAN-2002-1478 + {DSA-164} + - cacti 0.6.8a-2 +CAN-2002-1477 + {DSA-164} + - cacti 0.6.8a-2 +CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...) + NOTE: not-for-us (HPUX) +CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...) + NOTE: not-for-us (HPUX) +CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...) + NOTE: not-for-us (HPUX) +CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) + NOTE: not-for-us (Shoutcase) +CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...) + - flashplugin-nonfree 6.0.61.0-1 +CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) + NOTE: not-for-us (Cafelog) +CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...) + NOTE: not-for-us (Cafelog) +CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...) + NOTE: not-for-us (Cafelog) +CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...) + NOTE: not-for-us (Organic PHP) +CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (Webshop Manager) +CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...) + NOTE: L-Forum not in Debian +CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) + NOTE: L-Forum not in Debian +CAN-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...) + NOTE: L-Forum not in Debian +CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...) + NOTE: L-Forum not in Debian +CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...) + NOTE: not-for-us (mIRC) +CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) + NOTE: not-for-us (OmniHTTPD) +CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...) + NOTE: not-for-us (MyWebServer) +CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...) + NOTE: not-for-us (MyWebServer) +CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) + NOTE: not-for-us (MyWebServer) +CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) + NOTE: Blazix not in Debian +CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...) + NOTE: not-for-us (IBM UniVerse) +CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...) + NOTE: eUpload not in Debian +CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...) + NOTE: CERN HTTPD not in Debian +CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...) + NOTE: not-for-us (Google Toolbar) +CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) + NOTE: not-for-us (Google Toolbar) +CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...) + NOTE: not-for-us (Tomahawk) +CAN-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) + NOTE: not-for-us (Gateway) +CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...) + NOTE: not-for-us (HPUX) +CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...) + NOTE: not-for-us (Kerio) +CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (Kerio) +CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) + NOTE: not-for-us (MidiCart) +CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) + NOTE: not-for-us (Belkin) +CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) + NOTE: not-for-us (ShoutBox) +CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...) + NOTE: dotproject not in Debian +CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) + NOTE: Easy Homepage Creator not in Debian +CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...) + NOTE: not-for-us (HP) +CAN-2002-1425 + {DSA-141} + - mpack 1.5-9 +CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) + NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum + NOTE: is version 2.5.x +CAN-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) + NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum + NOTE: is version 2.5.x +CAN-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) + NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum + NOTE: is version 2.5.x +CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...) + NOTE: not-for-us (Webeasymail) +CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...) + NOTE: not-for-us (Webeasymail) +CAN-2002-1412 + {DSA-138} + - gallery 1.3-1 +CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) + NOTE: not-for-us (Duma) +CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...) + NOTE: not-for-us (East Guestbook) +CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...) + NOTE: not-for-us (HPUX) +CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...) + NOTE: not-for-us (HP Openview) +CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...) + NOTE: not-for-us (HPUX) +CAN-2002-1405 + {DSA-210} + - lynx 2.8.4.1b-3.2 + - lynx-ssl 1:2.8.4.1b-3.1 +CAN-2002-1404 + NOTE: rejected +CAN-2002-1403 + {DSA-219} + NOTE: Debian sarge uses dhcp > 2.0 +CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...) + {DSA-165} + - postgresql 7.2.2-2 +CAN-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) + {DSA-165} + - postgresql 7.2.2-2 +CAN-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...) + {DSA-165} + - postgresql 7.2.2-2 +CAN-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...) + - postgresql 7.2.2-2 +CAN-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) + {DSA-165} + - postgresql 7.2.2-2 +CAN-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...) + - postgresql 7.2.2-2 +CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...) + {DSA-202} + - im 141-20 +CAN-2002-1394 + {DSA-225} + NOTE: no problem in sarge packages +CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...) + {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} + NOTE: KDE2 not in sarge +CAN-2002-1390 + {DSA-223} + - geneweb 4.09-1 +CAN-2002-1389 + {DSA-217} + - typespeed 0.4.2-2 +CAN-2002-1388 + {DSA-221} + - mhonarc 2.5.14-1 +CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) + {DSA-254} + - traceroute-nanog 6.3.0-1 +CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...) + {DSA-254} + - traceroute-nanog 6.3.0-1 +CAN-2002-1384 + {DSA-232 DSA-226 DSA-222} + - xpdf 3.00-9 +CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...) + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1380 + {DSA-336} + - kernel-source-2.2.25 2.2.25-2 +CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...) + {DSA-227} + - openldap2 2.0.27-3 +CAN-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) + {DSA-227} + - openldap2 2.0.27-3 +CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...) + {DSA-212} + NOTE: bug in mysql 3, sarge uses mysql 4 +CAN-2002-1375 + {DSA-212} + NOTE: bug in mysql 3, sarge uses mysql 4 +CAN-2002-1374 + {DSA-212} + NOTE: bug in mysql 3, sarge uses mysql 4 +CAN-2002-1373 + {DSA-212} + NOTE: bug in mysql 3, sarge uses mysql 4 +CAN-2002-1372 + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1371 + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1370 + NOTE: rejected +CAN-2002-1369 + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1367 + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1366 + {DSA-232} + - cupsys 1.1.18-1 +CAN-2002-1365 + {DSA-216} + - fetchmail 6.2.0-1 +CAN-2002-1364 + {DSA-254} + - traceroute-nanog 6.3.0-1 +CAN-2002-1363 + {DSA-213} + - libpng3 1.2.5-8 +CAN-2002-1362 + {DSA-211} + NOTE: micq not in sarge +CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) + NOTE: Debian uses openssh, not vulnerable +CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) + NOTE: Debian uses openssh, not vulnerable +CAN-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...) + NOTE: Debian uses openssh, not vulnerable +CAN-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...) + NOTE: Debian uses openssh, not vulnerable +CAN-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...) + - ethereal 0.9.8-1 +CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) + - ethereal 0.9.8-1 +CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) + NOTE: not-for-us (TYPSoft FTP Server) +CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...) + NOTE: not-for-us (LocalWEB2000 HTTP server) +CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...) + NOTE: not-for-us (CartMan) +CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) + NOTE: not-for-us (Melange Chat System) +CAN-2002-1350 + {DSA-206} + - tcpdump 3.6.2-2.2 +CAN-2002-1348 + {DSA-251 DSA-250 DSA-249} + - w3mmee 0.3.p24.17-3 +CAN-2002-1347 (Buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote ...) + - libsasl2 2.1.10-1 +CAN-2002-1346 + NOTE: reserved +CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) + NOTE: multiple ftp client issues + TODO: check wget, ftp, ncftp, etc. +CAN-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) + {DSA-209} + - wget 1.8.1-6.1 +CAN-2002-1343 + NOTE: reserved +CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...) + {DSA-203} + - smb2www 980804-17 +CAN-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...) + {DSA-220} + - squirrelmail 1:1.3.2-2 +CAN-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...) + NOTE: not-for-us (Office Web Components) +CAN-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...) + NOTE: not-for-us (Office Web Components) +CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) + NOTE: not-for-us (Office Web Components) +CAN-2002-1337 + {DSA-257} + NOTE: problem in sendmail 8.12, sarge uses 8.13 +CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) + {DSA-251 DSA-250 DSA-249} + - w3mmee 0.3.p24.17-3 +CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) + NOTE: not-for-us (BizDesign) +CAN-2002-1333 + NOTE: reserved +CAN-2002-1332 + NOTE: reserved +CAN-2002-1331 + NOTE: reserved +CAN-2002-1330 + NOTE: reserved +CAN-2002-1329 + NOTE: reserved +CAN-2002-1328 + NOTE: reserved +CAN-2002-1326 + NOTE: reserved +CAN-2002-1324 + NOTE: reserved +CAN-2002-1323 + {DSA-208} + - perl 5.8.0-14 +CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...) + NOTE: not-for-us (ClearCase) +CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...) + NOTE: Realplayer not in Sarge +CAN-2002-1318 + {DSA-200} + NOTE: Problem in Samba 2, sarge uses Samba 3. +CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) + NOTE: not-for-us (iPlanet) +CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...) + NOTE: not-for-us (iPlanet) +CAN-2002-1314 + NOTE: reserved +CAN-2002-1313 + {DSA-198} + - nullmailer 1.00RC5-17 +CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...) + NOTE: not-for-us (Linksys) +CAN-2002-1311 + {DSA-197} + - courier 0.40.0-1 +CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) + NOTE: not-for-us (Macromedia) +CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) + NOTE: not-for-us (Macromedia) +CAN-2002-1307 + {DSA-199} + - mhonarc 2.5.13-1 +CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...) + {DSA-214} + - kdenetwork 2.2.2-14.20 +CAN-2002-1305 + NOTE: reserved +CAN-2002-1304 + NOTE: reserved +CAN-2002-1303 + NOTE: reserved +CAN-2002-1302 + NOTE: reserved +CAN-2002-1301 + NOTE: reserved +CAN-2002-1300 + NOTE: reserved +CAN-2002-1299 + NOTE: reserved +CAN-2002-1298 + NOTE: reserved +CAN-2002-1297 + NOTE: reserved +CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...) + NOTE: not-for-us (SuSE-specific lprfilter package) +CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) + NOTE: not-for-us (Novell iManager (eMFrame)) +CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) + {DSA-204} +CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) + {DSA-204} +CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...) + NOTE: not-for-us (RealSecure Event Collector) +CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) + {DSA-194} +CAN-2002-1277 + {DSA-190} +CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...) + {DSA-191} +CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...) + {DSA-192} +CAN-2002-1274 + NOTE: reserved +CAN-2002-1273 + NOTE: reserved +CAN-2002-1271 + {DSA-386} +CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...) + NOTE: not-for-us (MacOS) +CAN-2002-1263 + NOTE: rejected +CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1261 + NOTE: rejected +CAN-2002-1259 + NOTE: rejected +CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1251 + {DSA-186} +CAN-2002-1249 + NOTE: reserved +CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...) + {DSA-193} +CAN-2002-1246 + NOTE: reserved +CAN-2002-1245 + {DSA-189} +CAN-2002-1243 + NOTE: reserved +CAN-2002-1241 + NOTE: reserved +CAN-2002-1240 + NOTE: reserved +CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...) + NOTE: not-for-us (Peter Sandvik's Simple Web Server) +CAN-2002-1237 + NOTE: reserved +CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...) + {DSA-185 DSA-184 DSA-183} +CAN-2002-1234 + NOTE: rejected +CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...) + {DSA-195 DSA-188 DSA-187} +CAN-2002-1232 + {DSA-180} +CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...) + NOTE: not-for-us (Avaya Cajun switches) +CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) + NOTE: not-for-us (Solaris) +CAN-2002-1227 + {DSA-177} +CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...) + {DSA-178} +CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) + {DSA-178} +CAN-2002-1221 + {DSA-196} +CAN-2002-1220 + {DSA-196} +CAN-2002-1219 + {DSA-196} +CAN-2002-1218 + NOTE: reserved +CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) + NOTE: not-for-us (Microsoft) +CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...) + - tar 1.13.25 +CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) + {DSA-174} +CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...) + NOTE: not-for-us (RadioBird Software WebServer 4 Everyone) +CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...) + NOTE: not-for-us (RadioBird Software WebServer 4 Everyone) +CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...) + NOTE: not-for-us (Eudora) +CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...) + NOTE: not-for-us (SolarWinds TFTP Server) +CAN-2002-1208 + NOTE: reserved +CAN-2002-1207 + NOTE: reserved +CAN-2002-1206 + NOTE: reserved +CAN-2002-1205 + NOTE: reserved +CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...) + NOTE: not-for-us (Netscape Communicator 4.x) +CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...) + NOTE: not-for-us (IBM SecureWay Firewall) +CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) + NOTE: not-for-us (HP Tru64 UNIX) +CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...) + NOTE: not-for-us (AIX) +CAN-2002-1200 + {DSA-175} +CAN-2002-1196 + {DSA-173} +CAN-2002-1195 + {DSA-169} +CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) + NOTE: not-for-us (NetBSD) +CAN-2002-1193 + {DSA-172} +CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) + NOTE: not-for-us (NetBSD) +CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) + NOTE: not-for-us (Sabre Desktop) +CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) + NOTE: not-for-us (Cisco IOS) +CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + NOTE: not-for-us (Microsoft IIS) +CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) + NOTE: not-for-us (Winamp) +CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...) + NOTE: not-for-us (Winamp) +CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...) + {DSA-171} +CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) + {DSA-171} +CAN-2002-1173 + NOTE: reserved +CAN-2002-1172 + NOTE: reserved +CAN-2002-1171 + NOTE: reserved +CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) + NOTE: not-for-us (IBM Websphere) +CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...) + NOTE: not-for-us (IBM Websphere) +CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...) + NOTE: wn not in Debian testing +CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...) + NOTE: Debian uses sendmail 8.13, not vulnerable. +CAN-2002-1161 + NOTE: rejected +CAN-2002-1159 + {DSA-224} +CAN-2002-1158 + {DSA-224} +CAN-2002-1157 + {DSA-181} +CAN-2002-1156 + - apache2 2.0.43 +CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...) + NOTE: kon2. patched, but I don't know when. + NOTE: assuming the current unstable/testing version is ok then.. + - kon2 0.3.9b-18 +CAN-2002-1151 + {DSA-167} +CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...) + NOTE: not-for-us (Microsoft Netmeeting) +CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...) + NOTE: not-for-us (Invision Board) +CAN-2002-1148 + {DSA-170} +CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...) + NOTE: not-for-us (Microsoft SQL) +CAN-2002-1144 + NOTE: reserved +CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...) + NOTE: not-for-us (Microsoft Word & Excel) +CAN-2002-1136 + NOTE: reserved +CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) + NOTE: not-for-us (HP Tru64) +CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...) + NOTE: not-for-us (Dino's Webserver) +CAN-2002-1132 + {DSA-191} +CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...) + {DSA-191} +CAN-2002-1130 + NOTE: reserved +CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) + NOTE: not-for-us (HP Tru64) +CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...) + NOTE: not-for-us (HP Tru64) +CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) + NOTE: not-for-us (HP Tru64) +CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...) + NOTE: not-for-us (FreeBSD) +CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...) + {DSA-166} +CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) + NOTE: Some SMTP mailscanners can be bypassed by fragmenting + NOTE: messages. + TODO: check Debian mailscanners, if any. +CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) + NOTE: not-for-us (Savant Web Server) +CAN-2002-1119 + {DSA-159} +CAN-2002-1116 + {DSA-161} +CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) + {DSA-161} +CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...) + {DSA-153} +CAN-2002-1113 + {DSA-153} +CAN-2002-1112 + {DSA-153} +CAN-2002-1111 + {DSA-153} +CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...) + {DSA-153} +CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) + NOTE: not-for-us (Cisco) +CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...) + NOTE: not-for-us (Cisco) +CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) + NOTE: not-for-us (Cisco) +CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...) + NOTE: not-for-us (Cisco) +CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) + - libesmtp5 0.8.11-1 +CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...) + NOTE: not-for-us (Oracle) +CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...) + NOTE: not-for-us (ezContents) +CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) + NOTE: not-for-us (ezContents) +CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...) + NOTE: not-for-us (ezContents) +CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...) + NOTE: not-for-us (ezContents) +CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...) + NOTE: not-for-us (ezContents) +CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...) + NOTE: not-for-us (ezContents) +CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...) + NOTE: not-for-us (Abyss) +CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...) + NOTE: not-for-us (Abyss) +CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...) + NOTE: not-for-us (IPSwitch) +CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) + NOTE: not-for-us (Pegasus) +CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...) + NOTE: not-for-us (MERCUR Mailserver) +CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...) + NOTE: not-for-us (ZyXEL) +CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...) + NOTE: not-for-us (ZyXEL) +CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...) + - phpwiki 1.3.4-1 +CAN-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) + NOTE: not-for-us +CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) + NOTE: not-for-us +CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...) + NOTE: not-for-us +CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) + NOTE: not-for-us +CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) + NOTE: not-for-us +CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) + NOTE: not-for-us +CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...) + NOTE: not-for-us +CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...) + NOTE: not-for-us +CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...) + NOTE: not-for-us +CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...) + NOTE: not-for-us +CAN-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...) + NOTE: not-for-us +CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) + NOTE: not-for-us +CAN-2002-1051 + {DSA-254} +CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...) + NOTE: not-for-us +CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...) + NOTE: not-for-us +CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) + NOTE: not-for-us +CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...) + NOTE: not-for-us +CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...) + NOTE: not-for-us +CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...) + NOTE: not-for-us +CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...) + NOTE: not-for-us +CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...) + NOTE: not-for-us +CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) + NOTE: not-for-us +CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) + NOTE: not-for-us +CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...) + NOTE: not-for-us +CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...) + NOTE: not-for-us +CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) + NOTE: not-for-us +CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...) + NOTE: not-for-us +CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...) + NOTE: not-for-us +CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...) + NOTE: not-for-us +CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...) + NOTE: not-for-us +CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...) + NOTE: not-for-us +CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...) + NOTE: not-for-us +CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...) + NOTE: not-for-us +CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) + NOTE: not-for-us +CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...) + NOTE: not-for-us +CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...) + NOTE: not-for-us +CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) + NOTE: not-for-us +CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...) + NOTE: not-for-us +CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...) + NOTE: not-for-us +CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) + NOTE: not-for-us +CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...) + NOTE: not-for-us +CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) + NOTE: not-for-us +CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...) + NOTE: not-for-us +CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...) + NOTE: not-for-us +CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...) + NOTE: not-for-us +CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...) + NOTE: not-for-us +CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...) + NOTE: not-for-us +CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) + NOTE: not-for-us +CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) + NOTE: not-for-us +CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) + NOTE: not-for-us +CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) + NOTE: not-for-us (Novell) +CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) + NOTE: not-for-us (Novell) +CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...) + NOTE: not-for-us +CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) + NOTE: not-for-us (HP) +CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...) + NOTE: not-for-us (HP) +CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...) + NOTE: not-for-us (HP) +CAN-2002-0986 + {DSA-168} +CAN-2002-0985 + {DSA-168} +CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) + {DSA-157} +CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...) + NOTE: not-for-us (FreeBSD) +CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...) + {DSA-165} +CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...) + NOTE: not-for-us (Microsoft Windows specific) +CAN-2002-0970 + {DSA-155} +CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) + NOTE: not-for-us +CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...) + NOTE: not-for-us +CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...) + NOTE: not-for-us +CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...) + NOTE: not-for-us +CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...) + NOTE: not-for-us +CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...) + NOTE: not-for-us +CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) + NOTE: not-for-us +CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...) + NOTE: not-for-us +CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...) + NOTE: not-for-us (YaBB not in Debian) +CAN-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) + NOTE: not-for-us (Cisco) +CAN-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...) + NOTE: not-for-us +CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) + NOTE: not-for-us +CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...) + NOTE: not-for-us +CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) + NOTE: not-for-us +CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...) + NOTE: not-for-us +CAN-2002-0943 (MetaCart2.sql stores the user database under the web document root ...) + NOTE: not-for-us +CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) + NOTE: not-for-us +CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...) + NOTE: not-for-us +CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...) + NOTE: not-for-us (JRun not in Debian) +CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) + - tomcat 3.2.3-1 +CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) + NOTE: not-for-us +CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) + NOTE: not-for-us +CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) + NOTE: not-for-us (MyHelpDesk not in Debian) +CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...) + NOTE: not-for-us (MyHelpDesk not in Debian) +CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...) + NOTE: not-for-us (Netware) +CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...) + NOTE: not-for-us (Netware) +CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) + NOTE: not-for-us (pirch not in Debian) +CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...) + NOTE: not-for-us (webMathematica not in Debian) +CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...) + NOTE: not-for-us (mmftpd not in Debian anymore) +CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...) + NOTE: not-for-us (CGIScript.net not int Debian) +CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...) + NOTE: not-for-us (Xandros specific) +CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) + NOTE: not-for-us (Slurp NNTP not in Debian) +CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...) + NOTE: DSA-129 +CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...) + NOTE: not-for-us (netstd not in Debian anymore) +CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) + NOTE: not-for-us (mnews not in Debian) +CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...) + NOTE: not-for-us (Cisco) +CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...) + NOTE: not-for-us (SHOUTcast not in Debian) +CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) + NOTE: not-for-us (Informix) +CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...) + NOTE: not-for-us (wbboard not in Debian) +CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...) + - phpbb2 2.0.6c-1 +CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) + - amanda 2.4.0b6-1 +CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...) + NOTE: not-for-us (Falcon not in Debian) +CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) + - swatch 3.0.4-1 +CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...) + NOTE: not-for-us +CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) + NOTE: not-for-us +CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...) + NOTE: not-for-us (3com) +CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...) + NOTE: not-for-us (Cisco) +CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...) + NOTE: not-for-us +CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...) + NOTE: not-for-us +CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...) + NOTE: not-for-us (Compaq) +CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...) + NOTE: not-for-us (Cisco) +CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...) + NOTE: not-for-us (Cisco) +CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...) + NOTE: not-for-us (Cisco) +CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...) + NOTE: not-for-us (CFXImage not in Debian) +CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...) + NOTE: not-for-us (LogiSense not in Debian) +CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...) + NOTE: not-for-us (Shambala) +CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) + NOTE: not-for-us (Shambala) +CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...) + {DSA-150} +CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...) + NOTE: not-for-us (Cisco) +CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...) + NOTE: not-for-us (IIS) +CAN-2002-0868 + NOTE: reserved +CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...) + NOTE: not-for-us (Windows) +CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...) + NOTE: not-for-us (Microsoft) +CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...) + NOTE: not-for-us (Oracle) +CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...) + NOTE: not-for-us (Oracle) +CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...) + {DSA-147} +CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) + NOTE: not-for-us (SuSE specific) +CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...) + NOTE: not-for-us Cisco +CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...) + NOTE: not-for-us (iSCSI not in Debian) +CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...) + {DSA-195 DSA-188 DSA-187} + - apache 1.3.27-0.1 +CAN-2002-0841 + NOTE: rejected +CAN-2002-0840 + {DSA-195 DSA-188 DSA-187} + - apache2 2.0.43-1 + - apache 1.3.27-0.1 +CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...) + {DSA-195 DSA-188 DSA-187} + - apache 1.3.27-0.1 +CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...) + {DSA-182 DSA-179 DSA-176} +CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...) + - wordtrans 1.1pre9 +CAN-2002-0836 + {DSA-207} +CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...) + {DSA-162} +CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...) + NOTE: not-for-us (Eudora) +CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...) + NOTE: not-for-us (Internet Explorer) +CAN-2002-0828 + NOTE: rejected +CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) + NOTE: not-for-us (UnixWare) +CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...) + - libnss-ldap 199-1 +CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...) + - ethereal 0.9.4-1woody1 +CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) + - ethereal 0.9.4-1woody1 +CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) + NOTE: not-for-us (FreeBSD) +CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...) + NOTE: not-for-us (artscontrol not suid root) +CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...) + - mozilla 2:1.0.0-1 +CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) + NOTE: not-for-us +CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) + NOTE: bugzilla 2.16.0-2.1 +CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...) + NOTE: bugzilla 2.16.0-2.1 +CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...) + NOTE: bugzilla 2.16.0-2.1 +CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...) + NOTE: not-for-us +CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) + NOTE: not-for-us +CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...) + NOTE: not-for-us (HP) +CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...) + NOTE: not-for-us (Solaris) +CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...) + NOTE: not-for-us (Solaris) +CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) + NOTE: not-for-us (QNX) +CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...) + NOTE: not-for-us (Cisco) +CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) + NOTE: not-for-us (Novell) +CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) + NOTE: not-for-us +CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...) + NOTE: not-for-us +CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...) + NOTE: not-for-us +CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) + NOTE: not-for-us (Opera) +CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...) + NOTE: not-for-us (Novell) +CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) + NOTE: not-for-us (Novell) +CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...) + NOTE: not-for-us (Novell) +CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...) + NOTE: not-for-us (Novell) +CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...) + NOTE: not-for-us +CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...) + NOTE: not-for-us +CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) + NOTE: not-for-us +CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...) + NOTE: not-for-us +CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...) + - viewcvs 0.9.2-5 +CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...) + NOTE: not-for-us (Quake server) +CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...) + NOTE: not-for-us (Cisco) +CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...) + NOTE: not-for-us (simpleinit not in Debian) +CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...) + NOTE: not-for-us (Phorum not in Debian) +CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...) + NOTE: not-for-us (HP) +CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...) + - webmin 0.980-1 + - usermin 0.910-1 +CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) + - webmin 0.980-1 + - usermin 0.910-1 +CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...) + NOTE: not-for-us (Talentsoft not in Debian) +CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) + NOTE: not-for-us (CGIscript.net not in Debian) +CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...) + NOTE: not-for-us (CGIscript.net not in Debian) +CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...) + NOTE: not-for-us (CGIscript.net not in Debian) +CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...) + NOTE: not-for-us (CGIscript.net not in Debian) +CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) + NOTE: not-for-us (AIX) +CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...) + NOTE: not-for-us (AIX) +CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) + NOTE: not-for-us (AIX) +CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...) + NOTE: not-for-us (AIX) +CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...) + NOTE: not-for-us (AIX) +CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) + NOTE: not-for-us (AIX) +CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...) + - slrn 0.9.6.2-9 +CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...) + NOTE: not-for-us (PostCalendat not in Debian) +CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) + NOTE: not-for-us (only potato was vulnerable) +CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...) + NOTE: not-for-us (MyGuestbook) +CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...) + NOTE: not-for-us (vqServer) +CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...) + NOTE: not-for-us (guestbook) +CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...) + {DSA-140} +CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...) + NOTE: not-for-us (windows) +CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...) + NOTE: not-for-us (windows) +CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...) + NOTE: not-for-us (internet explorer) +CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...) + NOTE: not-for-us (Microsoft SQL Server) +CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...) + - php4 4:4.2.2-1 +CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...) + - squid 2.4.6-2 +CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) + - squid 2.4.6-2 +CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...) + NOTE: not-for-us (EASM not in Debian) +CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) + NOTE: not-for-us (HP) +CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...) + NOTE: not-for-us +CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...) + NOTE: not-for-us +CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...) + NOTE: not-for-us +CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...) + NOTE: not-for-us +CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) + NOTE: not-for-us +CAN-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) + - dhcp3 3.0+3.0.1rc9-1 +CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) + NOTE: not-for-us (windows) +CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...) + NOTE: not-for-us (windows) +CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...) + NOTE: not-for-us (McAfee) +CAN-2002-0689 + NOTE: reserved +CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...) + NOTE: not-for-us +CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...) + - glibc 2.2.5-8 +CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...) + NOTE: not-for-us +CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...) + NOTE: not-for-us +CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...) + NOTE: not-for-us +CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...) + NOTE: not-for-us +CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) + NOTE: not-for-us +CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) + NOTE: not-for-us +CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...) + NOTE: not-for-us +CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...) + NOTE: not-for-us +CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...) + {DSA-201} +CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) + NOTE: not-for-us (ZMerge not in Debian) +CAN-2002-0662 + {DSA-160} +CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...) + - apache2 2.0.40 +CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...) + {DSA-140} +CAN-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) + {DSA-136} +CAN-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...) + {DSA-136} +CAN-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...) + {DSA-136} +CAN-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...) + {DSA-136} +STOP: this is approximatly the release of woody, so we can stop here +CAN-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...) + - apache2 2.0.40 +CAN-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...) +CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...) +CAN-2002-0646 + NOTE: rejected +CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...) +CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...) +CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...) +CAN-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) +CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) +CAN-2002-0636 + NOTE: reserved +CAN-2002-0635 + NOTE: reserved +CAN-2002-0634 + NOTE: reserved +CAN-2002-0633 + NOTE: reserved +CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) +CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) +CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...) +CAN-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...) +CAN-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...) +CAN-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...) +CAN-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...) +CAN-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) +CAN-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...) +CAN-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...) +CAN-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) +CAN-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...) +CAN-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...) +CAN-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) +CAN-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...) +CAN-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...) +CAN-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...) +CAN-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...) +CAN-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...) +CAN-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...) +CAN-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...) +CAN-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...) +CAN-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...) +CAN-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...) +CAN-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) +CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...) +CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) +CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...) +CAN-2002-0585 (Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...) +CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) +CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...) +CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...) +CAN-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...) +CAN-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) +CAN-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...) +CAN-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) +CAN-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...) +CAN-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...) +CAN-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) +CAN-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) +CAN-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CAN-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...) +CAN-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CAN-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) +CAN-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...) +CAN-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...) +CAN-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) +CAN-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...) +CAN-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...) +CAN-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...) +CAN-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) +CAN-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...) +CAN-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...) +CAN-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) +CAN-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...) +CAN-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...) +CAN-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) +CAN-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) +CAN-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) +CAN-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...) +CAN-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...) +CAN-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) +CAN-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...) +CAN-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...) +CAN-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...) +CAN-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) +CAN-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...) +CAN-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...) +CAN-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...) +CAN-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...) +CAN-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...) +CAN-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) +CAN-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...) +CAN-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) +CAN-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...) +CAN-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) +CAN-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...) +CAN-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...) +CAN-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...) +CAN-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) +CAN-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) +CAN-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...) +CAN-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...) +CAN-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) +CAN-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...) +CAN-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...) +CAN-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) +CAN-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...) +CAN-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) +CAN-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) +CAN-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...) +CAN-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...) +CAN-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...) +CAN-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...) +CAN-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...) +CAN-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...) +CAN-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...) +CAN-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...) +CAN-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...) +CAN-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...) +CAN-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...) +CAN-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...) +CAN-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...) +CAN-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...) +CAN-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...) +CAN-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) +CAN-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...) +CAN-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...) +CAN-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...) +CAN-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...) +CAN-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...) +CAN-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) +CAN-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...) +CAN-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...) +CAN-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) +CAN-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) +CAN-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) +CAN-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) +CAN-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) +CAN-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...) +CAN-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...) +CAN-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) +CAN-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) +CAN-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) +CAN-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) +CAN-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...) +CAN-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...) +CAN-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...) +CAN-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...) +CAN-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...) +CAN-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) +CAN-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) +CAN-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) +CAN-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...) +CAN-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...) +CAN-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...) +CAN-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...) +CAN-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...) +CAN-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...) +CAN-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...) +CAN-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) +CAN-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) +CAN-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) +CAN-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) +CAN-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) +CAN-2002-0418 (Directory traversal vulnerability in the ...) +CAN-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) +CAN-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...) +CAN-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) +CAN-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) +CAN-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) +CAN-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) +CAN-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) +CAN-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) +CAN-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) +CAN-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...) +CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) +CAN-2002-0392 + - apache2 2.0.37 +CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) +CAN-2002-0390 + NOTE: reserved +CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...) + {DSA-147} +CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...) +CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...) +CAN-2002-0383 + NOTE: reserved +CAN-2002-0380 + {DSA-255} +CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) +CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) +CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) +CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) +CAN-2002-0365 + NOTE: reserved +CAN-2002-0361 + NOTE: reserved +CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...) +CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) +CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) +CAN-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) +CAN-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...) +CAN-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...) +CAN-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...) +CAN-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) +CAN-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...) +CAN-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...) +CAN-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) +CAN-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...) +CAN-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...) +CAN-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...) +CAN-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...) +CAN-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) +CAN-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...) +CAN-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) +CAN-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) +CAN-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) +CAN-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...) +CAN-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...) +CAN-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) +CAN-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...) +CAN-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...) +CAN-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...) +CAN-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) +CAN-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...) +CAN-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...) +CAN-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...) +CAN-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...) +CAN-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...) +CAN-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...) +CAN-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) +CAN-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) +CAN-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) +CAN-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...) +CAN-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) +CAN-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...) +CAN-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...) +CAN-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) +CAN-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...) +CAN-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...) +CAN-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...) +CAN-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...) +CAN-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) +CAN-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) +CAN-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) +CAN-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...) +CAN-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...) +CAN-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...) +CAN-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...) +CAN-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...) +CAN-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...) +CAN-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...) +CAN-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...) +CAN-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...) +CAN-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...) +CAN-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) +CAN-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) +CAN-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...) +CAN-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...) +CAN-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...) +CAN-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...) +CAN-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...) +CAN-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...) +CAN-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...) +CAN-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...) +CAN-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...) +CAN-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) +CAN-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) +CAN-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) +CAN-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) +CAN-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) +CAN-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...) +CAN-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...) +CAN-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...) +CAN-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...) +CAN-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) +CAN-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) +CAN-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) +CAN-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...) +CAN-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) +CAN-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...) +CAN-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...) +CAN-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...) +CAN-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) +CAN-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) +CAN-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...) +CAN-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...) +CAN-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...) +CAN-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...) +CAN-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) +CAN-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) +CAN-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) +CAN-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) +CAN-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) +CAN-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) +CAN-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) +CAN-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...) +CAN-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...) +CAN-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...) +CAN-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...) +CAN-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...) +CAN-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) +CAN-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) +CAN-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) +CAN-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) +CAN-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) +CAN-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) +CAN-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...) +CAN-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) +CAN-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...) +CAN-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) +CAN-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) +CAN-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...) +CAN-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...) +CAN-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) +CAN-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) +CAN-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...) +CAN-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...) +CAN-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) +CAN-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) +CAN-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...) +CAN-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) +CAN-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...) +CAN-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...) +CAN-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) +CAN-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) +CAN-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...) +CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...) +CAN-2002-0195 + NOTE: reserved +CAN-2002-0194 + NOTE: reserved +CAN-2002-0192 + NOTE: rejected +CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) +CAN-2002-0182 + NOTE: reserved +CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) +CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) +CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) +CAN-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...) + {DSA-380} +CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) +CAN-2002-0161 + NOTE: reserved +CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) +CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) +CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) +CAN-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...) +CAN-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) +CAN-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...) +CAN-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) +CAN-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) +CAN-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) +CAN-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) +CAN-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) +CAN-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) +CAN-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) +CAN-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) +CAN-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) +CAN-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) +CAN-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) +CAN-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) +CAN-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...) +CAN-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...) +CAN-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...) +CAN-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) +CAN-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) +CAN-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) +CAN-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...) +CAN-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...) +CAN-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...) +CAN-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...) +CAN-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) +CAN-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...) +CAN-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...) +CAN-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...) +CAN-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) +CAN-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...) +CAN-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) +CAN-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) +CAN-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) +CAN-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) +CAN-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) +CAN-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...) +CAN-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...) +CAN-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...) +CAN-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) +CAN-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...) +CAN-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...) +CAN-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) +CAN-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) +CAN-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) +CAN-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) +CAN-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...) +CAN-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) +CAN-2002-0041 (Vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly ...) +CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...) +CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) +CAN-2002-0035 + NOTE: reserved +CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) +CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) +CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) +CAN-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...) + {DSA-196} +CAN-2002-0019 + NOTE: reserved +CAN-2002-0016 + NOTE: reserved +CAN-2002-0015 + NOTE: reserved +CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...) +CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...) +CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) +CAN-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...) +CAN-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) +CAN-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...) + NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge +CAN-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...) +CAN-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...) +CAN-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...) +CAN-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...) +CAN-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...) +CAN-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...) +CAN-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...) +CAN-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...) +CAN-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...) +CAN-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...) +CAN-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...) +CAN-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...) +CAN-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...) +CAN-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...) +CAN-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...) +CAN-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...) +CAN-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...) +CAN-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...) +CAN-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...) +CAN-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...) +CAN-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...) +CAN-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...) +CAN-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with ...) +CAN-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...) +CAN-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...) +CAN-2001-1377 (Multiple RADIUS implementations do not properly validate the ...) +CAN-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...) +CAN-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...) +CAN-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...) +CAN-2001-1365 (Vulnerability in IntraGnat before 1.4. ...) +CAN-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...) +CAN-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...) +CAN-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...) +CAN-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...) +CAN-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...) +CAN-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...) +CAN-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...) +CAN-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...) +CAN-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...) +CAN-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...) +CAN-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...) +CAN-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...) +CAN-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...) +CAN-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...) +CAN-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...) +CAN-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...) +CAN-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...) +CAN-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...) +CAN-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...) +CAN-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) +CAN-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...) +CAN-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...) +CAN-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...) +CAN-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...) +CAN-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...) +CAN-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) +CAN-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...) +CAN-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...) +CAN-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...) +CAN-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...) +CAN-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...) +CAN-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...) +CAN-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...) +CAN-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...) +CAN-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...) +CAN-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...) +CAN-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...) +CAN-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...) +CAN-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...) +CAN-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...) +CAN-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...) +CAN-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...) +CAN-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...) +CAN-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...) +CAN-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...) +CAN-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...) +CAN-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...) +CAN-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...) +CAN-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...) +CAN-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...) +CAN-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...) +CAN-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...) +CAN-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...) +CAN-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...) +CAN-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...) +CAN-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...) +CAN-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...) +CAN-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...) +CAN-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...) +CAN-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...) +CAN-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...) +CAN-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...) +CAN-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...) +CAN-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...) +CAN-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...) +CAN-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...) +CAN-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...) +CAN-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...) +CAN-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, ...) +CAN-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...) +CAN-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...) +CAN-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...) +CAN-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...) +CAN-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...) +CAN-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...) +CAN-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...) +CAN-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...) +CAN-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...) +CAN-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...) +CAN-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...) +CAN-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...) +CAN-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...) +CAN-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...) +CAN-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...) +CAN-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...) +CAN-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...) +CAN-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...) +CAN-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) +CAN-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...) +CAN-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...) +CAN-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...) +CAN-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...) +CAN-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...) +CAN-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...) +CAN-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...) +CAN-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...) +CAN-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...) +CAN-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...) +CAN-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...) +CAN-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...) +CAN-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...) +CAN-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...) +CAN-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...) +CAN-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...) +CAN-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...) +CAN-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...) +CAN-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...) +CAN-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...) +CAN-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...) +CAN-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...) +CAN-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...) +CAN-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...) +CAN-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...) +CAN-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...) +CAN-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...) +CAN-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...) +CAN-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...) +CAN-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...) +CAN-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...) +CAN-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...) +CAN-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...) +CAN-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...) +CAN-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...) +CAN-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...) +CAN-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...) +CAN-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...) +CAN-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...) +CAN-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...) +CAN-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...) +CAN-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...) +CAN-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...) +CAN-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...) +CAN-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...) +CAN-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...) +CAN-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...) +CAN-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...) +CAN-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...) +CAN-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...) +CAN-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...) +CAN-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...) +CAN-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...) +CAN-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...) +CAN-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...) +CAN-2001-1170 (AmTote International homebet program stores the homebet.log file in ...) +CAN-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...) +CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...) +CAN-2001-1167 + NOTE: rejected +CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...) +CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...) +CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...) +CAN-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...) +CAN-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...) +CAN-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...) +CAN-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...) +CAN-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...) +CAN-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...) +CAN-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...) +CAN-2001-1148 (Buffer overflows in programs used by scoadmin and sysadmsh in SCO ...) +CAN-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...) +CAN-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...) +CAN-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...) +CAN-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...) +CAN-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...) +CAN-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...) +CAN-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...) +CAN-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...) +CAN-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...) +CAN-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...) +CAN-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...) +CAN-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...) +CAN-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...) +CAN-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...) +CAN-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...) +CAN-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...) +CAN-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...) +CAN-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...) +CAN-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...) +CAN-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...) +CAN-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...) +CAN-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...) +CAN-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...) +CAN-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...) +CAN-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...) +CAN-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...) +CAN-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...) +CAN-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...) +CAN-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...) +CAN-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...) +CAN-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...) +CAN-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...) +CAN-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...) +CAN-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...) +CAN-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...) +CAN-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...) +CAN-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...) +CAN-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...) +CAN-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...) +CAN-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...) +CAN-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...) +CAN-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...) +CAN-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...) +CAN-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...) +CAN-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...) +CAN-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...) +CAN-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...) +CAN-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...) +CAN-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...) +CAN-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...) +CAN-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) +CAN-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...) +CAN-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...) +CAN-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...) +CAN-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...) +CAN-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...) +CAN-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...) +CAN-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...) +CAN-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...) +CAN-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...) +CAN-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...) +CAN-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...) +CAN-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...) + {DSA-148} +CAN-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...) +CAN-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...) +CAN-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...) +CAN-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...) +CAN-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...) +CAN-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...) +CAN-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...) +CAN-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...) +CAN-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...) +CAN-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...) +CAN-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...) +CAN-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...) +CAN-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...) +CAN-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...) +CAN-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...) +CAN-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...) +CAN-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...) +CAN-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...) +CAN-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...) +CAN-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...) +CAN-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...) +CAN-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...) +CAN-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...) +CAN-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...) +CAN-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...) +CAN-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...) +CAN-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...) +CAN-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...) +CAN-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...) +CAN-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...) +CAN-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...) +CAN-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...) +CAN-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...) +CAN-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...) +CAN-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...) +CAN-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...) +CAN-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...) +CAN-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...) +CAN-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...) +CAN-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...) +CAN-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...) +CAN-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...) +CAN-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...) +CAN-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...) +CAN-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...) +CAN-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...) +CAN-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...) +CAN-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...) +CAN-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...) +CAN-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...) +CAN-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...) +CAN-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...) +CAN-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...) +CAN-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...) +CAN-2001-0944 (DDE in mIRC allows local users to launch applications under another ...) +CAN-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...) +CAN-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...) +CAN-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...) +CAN-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...) +CAN-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...) +CAN-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...) +CAN-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...) +CAN-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...) +CAN-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...) +CAN-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...) +CAN-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...) +CAN-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...) + {DSA-301} +CAN-2001-0927 (Format string vulnerability in the permitted function of GNOME ...) +CAN-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...) +CAN-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...) +CAN-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...) +CAN-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...) +CAN-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...) +CAN-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...) +CAN-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...) +CAN-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...) +CAN-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...) +CAN-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...) +CAN-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...) +CAN-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...) +CAN-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...) +CAN-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...) +CAN-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...) +CAN-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) +CAN-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...) +CAN-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...) +CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...) +CAN-2001-0885 + NOTE: reserved +CAN-2001-0883 + NOTE: reserved +CAN-2001-0882 + NOTE: reserved +CAN-2001-0881 + NOTE: reserved +CAN-2001-0880 + NOTE: reserved +CAN-2001-0878 + NOTE: reserved +CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...) +CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...) +CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...) +CAN-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...) +CAN-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...) +CAN-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...) +CAN-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...) +CAN-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...) +CAN-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...) +CAN-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...) +CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...) +CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...) +CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...) +CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in LB5000 LB5000II ...) +CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...) +CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...) +CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak ...) +CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...) +CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...) +CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...) +CAN-2001-0831 (Vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when ...) +CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...) +CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...) +CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...) +CAN-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...) +CAN-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...) +CAN-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...) +CAN-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...) +CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...) +CAN-2001-0814 + NOTE: reserved +CAN-2001-0813 + NOTE: reserved +CAN-2001-0812 + NOTE: reserved +CAN-2001-0811 + NOTE: reserved +CAN-2001-0810 + NOTE: reserved +CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...) +CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) +CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) +CAN-2001-0802 + NOTE: reserved +CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) +CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...) +CAN-2001-0798 + NOTE: reserved +CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...) +CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...) +CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...) +CAN-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...) +CAN-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...) +CAN-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) +CAN-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...) +CAN-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...) +CAN-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...) +CAN-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) +CAN-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) +CAN-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) +CAN-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...) +CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...) +CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...) +CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...) + {DSA-695-1} + - xli 1.17.0-17 +CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...) +CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...) +CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...) +CAN-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...) +CAN-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...) +CAN-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...) +CAN-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...) +CAN-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...) +CAN-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...) +CAN-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...) +CAN-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...) +CAN-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...) +CAN-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...) +CAN-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...) +CAN-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...) +CAN-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...) +CAN-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...) +CAN-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...) +CAN-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...) +CAN-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...) +CAN-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...) +CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...) +CAN-2001-0725 + NOTE: reserved +CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...) +CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) +CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...) +CAN-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...) +CAN-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) +CAN-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) +CAN-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) +CAN-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) +CAN-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...) +CAN-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...) +CAN-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) +CAN-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...) +CAN-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...) +CAN-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...) +CAN-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...) +CAN-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...) +CAN-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...) +CAN-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...) +CAN-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...) +CAN-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...) +CAN-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...) +CAN-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...) +CAN-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...) +CAN-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...) +CAN-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...) +CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...) +CAN-2001-0673 + NOTE: reserved +CAN-2001-0672 + NOTE: reserved +CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...) +CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...) +CAN-2001-0661 + NOTE: reserved +CAN-2001-0657 + NOTE: reserved +CAN-2001-0656 + NOTE: reserved +CAN-2001-0655 + NOTE: reserved +CAN-2001-0654 + NOTE: reserved +CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...) +CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...) +CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...) +CAN-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...) +CAN-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...) +CAN-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...) +CAN-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...) +CAN-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...) +CAN-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...) +CAN-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...) +CAN-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...) +CAN-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...) +CAN-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...) +CAN-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...) +CAN-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...) +CAN-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...) +CAN-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...) +CAN-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...) +CAN-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...) +CAN-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...) +CAN-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CAN-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CAN-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CAN-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CAN-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...) +CAN-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...) +CAN-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...) +CAN-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...) +CAN-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...) +CAN-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...) +CAN-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...) +CAN-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...) +CAN-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...) +CAN-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...) +CAN-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...) +CAN-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...) +CAN-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...) +CAN-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...) +CAN-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...) +CAN-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a ...) +CAN-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...) +CAN-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...) +CAN-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...) +CAN-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...) +CAN-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...) +CAN-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...) +CAN-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...) +CAN-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...) +CAN-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...) +CAN-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...) +CAN-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...) +CAN-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...) +CAN-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...) +CAN-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...) +CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...) +CAN-2001-0539 + NOTE: reserved +CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...) +CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...) +CAN-2001-0532 + NOTE: reserved +CAN-2001-0531 + NOTE: reserved +CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...) +CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...) +CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) +CAN-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...) +CAN-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...) +CAN-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...) +CAN-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...) +CAN-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...) +CAN-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...) +CAN-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...) +CAN-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...) +CAN-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...) +CAN-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...) +CAN-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...) +CAN-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...) +CAN-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...) +CAN-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...) +CAN-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...) +CAN-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...) +CAN-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...) +CAN-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...) +CAN-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...) +CAN-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...) +CAN-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...) +CAN-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...) +CAN-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...) +CAN-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...) +CAN-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...) +CAN-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...) +CAN-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...) +CAN-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...) +CAN-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...) +CAN-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...) +CAN-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...) +CAN-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...) +CAN-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...) +CAN-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) +CAN-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...) +CAN-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...) +CAN-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...) +CAN-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...) +CAN-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...) +CAN-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...) +CAN-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...) +CAN-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...) +CAN-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...) +CAN-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...) +CAN-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...) +CAN-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...) +CAN-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...) +CAN-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...) +CAN-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...) +CAN-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...) +CAN-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...) +CAN-2001-0418 (content.pl script in NCM Content Management System allows remote ...) +CAN-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...) +CAN-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...) +CAN-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...) +CAN-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...) +CAN-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...) +CAN-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...) +CAN-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...) +CAN-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...) +CAN-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...) +CAN-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...) +CAN-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...) +CAN-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...) +CAN-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...) +CAN-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...) +CAN-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...) +CAN-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...) +CAN-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...) +CAN-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...) +CAN-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...) +CAN-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...) +CAN-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...) +CAN-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...) +CAN-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...) +CAN-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...) +CAN-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...) +CAN-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...) +CAN-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...) +CAN-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...) +CAN-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...) +CAN-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...) +CAN-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...) +CAN-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...) +CAN-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...) +CAN-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...) +CAN-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...) +CAN-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...) +CAN-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...) +CAN-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...) +CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...) +CAN-2001-0343 + NOTE: reserved +CAN-2001-0342 + NOTE: reserved +CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...) +CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) +CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...) +CAN-2001-0328 (TCP implementations that use random increments for initial sequence ...) +CAN-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...) +CAN-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...) +CAN-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...) +CAN-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...) +CAN-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...) +CAN-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...) +CAN-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...) +CAN-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...) +CAN-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...) +CAN-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...) +CAN-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...) +CAN-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...) +CAN-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...) +CAN-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...) +CAN-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...) +CAN-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...) +CAN-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...) +CAN-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...) +CAN-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...) +CAN-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...) +CAN-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...) +CAN-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...) +CAN-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...) +CAN-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...) +CAN-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...) +CAN-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...) +CAN-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...) +CAN-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...) +CAN-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...) +CAN-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...) +CAN-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...) +CAN-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...) +CAN-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...) +CAN-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...) +CAN-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...) +CAN-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...) +CAN-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...) +CAN-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...) +CAN-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...) +CAN-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...) +CAN-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...) +CAN-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...) +CAN-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...) +CAN-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...) +CAN-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...) +CAN-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...) +CAN-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...) +CAN-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...) +CAN-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...) +CAN-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...) +CAN-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) +CAN-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...) +CAN-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...) +CAN-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...) +CAN-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...) +CAN-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...) +CAN-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...) +CAN-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...) +CAN-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...) +CAN-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...) +CAN-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...) +CAN-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...) +CAN-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...) +CAN-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...) +CAN-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...) +CAN-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...) +CAN-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...) +CAN-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...) +CAN-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...) +CAN-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...) +CAN-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...) +CAN-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...) +CAN-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...) +CAN-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...) +CAN-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...) +CAN-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...) +CAN-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...) +CAN-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...) +CAN-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...) +CAN-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...) +CAN-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...) +CAN-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...) +CAN-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...) +CAN-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...) +CAN-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...) +CAN-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...) +CAN-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...) +CAN-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...) +CAN-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) server ...) +CAN-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...) +CAN-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...) +CAN-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...) +CAN-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...) +CAN-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...) +CAN-2001-0159 + NOTE: reserved +CAN-2001-0158 + NOTE: reserved +CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...) +CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...) +CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...) +CAN-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...) +CAN-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...) +CAN-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...) +CAN-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...) + {DSA-195 DSA-188 DSA-187} +CAN-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...) +CAN-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...) +CAN-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...) +CAN-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...) +CAN-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...) +CAN-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...) +CAN-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...) +CAN-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...) +CAN-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...) +CAN-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...) +CAN-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...) +CAN-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...) +CAN-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...) +CAN-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...) +CAN-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...) +CAN-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...) +CAN-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...) +CAN-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...) +CAN-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...) +CAN-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...) +CAN-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...) +CAN-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...) +CAN-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...) +CAN-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...) +CAN-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...) +CAN-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...) +CAN-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...) +CAN-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...) +CAN-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...) +CAN-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...) +CAN-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...) +CAN-2001-0047 (The default permissions for the MTS Package Administration registry ...) +CAN-2001-0046 (The default permissions for the SNMP Parameters registry key in ...) +CAN-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...) +CAN-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...) +CAN-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...) +CAN-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...) +CAN-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...) +CAN-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...) +CAN-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...) +CAN-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...) +CAN-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...) +CAN-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...) +CAN-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...) +CAN-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...) +CAN-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...) +CAN-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...) +CAN-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...) +CAN-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...) +CAN-2000-1209 (The "sa" account is installed with a default null password on (1) ...) +CAN-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...) +CAN-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...) +CAN-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...) +CAN-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...) +CAN-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...) +CAN-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...) +CAN-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...) +CAN-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...) +CAN-2000-1198 (qpopper POP server creates lock files with predictable names, which ...) +CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...) +CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...) +CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...) +CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.5, and earlier allows remote ...) +CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...) +CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...) +CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...) +CAN-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...) +CAN-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...) +CAN-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...) +CAN-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...) +CAN-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...) +CAN-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...) +CAN-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...) +CAN-2000-1161 (The installation of AdCycle banner management system leaves the ...) +CAN-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...) +CAN-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...) +CAN-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...) +CAN-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...) +CAN-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...) +CAN-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) +CAN-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...) +CAN-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...) +CAN-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...) +CAN-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...) +CAN-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) +CAN-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) +CAN-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) +CAN-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) +CAN-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...) +CAN-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...) +CAN-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) +CAN-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...) +CAN-2000-1127 (registrar in the HP resource monitor service allows local users to ...) +CAN-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...) +CAN-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...) +CAN-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...) +CAN-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...) +CAN-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...) +CAN-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...) +CAN-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...) +CAN-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) +CAN-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) +CAN-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) +CAN-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) +CAN-2000-1100 (The default configuration for PostACI webmail system installs the ...) +CAN-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...) +CAN-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...) +CAN-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...) +CAN-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...) +CAN-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...) +CAN-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...) +CAN-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...) +CAN-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...) +CAN-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...) +CAN-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...) +CAN-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...) +CAN-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...) +CAN-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...) +CAN-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...) +CAN-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...) +CAN-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...) +CAN-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...) +CAN-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...) +CAN-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...) +CAN-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...) +CAN-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...) +CAN-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...) +CAN-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...) +CAN-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...) +CAN-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...) +CAN-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...) +CAN-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...) +CAN-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...) +CAN-2000-1030 (CS&T CorporateTime for the Web returns different error messages for ...) +CAN-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...) +CAN-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...) +CAN-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...) +CAN-2000-1023 (The Alabanza Control Panel does not require passwords to access ...) +CAN-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...) +CAN-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...) +CAN-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...) +CAN-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...) +CAN-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...) +CAN-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...) +CAN-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...) +CAN-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...) +CAN-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...) +CAN-2000-0998 (Format string vulnerability in top program allows local attackers to ...) +CAN-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...) +CAN-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...) +CAN-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...) +CAN-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...) +CAN-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...) +CAN-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...) +CAN-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...) +CAN-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...) +CAN-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...) +CAN-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...) +CAN-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...) +CAN-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...) +CAN-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...) +CAN-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...) +CAN-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...) +CAN-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...) +CAN-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...) +CAN-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...) +CAN-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...) +CAN-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...) +CAN-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...) +CAN-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...) +CAN-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...) +CAN-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...) +CAN-2000-0889 (Two Sun security certificates have been compromised, which could allow ...) +CAN-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...) +CAN-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...) +CAN-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...) +CAN-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...) +CAN-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...) +CAN-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...) +CAN-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...) +CAN-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...) +CAN-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...) +CAN-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...) +CAN-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...) +CAN-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...) +CAN-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) +CAN-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...) +CAN-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...) +CAN-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...) +CAN-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...) +CAN-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...) +CAN-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...) +CAN-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...) +CAN-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...) +CAN-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...) +CAN-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...) +CAN-2000-0812 (The administration module in Sun Java web server allows remote ...) +CAN-2000-0802 (The BAIR program does not properly restrict access to the Internet ...) +CAN-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...) +CAN-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...) +CAN-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...) +CAN-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...) +CAN-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...) +CAN-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...) +CAN-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...) +CAN-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...) +CAN-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...) +CAN-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...) +CAN-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals ...) +CAN-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...) +CAN-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...) +CAN-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...) +CAN-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...) +CAN-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...) +CAN-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...) +CAN-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...) +CAN-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...) +CAN-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) +CAN-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) +CAN-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) +CAN-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) +CAN-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...) +CAN-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...) +CAN-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...) +CAN-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...) +CAN-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...) +CAN-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...) +CAN-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...) +CAN-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...) +CAN-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...) +CAN-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) +CAN-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) +CAN-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...) +CAN-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...) +CAN-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...) +CAN-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...) +CAN-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...) +CAN-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...) + - kdebase 4:2.2.2-14.6 +CAN-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...) +CAN-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...) +CAN-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...) +CAN-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...) +CAN-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) +CAN-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...) +CAN-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...) +CAN-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...) +CAN-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CAN-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CAN-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CAN-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) +CAN-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) +CAN-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) +CAN-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) +CAN-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) +CAN-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...) +CAN-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) +CAN-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...) +CAN-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...) +CAN-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...) +CAN-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...) +CAN-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) +CAN-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...) +CAN-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...) +CAN-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...) +CAN-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) +CAN-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...) +CAN-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...) +CAN-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...) +CAN-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...) +CAN-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...) +CAN-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...) +CAN-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...) +CAN-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...) +CAN-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...) +CAN-2000-0572 (The Razor configuration management tool uses weak encryption for its ...) +CAN-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...) +CAN-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...) +CAN-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...) +CAN-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...) +CAN-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...) +CAN-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) +CAN-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...) +CAN-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...) +CAN-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...) +CAN-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...) +CAN-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...) +CAN-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...) +CAN-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) +CAN-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) +CAN-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...) +CAN-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...) +CAN-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...) +CAN-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...) +CAN-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...) +CAN-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...) +CAN-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...) +CAN-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...) +CAN-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...) +CAN-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...) +CAN-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...) +CAN-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...) +CAN-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...) +CAN-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...) +CAN-2000-0434 (The administrative password for the Allmanage web site administration ...) +CAN-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...) +CAN-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...) +CAN-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...) +CAN-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...) +CAN-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...) +CAN-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) +CAN-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) +CAN-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) +CAN-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) +CAN-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...) +CAN-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...) +CAN-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...) +CAN-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...) +CAN-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...) +CAN-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...) +CAN-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...) +CAN-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...) +CAN-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...) +CAN-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...) +CAN-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...) +CAN-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...) +CAN-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...) +CAN-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...) +CAN-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...) +CAN-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...) +CAN-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...) +CAN-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...) +CAN-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...) +CAN-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...) +CAN-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...) +CAN-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...) +CAN-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...) +CAN-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...) +CAN-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...) +CAN-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...) +CAN-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...) +CAN-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...) +CAN-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...) +CAN-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...) +CAN-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...) +CAN-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...) +CAN-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...) +CAN-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...) +CAN-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...) +CAN-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...) +CAN-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...) +CAN-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...) +CAN-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...) +CAN-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...) +CAN-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...) +CAN-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...) +CAN-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...) +CAN-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...) +CAN-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...) +CAN-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...) +CAN-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...) +CAN-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...) +CAN-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...) +CAN-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...) +CAN-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...) +CAN-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...) +CAN-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...) +CAN-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...) +CAN-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...) +CAN-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...) +CAN-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...) +CAN-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...) +CAN-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) +CAN-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) +CAN-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) +CAN-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) +CAN-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...) +CAN-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...) +CAN-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...) +CAN-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...) +CAN-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...) +CAN-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...) +CAN-2000-0143 (The SSH protocol server sshd allows local users without shell access ...) +CAN-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...) +CAN-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...) +CAN-2000-0137 (The CartIt shopping cart application allows remote users to modify ...) +CAN-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...) +CAN-2000-0135 (The @Retail shopping cart application allows remote users to modify ...) +CAN-2000-0134 (The Check It Out shopping cart application allows remote users to ...) +CAN-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...) +CAN-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...) +CAN-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) +CAN-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) +CAN-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) +CAN-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) +CAN-2000-0123 (The shopping cart application provided with Filemaker allows remote ...) +CAN-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...) +CAN-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...) +CAN-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) +CAN-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) +CAN-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) +CAN-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) +CAN-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...) +CAN-2000-0108 (The Intellivend shopping cart application allows remote users to ...) +CAN-2000-0106 (The EasyCart shopping cart application allows remote users to ...) +CAN-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...) +CAN-2000-0104 (The Shoptron shopping cart application allows remote users to ...) +CAN-2000-0103 (The SmartCart shopping cart application allows remote users to ...) +CAN-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...) +CAN-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...) +CAN-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...) +CAN-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...) +CAN-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...) +CAN-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...) +CAN-2000-0084 (CuteFTP uses weak encryption to store password information in its ...) +CAN-2000-0082 (WebTV email client allows remote attackers to force the client to send ...) +CAN-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...) +CAN-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...) +CAN-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...) +CAN-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...) +CAN-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) +CAN-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) +CAN-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) +CAN-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) +CAN-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...) +CAN-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...) +CAN-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...) +CAN-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...) +CAN-2000-0058 (Network HotSync program in Handspring Visor does not have ...) +CAN-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...) +CAN-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...) +CAN-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...) +CAN-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...) +CAN-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...) +CAN-2000-0038 (glFtpD includes a default glftpd user account with a default password ...) +CAN-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...) +CAN-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...) +CAN-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...) +CAN-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...) +CAN-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...) +CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...) +CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...) +CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...) +CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...) + {DSA-664-1} +CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...) +CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...) +CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...) +CAN-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...) +CAN-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...) +CAN-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...) +CAN-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...) +CAN-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...) +CAN-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...) +CAN-1999-1560 (Vulnerability in a script in Texas A&M University (TAMU) Tiger allows ...) +CAN-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...) +CAN-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...) +CAN-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...) +CAN-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...) +CAN-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...) +CAN-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...) +CAN-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...) +CAN-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...) +CAN-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...) +CAN-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...) +CAN-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...) +CAN-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...) +CAN-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) +CAN-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) +CAN-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) +CAN-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) +CAN-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...) +CAN-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...) +CAN-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) +CAN-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) +CAN-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) +CAN-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...) +CAN-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...) +CAN-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...) +CAN-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...) +CAN-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...) +CAN-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...) +CAN-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...) +CAN-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...) +CAN-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...) +CAN-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...) +CAN-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...) +CAN-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...) +CAN-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...) +CAN-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...) +CAN-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...) +CAN-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...) +CAN-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...) +CAN-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...) +CAN-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...) +CAN-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...) +CAN-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...) +CAN-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...) +CAN-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...) +CAN-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...) +CAN-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...) +CAN-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...) +CAN-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...) +CAN-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...) +CAN-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...) +CAN-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...) +CAN-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...) +CAN-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...) +CAN-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...) +CAN-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...) +CAN-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...) +CAN-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...) +CAN-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...) +CAN-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...) +CAN-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...) +CAN-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...) +CAN-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...) +CAN-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...) +CAN-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...) +CAN-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...) +CAN-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...) +CAN-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...) +CAN-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...) +CAN-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...) +CAN-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...) +CAN-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...) +CAN-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...) +CAN-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...) +CAN-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...) +CAN-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...) +CAN-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...) +CAN-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...) +CAN-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...) +CAN-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...) +CAN-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...) +CAN-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...) +CAN-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...) +CAN-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...) +CAN-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) +CAN-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) +CAN-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) +CAN-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) +CAN-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) +CAN-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) +CAN-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) +CAN-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) +CAN-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) +CAN-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) +CAN-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...) +CAN-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...) +CAN-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...) +CAN-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...) +CAN-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...) +CAN-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...) +CAN-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...) +CAN-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...) +CAN-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...) +CAN-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ...) +CAN-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...) +CAN-1999-1429 (DIT TransferPro installs devices with world-readable and ...) +CAN-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...) +CAN-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...) +CAN-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...) +CAN-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...) +CAN-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...) +CAN-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...) +CAN-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...) +CAN-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...) +CAN-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled ...) +CAN-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...) +CAN-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...) +CAN-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...) +CAN-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...) +CAN-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...) +CAN-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...) +CAN-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...) +CAN-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...) +CAN-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...) +CAN-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...) +CAN-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...) +CAN-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...) +CAN-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option ...) +CAN-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...) +CAN-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...) +CAN-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...) +CAN-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...) +CAN-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...) +CAN-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows ...) +CAN-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...) +CAN-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...) +CAN-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...) +CAN-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...) +CAN-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...) +CAN-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...) +CAN-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...) +CAN-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...) +CAN-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...) +CAN-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...) +CAN-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) +CAN-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) +CAN-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) +CAN-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...) +CAN-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...) +CAN-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) +CAN-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) +CAN-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) +CAN-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) +CAN-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) +CAN-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) +CAN-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) +CAN-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...) +CAN-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...) +CAN-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...) +CAN-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...) +CAN-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...) +CAN-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...) +CAN-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...) +CAN-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...) +CAN-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...) +CAN-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...) +CAN-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...) +CAN-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...) +CAN-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...) +CAN-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...) +CAN-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...) +CAN-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...) +CAN-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...) +CAN-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...) +CAN-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...) +CAN-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...) +CAN-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...) +CAN-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...) +CAN-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...) +CAN-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...) +CAN-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...) +CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...) +CAN-1999-1310 + NOTE: rejected +CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...) +CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...) +CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...) +CAN-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...) +CAN-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...) +CAN-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...) +CAN-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...) +CAN-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...) +CAN-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" ...) +CAN-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...) +CAN-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...) +CAN-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...) +CAN-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) +CAN-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) +CAN-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) +CAN-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) +CAN-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...) +CAN-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...) +CAN-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...) +CAN-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...) +CAN-1999-1281 (Development version of Breeze Network Server allows remote attackers ...) +CAN-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...) +CAN-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...) +CAN-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...) +CAN-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...) +CAN-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...) +CAN-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...) +CAN-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...) +CAN-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...) +CAN-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...) +CAN-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...) +CAN-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...) +CAN-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...) +CAN-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...) +CAN-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...) +CAN-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...) +CAN-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...) +CAN-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...) +CAN-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...) +CAN-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...) +CAN-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...) +CAN-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...) +CAN-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...) +CAN-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...) +CAN-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...) +CAN-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...) +CAN-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...) +CAN-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...) +CAN-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...) +CAN-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...) +CAN-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) +CAN-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) +CAN-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) +CAN-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) +CAN-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...) +CAN-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...) +CAN-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) +CAN-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) +CAN-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) +CAN-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...) +CAN-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...) +CAN-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...) +CAN-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...) +CAN-1999-1228 (Various modems that do not implement a guard time, or are configured ...) +CAN-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...) +CAN-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...) +CAN-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...) +CAN-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...) +CAN-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...) +CAN-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...) +CAN-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...) +CAN-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...) +CAN-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...) +CAN-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...) +CAN-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...) +CAN-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...) +CAN-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...) +CAN-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...) +CAN-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...) +CAN-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...) +CAN-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...) +CAN-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...) +CAN-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...) +CAN-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...) +CAN-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...) +CAN-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...) +CAN-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...) +CAN-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...) +CAN-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...) +CAN-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...) +CAN-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...) +CAN-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...) +CAN-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...) +CAN-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...) +CAN-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...) +CAN-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...) +CAN-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...) +CAN-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...) +CAN-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...) +CAN-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...) +CAN-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...) +CAN-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) +CAN-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) +CAN-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) +CAN-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) +CAN-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...) +CAN-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...) +CAN-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...) +CAN-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...) +CAN-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...) +CAN-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...) +CAN-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...) +CAN-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...) +CAN-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...) +CAN-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...) +CAN-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...) +CAN-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) +CAN-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) +CAN-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) +CAN-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) +CAN-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...) +CAN-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...) +CAN-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...) +CAN-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) +CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) +CAN-1999-1108 + NOTE: rejected +CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) +CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...) +CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) +CAN-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) +CAN-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) +CAN-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) +CAN-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...) +CAN-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...) +CAN-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...) +CAN-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...) +CAN-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...) +CAN-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, ...) +CAN-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...) +CAN-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...) +CAN-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...) +CAN-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...) +CAN-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...) +CAN-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...) +CAN-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...) +CAN-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...) +CAN-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...) +CAN-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...) +CAN-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...) +CAN-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...) +CAN-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...) +CAN-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...) +CAN-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...) +CAN-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...) +CAN-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...) +CAN-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...) +CAN-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...) +CAN-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...) +CAN-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...) +CAN-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...) +CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...) +CAN-1999-1056 + NOTE: rejected +CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...) +CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) +CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) +CAN-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) +CAN-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) +CAN-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...) +CAN-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) +CAN-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) +CAN-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) +CAN-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) +CAN-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...) +CAN-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...) +CAN-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...) +CAN-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) +CAN-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) +CAN-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) +CAN-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) +CAN-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...) +CAN-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...) +CAN-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...) +CAN-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...) +CAN-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...) +CAN-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...) +CAN-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...) +CAN-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...) +CAN-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) +CAN-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) +CAN-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) +CAN-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) +CAN-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...) +CAN-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...) +CAN-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...) +CAN-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...) +CAN-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) +CAN-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) +CAN-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) +CAN-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) +CAN-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...) +CAN-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...) +CAN-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...) +CAN-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...) +CAN-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...) +CAN-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...) +CAN-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...) +CAN-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...) +CAN-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...) +CAN-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...) +CAN-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...) +CAN-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...) +CAN-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...) +CAN-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...) +CAN-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...) +CAN-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) +CAN-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) +CAN-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) +CAN-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) +CAN-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...) +CAN-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...) +CAN-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...) +CAN-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...) +CAN-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...) +CAN-1999-0855 (Buffer overflow in FreeBSD gdc program. ...) +CAN-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...) +CAN-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...) +CAN-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...) +CAN-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...) +CAN-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...) +CAN-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...) +CAN-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...) +CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs via the -f ...) +CAN-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...) +CAN-1999-0829 (HP Secure Web Console uses weak encryption. ...) +CAN-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) +CAN-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) +CAN-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) +CAN-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) +CAN-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...) +CAN-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...) +CAN-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...) +CAN-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...) +CAN-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...) +CAN-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...) +CAN-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...) +CAN-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...) +CAN-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...) +CAN-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...) +CAN-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...) +CAN-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...) +CAN-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...) +CAN-1999-0748 (Buffer overflows in Red Hat net-tools package. ...) +CAN-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) +CAN-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) +CAN-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) +CAN-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) +CAN-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) +CAN-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) +CAN-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) +CAN-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...) +CAN-1999-0677 (The WebRamp web administration utility has a default password. ...) +CAN-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...) +CAN-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...) +CAN-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for ...) +CAN-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...) +CAN-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...) +CAN-1999-0664 (An application-critical Windows NT registry key has inappropriate ...) +CAN-1999-0663 (A system-critical program, library, or file has a checksum or other ...) +CAN-1999-0662 (A system-critical program or library does not have the appropriate ...) +CAN-1999-0661 (A system is running a version of software that was replaced with a ...) +CAN-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...) +CAN-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...) +CAN-1999-0658 (DCOM is running. ...) +CAN-1999-0657 (WinGate is being used. ...) +CAN-1999-0656 (The ugidd service is running. ...) +CAN-1999-0655 (A service may include useful information in its banner or help ...) +CAN-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...) +CAN-1999-0653 (A component service related to NIS+ is running. ...) +CAN-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...) +CAN-1999-0651 (The rsh/rlogin service is running. ...) +CAN-1999-0650 (The netstat service is running. ...) +CAN-1999-0649 (The FSP service is running. ...) +CAN-1999-0648 (The X25 service is running. ...) +CAN-1999-0647 (The bootparam (bootparamd) service is running. ...) +CAN-1999-0646 (The LDAP service is running. ...) +CAN-1999-0645 (The IRC service is running. ...) +CAN-1999-0644 (The NNTP news service is running. ...) +CAN-1999-0643 (The IMAP service is running. ...) +CAN-1999-0642 (A POP service is running. ...) +CAN-1999-0641 (The UUCP service is running. ...) +CAN-1999-0640 (The Gopher service is running. ...) +CAN-1999-0639 (The chargen service is running. ...) +CAN-1999-0638 (The daytime service is running. ...) +CAN-1999-0637 (The systat service is running. ...) +CAN-1999-0636 (The discard service is running. ...) +CAN-1999-0635 (The echo service is running. ...) +CAN-1999-0634 (The SSH service is running. ...) +CAN-1999-0633 (The HTTP/WWW service is running. ...) +CAN-1999-0632 (The RPC portmapper service is running. ...) +CAN-1999-0631 (The NFS service is running. ...) +CAN-1999-0630 (The NT Alerter and Messenger services are running. ...) +CAN-1999-0629 (The ident/identd service is running. ...) +CAN-1999-0625 (The rpc.rquotad service is running. ...) +CAN-1999-0624 (The rstat/rstatd service is running. ...) +CAN-1999-0623 (The X Windows service is running. ...) +CAN-1999-0622 (A component service related to DNS service is running. ...) +CAN-1999-0621 (A component service related to NETBIOS is running. ...) +CAN-1999-0620 (A component service related to NIS is running. ...) +CAN-1999-0619 (The Telnet service is running. ...) +CAN-1999-0618 (The rexec service is running. ...) +CAN-1999-0617 (The SMTP service is running. ...) +CAN-1999-0616 (The TFTP service is running. ...) +CAN-1999-0615 (The SNMP service is running. ...) +CAN-1999-0614 (The FTP service is running. ...) +CAN-1999-0613 (The rpc.sprayd service is running. ...) +CAN-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...) +CAN-1999-0610 (An incorrect configuration of the Webcart CGI program ...) +CAN-1999-0609 (An incorrect configuration of the SoftCart CGI program ...) +CAN-1999-0607 (An incorrect configuration of the QuikStore shopping cart ...) +CAN-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart ...) +CAN-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart ...) +CAN-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...) +CAN-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...) +CAN-1999-0602 (A network intrusion detection system (IDS) does not properly ...) +CAN-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...) +CAN-1999-0600 (A network intrusion detection system (IDS) does not verify the ...) +CAN-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...) +CAN-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...) +CAN-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...) +CAN-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...) +CAN-1999-0595 (A Windows NT system does not clear the system page file during ...) +CAN-1999-0594 (A Windows NT system does not restrict access to removable media drives ...) +CAN-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...) +CAN-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...) +CAN-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...) +CAN-1999-0590 (A system does not present an appropriate legal message or warning to a ...) +CAN-1999-0589 (A system-critical Windows NT registry key has inappropriate ...) +CAN-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...) +CAN-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...) +CAN-1999-0586 (A network service is running on a nonstandard port. ...) +CAN-1999-0585 (A Windows NT administrator account has the default name of ...) +CAN-1999-0584 (A Windows NT file system is not NTFS. ...) +CAN-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...) +CAN-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...) +CAN-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...) +CAN-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...) +CAN-1999-0579 (A Windows NT system's registry audit policy does not log an event ...) +CAN-1999-0578 (A Windows NT system's registry audit policy does not log an event ...) +CAN-1999-0577 (A Windows NT system's file audit policy does not log an event success ...) +CAN-1999-0576 (A Windows NT system's file audit policy does not log an event success ...) +CAN-1999-0575 (A Windows NT system's user audit policy does not log an event success ...) +CAN-1999-0572 (.reg files are associated with the Windows NT registry editor ...) +CAN-1999-0571 (A router's configuration service or management interface (such as a ...) +CAN-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...) +CAN-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...) +CAN-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...) +CAN-1999-0565 (A Sendmail alias allows input to be piped to a program. ...) +CAN-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...) +CAN-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) +CAN-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) +CAN-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) +CAN-1999-0559 (A system-critical Unix file or directory has inappropriate ...) + - webmin 1.160-1 +CAN-1999-0556 (Two or more Unix accounts have the same UID. ...) +CAN-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root ...) +CAN-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...) +CAN-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...) +CAN-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...) +CAN-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...) +CAN-1999-0547 (An SSH server allows authentication through the .rhosts file. ...) +CAN-1999-0546 (The Windows NT guest account is enabled. ...) +CAN-1999-0541 (A password for accessing a WWW URL is guessable. ...) +CAN-1999-0539 (A trust relationship exists between two Unix hosts. ...) +CAN-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) +CAN-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) +CAN-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) +CAN-1999-0533 (A DNS server allows inverse queries. ...) +CAN-1999-0532 (A DNS server allows zone transfers. ...) +CAN-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...) +CAN-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...) +CAN-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...) +CAN-1999-0528 (A router or firewall forwards external packets that claim to come from ...) +CAN-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...) +CAN-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) +CAN-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...) +CAN-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) +CAN-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...) +CAN-1999-0521 (An NIS domain name is easily guessable. ...) +CAN-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...) +CAN-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...) +CAN-1999-0518 (A NETBIOS/SMB share password is guessable. ...) +CAN-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...) +CAN-1999-0516 (An SNMP community name is guessable. ...) +CAN-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...) +CAN-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...) +CAN-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...) +CAN-1999-0510 (A router or firewall allows source routed packets from arbitrary ...) +CAN-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...) +CAN-1999-0508 (An account on a router, firewall, or other network device has a ...) +CAN-1999-0507 (An account on a router, firewall, or other network device has a guessable ...) +CAN-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...) +CAN-1999-0505 (A Windows NT domain user or administrator account has a guessable ...) +CAN-1999-0504 (A Windows NT local user or administrator account has a default, null, ...) +CAN-1999-0503 (A Windows NT local user or administrator account has a guessable ...) +CAN-1999-0502 (A Unix account has a default, null, blank, or missing password. ...) +CAN-1999-0501 (A Unix account has a guessable password. ...) +CAN-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...) +CAN-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...) +CAN-1999-0497 (Anonymous FTP is enabled. ...) +CAN-1999-0495 (A remote attacker can gain access to a file system using .. (dot dot) ...) +CAN-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) +CAN-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) +CAN-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) +CAN-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) +CAN-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) +CAN-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) +CAN-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...) +CAN-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...) +CAN-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...) +CAN-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...) +CAN-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...) +CAN-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...) +CAN-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...) +CAN-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...) +CAN-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...) +CAN-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...) +CAN-1999-0454 (A remote attacker can sometimes identify the operating system of a ...) +CAN-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...) +CAN-1999-0452 (A service or application has a backdoor password that was placed there ...) +CAN-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...) +CAN-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...) +CAN-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...) +CAN-1999-0443 (Patrol management software allows a remote attacker to conduct a ...) +CAN-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...) +CAN-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...) +CAN-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...) +CAN-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...) +CAN-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...) +CAN-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...) +CAN-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...) +CAN-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...) +CAN-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...) +CAN-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...) +CAN-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...) +CAN-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...) +CAN-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...) +CAN-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...) +CAN-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...) +CAN-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...) +CAN-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...) +CAN-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...) +CAN-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...) +CAN-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...) +CAN-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...) +CAN-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...) +CAN-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...) +CAN-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...) +CAN-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...) +CAN-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...) +CAN-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...) +CAN-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...) +CAN-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...) +CAN-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...) +CAN-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...) +CAN-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...) +CAN-1999-0317 (Buffer overflow in Linux su command gives root access to local ...) +CAN-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...) +CAN-1999-0306 (buffer overflow in HP xlock program. ...) +CAN-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...) +CAN-1999-0287 (Vulnerability in the Wguest CGI program. ...) +CAN-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...) +CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...) +CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...) +CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...) +CAN-1999-0282 (Vulnerabilities in loadmodule and modload programs in SunOS and ...) +CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...) +CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...) +CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...) +CAN-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...) +CAN-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...) +CAN-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...) +CAN-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...) +CAN-1999-0250 (Denial of service in Qmail through long SMTP commands. ...) +CAN-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...) +CAN-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...) +CAN-1999-0243 (Linux cfingerd could be exploited to gain root access. ...) +CAN-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...) +CAN-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...) +CAN-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...) +CAN-1999-0238 (php.cgi allows attackers to read any file on the system. ...) +CAN-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...) +CAN-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...) +CAN-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...) +CAN-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...) +CAN-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...) +CAN-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...) +CAN-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...) +CAN-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...) +CAN-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...) +CAN-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...) +CAN-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...) +CAN-1999-0198 (finger .@host on some systems may print information on some user accounts. ...) +CAN-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...) +CAN-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...) +CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...) +CAN-1999-0187 + NOTE: rejected +CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...) +CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...) +CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...) +CAN-1999-0165 (NFS cache poisoning. ...) +CAN-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...) +CAN-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...) +CAN-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...) +CAN-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...) +CAN-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...) +CAN-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...) +CAN-1999-0123 (Race condition in Linux mailx command allows local users to ...) +CAN-1999-0121 (Buffer overflow in dtaction command gives root access. ...) +CAN-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...) +CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...) +CAN-1999-0110 + NOTE: rejected +CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...) +CAN-1999-0106 (Finger redirection allows finger bombs. ...) +CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...) +CAN-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...) +CAN-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...) +CAN-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...) +CAN-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...) +CAN-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...) +CAN-1999-0086 (AIX routed allows remote users to modify sensitive files. ...) +CAN-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...) +CAN-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...) +CAN-1999-0061 (File creation and deletion, and remote execution, in the BSD ...) +CAN-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...) +CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...) +CAN-1999-0020 + NOTE: rejected +CAN-1999-0015 (Teardrop IP denial of service. ...) +CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...) +CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...) diff --git a/data/CVE/1999.list b/data/CVE/1999.list new file mode 100644 index 0000000000..5accef86a5 --- /dev/null +++ b/data/CVE/1999.list @@ -0,0 +1,2010 @@ +CVE-2002-0379 +CVE-2002-0377 +CVE-2002-0376 +CVE-2002-0374 +CVE-2002-0373 +CVE-2002-0372 +CVE-2002-0369 +CVE-2002-0368 +CVE-2002-0367 +CVE-2002-0366 +CVE-2002-0364 +CVE-2002-0363 +CVE-2002-0362 +CVE-2002-0359 +CVE-2002-0358 +CVE-2002-0357 +CVE-2002-0356 +CVE-2002-0355 +CVE-2002-0339 +CVE-2002-0330 +CVE-2002-0329 +CVE-2002-0318 +CVE-2002-0313 +CVE-2002-0309 +CVE-2002-0302 +CVE-2002-0300 +CVE-2002-0299 +CVE-2002-0292 +CVE-2002-0290 +CVE-2002-0287 +CVE-2002-0276 +CVE-2002-0275 +CVE-2002-0274 +CVE-2002-0267 +CVE-2002-0265 +CVE-2002-0251 +CVE-2002-0250 +CVE-2002-0246 +CVE-2002-0241 +CVE-2002-0237 +CVE-2002-0226 +CVE-2002-0213 +CVE-2002-0211 +CVE-2002-0209 +CVE-2002-0207 +CVE-2002-0197 +CVE-2002-0196 +CVE-2002-0193 +CVE-2002-0191 +CVE-2002-0190 +CVE-2002-0188 +CVE-2002-0187 +CVE-2002-0186 +CVE-2002-0185 +CVE-2002-0184 +CVE-2002-0181 +CVE-2002-0179 +CVE-2002-0178 +CVE-2002-0176 +CVE-2002-0175 +CVE-2002-0174 +CVE-2002-0173 +CVE-2002-0172 +CVE-2002-0171 +CVE-2002-0170 +CVE-2002-0169 +CVE-2002-0168 +CVE-2002-0167 +CVE-2002-0166 +CVE-2002-0163 +CVE-2002-0160 +CVE-2002-0159 +CVE-2002-0158 +CVE-2002-0157 +CVE-2002-0155 +CVE-2002-0153 +CVE-2002-0152 +CVE-2002-0151 +CVE-2002-0150 +CVE-2002-0149 +CVE-2002-0148 +CVE-2002-0147 +CVE-2002-0146 +CVE-2002-0143 +CVE-2002-0139 +CVE-2002-0128 +CVE-2002-0123 +CVE-2002-0121 +CVE-2002-0120 +CVE-2002-0117 +CVE-2002-0115 +CVE-2002-0111 +CVE-2002-0107 +CVE-2002-0098 +CVE-2002-0097 +CVE-2002-0096 +CVE-2002-0095 +CVE-2002-0094 +CVE-2002-0092 +CVE-2002-0090 +CVE-2002-0083 +CVE-2002-0082 +CVE-2002-0081 +CVE-2002-0080 +CVE-2002-0079 +CVE-2002-0078 +CVE-2002-0076 +CVE-2002-0075 +CVE-2002-0074 +CVE-2002-0073 +CVE-2002-0072 +CVE-2002-0071 +CVE-2002-0070 +CVE-2002-0069 +CVE-2002-0068 +CVE-2002-0067 +CVE-2002-0066 +CVE-2002-0065 +CVE-2002-0064 +CVE-2002-0063 +CVE-2002-0062 +CVE-2002-0061 +CVE-2002-0060 +CVE-2002-0059 +CVE-2002-0057 +CVE-2002-0055 +CVE-2002-0054 +CVE-2002-0052 +CVE-2002-0051 +CVE-2002-0050 +CVE-2002-0049 +CVE-2002-0047 +CVE-2002-0046 +CVE-2002-0045 +CVE-2002-0044 +CVE-2002-0043 +CVE-2002-0042 +CVE-2002-0040 +CVE-2002-0038 +CVE-2002-0036 +CVE-2002-0033 +CVE-2002-0032 +CVE-2002-0028 +CVE-2002-0027 +CVE-2002-0026 +CVE-2002-0025 +CVE-2002-0024 +CVE-2002-0023 +CVE-2002-0022 +CVE-2002-0021 +CVE-2002-0020 +CVE-2002-0018 +CVE-2002-0017 +CVE-2002-0014 +CVE-2002-0011 +CVE-2002-0009 +CVE-2002-0007 +CVE-2002-0006 +CVE-2002-0005 +CVE-2002-0004 +CVE-2002-0003 +CVE-2002-0002 +CVE-2001-1407 +CVE-2001-1406 +CVE-2001-1391 +CVE-2001-1386 +CVE-2001-1385 +CVE-2001-1383 +CVE-2001-1382 +CVE-2001-1380 +CVE-2001-1378 +CVE-2001-1375 +CVE-2001-1374 +CVE-2001-1373 +CVE-2001-1372 +CVE-2001-1371 +CVE-2001-1370 +CVE-2001-1369 +CVE-2001-1367 +CVE-2001-1359 +CVE-2001-1352 +CVE-2001-1351 +CVE-2001-1350 +CVE-2001-1349 +CVE-2001-1347 +CVE-2001-1345 +CVE-2001-1342 +CVE-2001-1334 +CVE-2001-1328 +CVE-2001-1327 +CVE-2001-1322 +CVE-2001-1303 +CVE-2001-1302 +CVE-2001-1301 +CVE-2001-1299 +CVE-2001-1297 +CVE-2001-1296 +CVE-2001-1295 +CVE-2001-1291 +CVE-2001-1279 +CVE-2001-1277 +CVE-2001-1276 +CVE-2001-1267 +CVE-2001-1266 +CVE-2001-1252 +CVE-2001-1251 +CVE-2001-1247 +CVE-2001-1246 +CVE-2001-1240 +CVE-2001-1237 +CVE-2001-1236 +CVE-2001-1235 +CVE-2001-1234 +CVE-2001-1231 +CVE-2001-1227 +CVE-2001-1215 +CVE-2001-1203 +CVE-2001-1201 +CVE-2001-1200 +CVE-2001-1199 +CVE-2001-1193 +CVE-2001-1186 +CVE-2001-1185 +CVE-2001-1183 +CVE-2001-1180 +CVE-2001-1177 +CVE-2001-1176 +CVE-2001-1175 +CVE-2001-1174 +CVE-2001-1172 +CVE-2001-1166 +CVE-2001-1162 +CVE-2001-1161 +CVE-2001-1160 +CVE-2001-1158 +CVE-2001-1155 +CVE-2001-1153 +CVE-2001-1149 +CVE-2001-1147 +CVE-2001-1146 +CVE-2001-1145 +CVE-2001-1144 +CVE-2001-1141 +CVE-2001-1132 +CVE-2001-1130 +CVE-2001-1121 +CVE-2001-1119 +CVE-2001-1118 +CVE-2001-1117 +CVE-2001-1116 +CVE-2001-1113 +CVE-2001-1108 +CVE-2001-1106 +CVE-2001-1103 +CVE-2001-1100 +CVE-2001-1099 +CVE-2001-1098 +CVE-2001-1096 +CVE-2001-1095 +CVE-2001-1089 +CVE-2001-1088 +CVE-2001-1085 +CVE-2001-1084 +CVE-2001-1083 +CVE-2001-1081 +CVE-2001-1080 +CVE-2001-1079 +CVE-2001-1075 +CVE-2001-1074 +CVE-2001-1072 +CVE-2001-1071 +CVE-2001-1069 +CVE-2001-1067 +CVE-2001-1066 +CVE-2001-1063 +CVE-2001-1062 +CVE-2001-1059 +CVE-2001-1056 +CVE-2001-1055 +CVE-2001-1054 +CVE-2001-1053 +CVE-2001-1049 +CVE-2001-1048 +CVE-2001-1046 +CVE-2001-1043 +CVE-2001-1038 +CVE-2001-1037 +CVE-2001-1036 +CVE-2001-1035 +CVE-2001-1032 +CVE-2001-1030 +CVE-2001-1029 +CVE-2001-1028 +CVE-2001-1027 +CVE-2001-1022 +CVE-2001-1020 +CVE-2001-1017 +CVE-2001-1016 +CVE-2001-1011 +CVE-2001-1010 +CVE-2001-1008 +CVE-2001-1002 +CVE-2001-0998 +CVE-2001-0995 +CVE-2001-0993 +CVE-2001-0987 +CVE-2001-0982 +CVE-2001-0981 +CVE-2001-0980 +CVE-2001-0978 +CVE-2001-0977 +CVE-2001-0973 +CVE-2001-0969 +CVE-2001-0965 +CVE-2001-0963 +CVE-2001-0962 +CVE-2001-0961 +CVE-2001-0960 +CVE-2001-0959 +CVE-2001-0954 +CVE-2001-0951 +CVE-2001-0946 +CVE-2001-0940 +CVE-2001-0939 +CVE-2001-0936 +CVE-2001-0929 +CVE-2001-0921 +CVE-2001-0920 +CVE-2001-0918 +CVE-2001-0917 +CVE-2001-0914 +CVE-2001-0912 +CVE-2001-0909 +CVE-2001-0907 +CVE-2001-0906 +CVE-2001-0905 +CVE-2001-0902 +CVE-2001-0901 +CVE-2001-0900 +CVE-2001-0899 +CVE-2001-0896 +CVE-2001-0895 +CVE-2001-0894 +CVE-2001-0891 +CVE-2001-0889 +CVE-2001-0888 +CVE-2001-0887 +CVE-2001-0886 +CVE-2001-0884 +CVE-2001-0879 +CVE-2001-0877 +CVE-2001-0876 +CVE-2001-0875 +CVE-2001-0874 +CVE-2001-0873 +CVE-2001-0872 +CVE-2001-0869 +CVE-2001-0867 +CVE-2001-0866 +CVE-2001-0865 +CVE-2001-0864 +CVE-2001-0863 +CVE-2001-0862 +CVE-2001-0861 +CVE-2001-0860 +CVE-2001-0859 +CVE-2001-0857 +CVE-2001-0852 +CVE-2001-0851 +CVE-2001-0850 +CVE-2001-0846 +CVE-2001-0843 +CVE-2001-0837 +CVE-2001-0836 +CVE-2001-0834 +CVE-2001-0833 +CVE-2001-0830 +CVE-2001-0828 +CVE-2001-0825 +CVE-2001-0823 +CVE-2001-0822 +CVE-2001-0819 +CVE-2001-0816 +CVE-2001-0815 +CVE-2001-0806 +CVE-2001-0805 +CVE-2001-0804 +CVE-2001-0803 +CVE-2001-0801 +CVE-2001-0797 +CVE-2001-0796 +CVE-2001-0792 +CVE-2001-0787 +CVE-2001-0784 +CVE-2001-0779 +CVE-2001-0774 +CVE-2001-0773 +CVE-2001-0770 +CVE-2001-0769 +CVE-2001-0765 +CVE-2001-0764 +CVE-2001-0763 +CVE-2001-0760 +CVE-2001-0757 +CVE-2001-0754 +CVE-2001-0752 +CVE-2001-0751 +CVE-2001-0750 +CVE-2001-0749 +CVE-2001-0748 +CVE-2001-0745 +CVE-2001-0741 +CVE-2001-0740 +CVE-2001-0739 +CVE-2001-0738 +CVE-2001-0733 +CVE-2001-0731 +CVE-2001-0730 +CVE-2001-0728 +CVE-2001-0727 +CVE-2001-0726 +CVE-2001-0724 +CVE-2001-0723 +CVE-2001-0722 +CVE-2001-0720 +CVE-2001-0719 +CVE-2001-0718 +CVE-2001-0717 +CVE-2001-0716 +CVE-2001-0710 +CVE-2001-0706 +CVE-2001-0701 +CVE-2001-0700 +CVE-2001-0699 +CVE-2001-0698 +CVE-2001-0697 +CVE-2001-0696 +CVE-2001-0692 +CVE-2001-0690 +CVE-2001-0686 +CVE-2001-0685 +CVE-2001-0682 +CVE-2001-0680 +CVE-2001-0677 +CVE-2001-0676 +CVE-2001-0675 +CVE-2001-0670 +CVE-2001-0668 +CVE-2001-0667 +CVE-2001-0666 +CVE-2001-0665 +CVE-2001-0664 +CVE-2001-0663 +CVE-2001-0662 +CVE-2001-0660 +CVE-2001-0659 +CVE-2001-0658 +CVE-2001-0653 +CVE-2001-0652 +CVE-2001-0650 +CVE-2001-0648 +CVE-2001-0646 +CVE-2001-0644 +CVE-2001-0643 +CVE-2001-0641 +CVE-2001-0635 +CVE-2001-0634 +CVE-2001-0631 +CVE-2001-0630 +CVE-2001-0629 +CVE-2001-0628 +CVE-2001-0627 +CVE-2001-0626 +CVE-2001-0625 +CVE-2001-0622 +CVE-2001-0621 +CVE-2001-0616 +CVE-2001-0615 +CVE-2001-0613 +CVE-2001-0612 +CVE-2001-0611 +CVE-2001-0596 +CVE-2001-0595 +CVE-2001-0594 +CVE-2001-0593 +CVE-2001-0591 +CVE-2001-0590 +CVE-2001-0589 +CVE-2001-0586 +CVE-2001-0585 +CVE-2001-0574 +CVE-2001-0573 +CVE-2001-0567 +CVE-2001-0565 +CVE-2001-0564 +CVE-2001-0563 +CVE-2001-0560 +CVE-2001-0559 +CVE-2001-0558 +CVE-2001-0554 +CVE-2001-0553 +CVE-2001-0550 +CVE-2001-0549 +CVE-2001-0548 +CVE-2001-0547 +CVE-2001-0546 +CVE-2001-0545 +CVE-2001-0544 +CVE-2001-0543 +CVE-2001-0541 +CVE-2001-0540 +CVE-2001-0538 +CVE-2001-0537 +CVE-2001-0533 +CVE-2001-0530 +CVE-2001-0529 +CVE-2001-0528 +CVE-2001-0527 +CVE-2001-0526 +CVE-2001-0525 +CVE-2001-0522 +CVE-2001-0518 +CVE-2001-0517 +CVE-2001-0514 +CVE-2001-0513 +CVE-2001-0508 +CVE-2001-0507 +CVE-2001-0506 +CVE-2001-0504 +CVE-2001-0503 +CVE-2001-0502 +CVE-2001-0501 +CVE-2001-0500 +CVE-2001-0497 +CVE-2001-0495 +CVE-2001-0494 +CVE-2001-0493 +CVE-2001-0489 +CVE-2001-0488 +CVE-2001-0487 +CVE-2001-0486 +CVE-2001-0485 +CVE-2001-0482 +CVE-2001-0481 +CVE-2001-0475 +CVE-2001-0474 +CVE-2001-0473 +CVE-2001-0469 +CVE-2001-0467 +CVE-2001-0465 +CVE-2001-0463 +CVE-2001-0462 +CVE-2001-0461 +CVE-2001-0457 +CVE-2001-0456 +CVE-2001-0455 +CVE-2001-0449 +CVE-2001-0444 +CVE-2001-0442 +CVE-2001-0440 +CVE-2001-0439 +CVE-2001-0434 +CVE-2001-0430 +CVE-2001-0429 +CVE-2001-0428 +CVE-2001-0427 +CVE-2001-0423 +CVE-2001-0422 +CVE-2001-0416 +CVE-2001-0414 +CVE-2001-0413 +CVE-2001-0412 +CVE-2001-0409 +CVE-2001-0408 +CVE-2001-0407 +CVE-2001-0405 +CVE-2001-0402 +CVE-2001-0394 +CVE-2001-0388 +CVE-2001-0387 +CVE-2001-0386 +CVE-2001-0383 +CVE-2001-0379 +CVE-2001-0378 +CVE-2001-0377 +CVE-2001-0375 +CVE-2001-0373 +CVE-2001-0371 +CVE-2001-0368 +CVE-2001-0366 +CVE-2001-0365 +CVE-2001-0364 +CVE-2001-0361 +CVE-2001-0353 +CVE-2001-0351 +CVE-2001-0348 +CVE-2001-0347 +CVE-2001-0346 +CVE-2001-0345 +CVE-2001-0344 +CVE-2001-0341 +CVE-2001-0340 +CVE-2001-0339 +CVE-2001-0338 +CVE-2001-0336 +CVE-2001-0335 +CVE-2001-0334 +CVE-2001-0333 +CVE-2001-0331 +CVE-2001-0330 +CVE-2001-0327 +CVE-2001-0326 +CVE-2001-0321 +CVE-2001-0319 +CVE-2001-0318 +CVE-2001-0317 +CVE-2001-0316 +CVE-2001-0311 +CVE-2001-0310 +CVE-2001-0309 +CVE-2001-0301 +CVE-2001-0299 +CVE-2001-0295 +CVE-2001-0290 +CVE-2001-0289 +CVE-2001-0288 +CVE-2001-0287 +CVE-2001-0284 +CVE-2001-0280 +CVE-2001-0279 +CVE-2001-0278 +CVE-2001-0276 +CVE-2001-0274 +CVE-2001-0269 +CVE-2001-0268 +CVE-2001-0267 +CVE-2001-0266 +CVE-2001-0265 +CVE-2001-0260 +CVE-2001-0259 +CVE-2001-0252 +CVE-2001-0245 +CVE-2001-0244 +CVE-2001-0243 +CVE-2001-0241 +CVE-2001-0240 +CVE-2001-0239 +CVE-2001-0238 +CVE-2001-0237 +CVE-2001-0236 +CVE-2001-0235 +CVE-2001-0234 +CVE-2001-0233 +CVE-2001-0230 +CVE-2001-0222 +CVE-2001-0221 +CVE-2001-0219 +CVE-2001-0218 +CVE-2001-0215 +CVE-2001-0207 +CVE-2001-0204 +CVE-2001-0203 +CVE-2001-0197 +CVE-2001-0196 +CVE-2001-0195 +CVE-2001-0194 +CVE-2001-0193 +CVE-2001-0191 +CVE-2001-0190 +CVE-2001-0189 +CVE-2001-0187 +CVE-2001-0185 +CVE-2001-0183 +CVE-2001-0182 +CVE-2001-0179 +CVE-2001-0178 +CVE-2001-0176 +CVE-2001-0175 +CVE-2001-0174 +CVE-2001-0170 +CVE-2001-0169 +CVE-2001-0166 +CVE-2001-0165 +CVE-2001-0164 +CVE-2001-0157 +CVE-2001-0156 +CVE-2001-0155 +CVE-2001-0154 +CVE-2001-0153 +CVE-2001-0152 +CVE-2001-0151 +CVE-2001-0150 +CVE-2001-0149 +CVE-2001-0148 +CVE-2001-0147 +CVE-2001-0144 +CVE-2001-0143 +CVE-2001-0142 +CVE-2001-0141 +CVE-2001-0140 +CVE-2001-0139 +CVE-2001-0138 +CVE-2001-0137 +CVE-2001-0136 +CVE-2001-0130 +CVE-2001-0129 +CVE-2001-0128 +CVE-2001-0126 +CVE-2001-0125 +CVE-2001-0124 +CVE-2001-0123 +CVE-2001-0122 +CVE-2001-0121 +CVE-2001-0120 +CVE-2001-0119 +CVE-2001-0118 +CVE-2001-0117 +CVE-2001-0116 +CVE-2001-0115 +CVE-2001-0111 +CVE-2001-0110 +CVE-2001-0109 +CVE-2001-0108 +CVE-2001-0106 +CVE-2001-0105 +CVE-2001-0100 +CVE-2001-0099 +CVE-2001-0096 +CVE-2001-0095 +CVE-2001-0094 +CVE-2001-0092 +CVE-2001-0091 +CVE-2001-0090 +CVE-2001-0089 +CVE-2001-0085 +CVE-2001-0083 +CVE-2001-0081 +CVE-2001-0080 +CVE-2001-0078 +CVE-2001-0077 +CVE-2001-0072 +CVE-2001-0071 +CVE-2001-0069 +CVE-2001-0066 +CVE-2001-0063 +CVE-2001-0062 +CVE-2001-0061 +CVE-2001-0060 +CVE-2001-0059 +CVE-2001-0058 +CVE-2001-0057 +CVE-2001-0056 +CVE-2001-0055 +CVE-2001-0054 +CVE-2001-0053 +CVE-2001-0050 +CVE-2001-0043 +CVE-2001-0042 +CVE-2001-0041 +CVE-2001-0040 +CVE-2001-0039 +CVE-2001-0036 +CVE-2001-0035 +CVE-2001-0034 +CVE-2001-0033 +CVE-2001-0028 +CVE-2001-0026 +CVE-2001-0021 +CVE-2001-0020 +CVE-2001-0018 +CVE-2001-0017 +CVE-2001-0016 +CVE-2001-0015 +CVE-2001-0014 +CVE-2001-0013 +CVE-2001-0012 +CVE-2001-0011 +CVE-2001-0010 +CVE-2001-0009 +CVE-2001-0008 +CVE-2001-0007 +CVE-2001-0006 +CVE-2001-0005 +CVE-2001-0004 +CVE-2001-0003 +CVE-2001-0002 +CVE-2001-0001 +CVE-2000-1212 +CVE-2000-1211 +CVE-2000-1210 +CVE-2000-1203 +CVE-2000-1200 +CVE-2000-1196 +CVE-2000-1195 +CVE-2000-1193 +CVE-2000-1190 +CVE-2000-1189 +CVE-2000-1187 +CVE-2000-1184 +CVE-2000-1182 +CVE-2000-1181 +CVE-2000-1180 +CVE-2000-1179 +CVE-2000-1178 +CVE-2000-1174 +CVE-2000-1171 +CVE-2000-1170 +CVE-2000-1169 +CVE-2000-1167 +CVE-2000-1166 +CVE-2000-1165 +CVE-2000-1164 +CVE-2000-1163 +CVE-2000-1162 +CVE-2000-1149 +CVE-2000-1148 +CVE-2000-1146 +CVE-2000-1145 +CVE-2000-1144 +CVE-2000-1143 +CVE-2000-1142 +CVE-2000-1141 +CVE-2000-1140 +CVE-2000-1139 +CVE-2000-1137 +CVE-2000-1136 +CVE-2000-1135 +CVE-2000-1132 +CVE-2000-1131 +CVE-2000-1124 +CVE-2000-1123 +CVE-2000-1122 +CVE-2000-1121 +CVE-2000-1120 +CVE-2000-1119 +CVE-2000-1115 +CVE-2000-1113 +CVE-2000-1112 +CVE-2000-1111 +CVE-2000-1109 +CVE-2000-1108 +CVE-2000-1107 +CVE-2000-1106 +CVE-2000-1101 +CVE-2000-1099 +CVE-2000-1097 +CVE-2000-1096 +CVE-2000-1095 +CVE-2000-1094 +CVE-2000-1089 +CVE-2000-1080 +CVE-2000-1077 +CVE-2000-1075 +CVE-2000-1074 +CVE-2000-1073 +CVE-2000-1072 +CVE-2000-1071 +CVE-2000-1070 +CVE-2000-1069 +CVE-2000-1068 +CVE-2000-1061 +CVE-2000-1060 +CVE-2000-1059 +CVE-2000-1058 +CVE-2000-1057 +CVE-2000-1056 +CVE-2000-1055 +CVE-2000-1054 +CVE-2000-1051 +CVE-2000-1050 +CVE-2000-1049 +CVE-2000-1047 +CVE-2000-1045 +CVE-2000-1044 +CVE-2000-1043 +CVE-2000-1042 +CVE-2000-1041 +CVE-2000-1040 +CVE-2000-1038 +CVE-2000-1036 +CVE-2000-1034 +CVE-2000-1032 +CVE-2000-1031 +CVE-2000-1027 +CVE-2000-1026 +CVE-2000-1024 +CVE-2000-1022 +CVE-2000-1019 +CVE-2000-1018 +CVE-2000-1016 +CVE-2000-1014 +CVE-2000-1011 +CVE-2000-1010 +CVE-2000-1007 +CVE-2000-1006 +CVE-2000-1005 +CVE-2000-1004 +CVE-2000-1003 +CVE-2000-1002 +CVE-2000-1001 +CVE-2000-1000 +CVE-2000-0996 +CVE-2000-0995 +CVE-2000-0994 +CVE-2000-0993 +CVE-2000-0992 +CVE-2000-0991 +CVE-2000-0990 +CVE-2000-0989 +CVE-2000-0984 +CVE-2000-0983 +CVE-2000-0982 +CVE-2000-0981 +CVE-2000-0980 +CVE-2000-0979 +CVE-2000-0978 +CVE-2000-0977 +CVE-2000-0976 +CVE-2000-0975 +CVE-2000-0974 +CVE-2000-0973 +CVE-2000-0972 +CVE-2000-0970 +CVE-2000-0969 +CVE-2000-0968 +CVE-2000-0967 +CVE-2000-0966 +CVE-2000-0965 +CVE-2000-0964 +CVE-2000-0962 +CVE-2000-0961 +CVE-2000-0960 +CVE-2000-0959 +CVE-2000-0958 +CVE-2000-0957 +CVE-2000-0956 +CVE-2000-0953 +CVE-2000-0952 +CVE-2000-0951 +CVE-2000-0949 +CVE-2000-0948 +CVE-2000-0947 +CVE-2000-0946 +CVE-2000-0945 +CVE-2000-0944 +CVE-2000-0943 +CVE-2000-0942 +CVE-2000-0941 +CVE-2000-0938 +CVE-2000-0937 +CVE-2000-0936 +CVE-2000-0935 +CVE-2000-0934 +CVE-2000-0933 +CVE-2000-0932 +CVE-2000-0930 +CVE-2000-0929 +CVE-2000-0928 +CVE-2000-0927 +CVE-2000-0926 +CVE-2000-0925 +CVE-2000-0924 +CVE-2000-0923 +CVE-2000-0922 +CVE-2000-0921 +CVE-2000-0920 +CVE-2000-0919 +CVE-2000-0917 +CVE-2000-0915 +CVE-2000-0914 +CVE-2000-0913 +CVE-2000-0912 +CVE-2000-0911 +CVE-2000-0910 +CVE-2000-0909 +CVE-2000-0908 +CVE-2000-0901 +CVE-2000-0900 +CVE-2000-0897 +CVE-2000-0896 +CVE-2000-0895 +CVE-2000-0894 +CVE-2000-0892 +CVE-2000-0891 +CVE-2000-0890 +CVE-2000-0888 +CVE-2000-0887 +CVE-2000-0886 +CVE-2000-0884 +CVE-2000-0883 +CVE-2000-0878 +CVE-2000-0877 +CVE-2000-0876 +CVE-2000-0875 +CVE-2000-0874 +CVE-2000-0873 +CVE-2000-0871 +CVE-2000-0870 +CVE-2000-0869 +CVE-2000-0868 +CVE-2000-0867 +CVE-2000-0865 +CVE-2000-0864 +CVE-2000-0863 +CVE-2000-0862 +CVE-2000-0861 +CVE-2000-0860 +CVE-2000-0859 +CVE-2000-0858 +CVE-2000-0856 +CVE-2000-0854 +CVE-2000-0853 +CVE-2000-0852 +CVE-2000-0851 +CVE-2000-0850 +CVE-2000-0849 +CVE-2000-0848 +CVE-2000-0847 +CVE-2000-0846 +CVE-2000-0844 +CVE-2000-0839 +CVE-2000-0838 +CVE-2000-0837 +CVE-2000-0834 +CVE-2000-0830 +CVE-2000-0829 +CVE-2000-0825 +CVE-2000-0824 +CVE-2000-0818 +CVE-2000-0816 +CVE-2000-0813 +CVE-2000-0811 +CVE-2000-0810 +CVE-2000-0809 +CVE-2000-0808 +CVE-2000-0807 +CVE-2000-0806 +CVE-2000-0805 +CVE-2000-0804 +CVE-2000-0803 +CVE-2000-0799 +CVE-2000-0797 +CVE-2000-0796 +CVE-2000-0795 +CVE-2000-0792 +CVE-2000-0790 +CVE-2000-0788 +CVE-2000-0787 +CVE-2000-0786 +CVE-2000-0783 +CVE-2000-0782 +CVE-2000-0781 +CVE-2000-0780 +CVE-2000-0779 +CVE-2000-0778 +CVE-2000-0777 +CVE-2000-0776 +CVE-2000-0773 +CVE-2000-0771 +CVE-2000-0770 +CVE-2000-0768 +CVE-2000-0767 +CVE-2000-0766 +CVE-2000-0765 +CVE-2000-0764 +CVE-2000-0763 +CVE-2000-0762 +CVE-2000-0761 +CVE-2000-0758 +CVE-2000-0754 +CVE-2000-0753 +CVE-2000-0751 +CVE-2000-0750 +CVE-2000-0749 +CVE-2000-0747 +CVE-2000-0745 +CVE-2000-0744 +CVE-2000-0743 +CVE-2000-0742 +CVE-2000-0741 +CVE-2000-0740 +CVE-2000-0739 +CVE-2000-0738 +CVE-2000-0737 +CVE-2000-0733 +CVE-2000-0732 +CVE-2000-0731 +CVE-2000-0730 +CVE-2000-0729 +CVE-2000-0728 +CVE-2000-0727 +CVE-2000-0726 +CVE-2000-0725 +CVE-2000-0720 +CVE-2000-0718 +CVE-2000-0717 +CVE-2000-0716 +CVE-2000-0712 +CVE-2000-0711 +CVE-2000-0708 +CVE-2000-0707 +CVE-2000-0706 +CVE-2000-0705 +CVE-2000-0703 +CVE-2000-0702 +CVE-2000-0700 +CVE-2000-0699 +CVE-2000-0698 +CVE-2000-0694 +CVE-2000-0693 +CVE-2000-0685 +CVE-2000-0684 +CVE-2000-0683 +CVE-2000-0682 +CVE-2000-0681 +CVE-2000-0679 +CVE-2000-0678 +CVE-2000-0677 +CVE-2000-0676 +CVE-2000-0675 +CVE-2000-0674 +CVE-2000-0673 +CVE-2000-0672 +CVE-2000-0671 +CVE-2000-0670 +CVE-2000-0669 +CVE-2000-0668 +CVE-2000-0666 +CVE-2000-0665 +CVE-2000-0664 +CVE-2000-0663 +CVE-2000-0662 +CVE-2000-0661 +CVE-2000-0660 +CVE-2000-0655 +CVE-2000-0654 +CVE-2000-0652 +CVE-2000-0651 +CVE-2000-0650 +CVE-2000-0644 +CVE-2000-0643 +CVE-2000-0642 +CVE-2000-0641 +CVE-2000-0640 +CVE-2000-0639 +CVE-2000-0638 +CVE-2000-0637 +CVE-2000-0636 +CVE-2000-0635 +CVE-2000-0634 +CVE-2000-0633 +CVE-2000-0632 +CVE-2000-0631 +CVE-2000-0630 +CVE-2000-0628 +CVE-2000-0627 +CVE-2000-0624 +CVE-2000-0622 +CVE-2000-0621 +CVE-2000-0620 +CVE-2000-0619 +CVE-2000-0616 +CVE-2000-0615 +CVE-2000-0613 +CVE-2000-0611 +CVE-2000-0610 +CVE-2000-0604 +CVE-2000-0603 +CVE-2000-0602 +CVE-2000-0601 +CVE-2000-0600 +CVE-2000-0599 +CVE-2000-0598 +CVE-2000-0597 +CVE-2000-0596 +CVE-2000-0595 +CVE-2000-0594 +CVE-2000-0593 +CVE-2000-0591 +CVE-2000-0590 +CVE-2000-0588 +CVE-2000-0587 +CVE-2000-0586 +CVE-2000-0585 +CVE-2000-0584 +CVE-2000-0583 +CVE-2000-0582 +CVE-2000-0581 +CVE-2000-0579 +CVE-2000-0577 +CVE-2000-0576 +CVE-2000-0575 +CVE-2000-0573 +CVE-2000-0571 +CVE-2000-0570 +CVE-2000-0569 +CVE-2000-0568 +CVE-2000-0567 +CVE-2000-0566 +CVE-2000-0565 +CVE-2000-0561 +CVE-2000-0558 +CVE-2000-0557 +CVE-2000-0556 +CVE-2000-0555 +CVE-2000-0553 +CVE-2000-0552 +CVE-2000-0551 +CVE-2000-0550 +CVE-2000-0549 +CVE-2000-0548 +CVE-2000-0542 +CVE-2000-0541 +CVE-2000-0540 +CVE-2000-0539 +CVE-2000-0538 +CVE-2000-0537 +CVE-2000-0536 +CVE-2000-0534 +CVE-2000-0533 +CVE-2000-0532 +CVE-2000-0530 +CVE-2000-0529 +CVE-2000-0528 +CVE-2000-0525 +CVE-2000-0523 +CVE-2000-0522 +CVE-2000-0521 +CVE-2000-0519 +CVE-2000-0518 +CVE-2000-0517 +CVE-2000-0516 +CVE-2000-0515 +CVE-2000-0514 +CVE-2000-0513 +CVE-2000-0512 +CVE-2000-0511 +CVE-2000-0510 +CVE-2000-0508 +CVE-2000-0507 +CVE-2000-0506 +CVE-2000-0505 +CVE-2000-0504 +CVE-2000-0502 +CVE-2000-0501 +CVE-2000-0500 +CVE-2000-0499 +CVE-2000-0498 +CVE-2000-0497 +CVE-2000-0495 +CVE-2000-0494 +CVE-2000-0493 +CVE-2000-0490 +CVE-2000-0489 +CVE-2000-0488 +CVE-2000-0486 +CVE-2000-0485 +CVE-2000-0484 +CVE-2000-0483 +CVE-2000-0482 +CVE-2000-0481 +CVE-2000-0478 +CVE-2000-0477 +CVE-2000-0475 +CVE-2000-0474 +CVE-2000-0472 +CVE-2000-0471 +CVE-2000-0470 +CVE-2000-0469 +CVE-2000-0468 +CVE-2000-0467 +CVE-2000-0466 +CVE-2000-0465 +CVE-2000-0464 +CVE-2000-0463 +CVE-2000-0462 +CVE-2000-0461 +CVE-2000-0460 +CVE-2000-0459 +CVE-2000-0458 +CVE-2000-0457 +CVE-2000-0456 +CVE-2000-0455 +CVE-2000-0454 +CVE-2000-0453 +CVE-2000-0452 +CVE-2000-0451 +CVE-2000-0448 +CVE-2000-0447 +CVE-2000-0446 +CVE-2000-0445 +CVE-2000-0443 +CVE-2000-0442 +CVE-2000-0441 +CVE-2000-0440 +CVE-2000-0439 +CVE-2000-0438 +CVE-2000-0437 +CVE-2000-0436 +CVE-2000-0435 +CVE-2000-0432 +CVE-2000-0431 +CVE-2000-0430 +CVE-2000-0428 +CVE-2000-0427 +CVE-2000-0426 +CVE-2000-0425 +CVE-2000-0424 +CVE-2000-0421 +CVE-2000-0419 +CVE-2000-0418 +CVE-2000-0417 +CVE-2000-0416 +CVE-2000-0414 +CVE-2000-0411 +CVE-2000-0410 +CVE-2000-0409 +CVE-2000-0408 +CVE-2000-0407 +CVE-2000-0406 +CVE-2000-0405 +CVE-2000-0404 +CVE-2000-0403 +CVE-2000-0402 +CVE-2000-0399 +CVE-2000-0398 +CVE-2000-0397 +CVE-2000-0396 +CVE-2000-0395 +CVE-2000-0394 +CVE-2000-0393 +CVE-2000-0392 +CVE-2000-0391 +CVE-2000-0390 +CVE-2000-0389 +CVE-2000-0388 +CVE-2000-0387 +CVE-2000-0382 +CVE-2000-0381 +CVE-2000-0380 +CVE-2000-0379 +CVE-2000-0378 +CVE-2000-0377 +CVE-2000-0376 +CVE-2000-0375 +CVE-2000-0374 +CVE-2000-0373 +CVE-2000-0372 +CVE-2000-0371 +CVE-2000-0370 +CVE-2000-0369 +CVE-2000-0368 +CVE-2000-0367 +CVE-2000-0366 +CVE-2000-0363 +CVE-2000-0362 +CVE-2000-0361 +CVE-2000-0360 +CVE-2000-0359 +CVE-2000-0356 +CVE-2000-0354 +CVE-2000-0353 +CVE-2000-0352 +CVE-2000-0351 +CVE-2000-0350 +CVE-2000-0349 +CVE-2000-0348 +CVE-2000-0347 +CVE-2000-0346 +CVE-2000-0344 +CVE-2000-0342 +CVE-2000-0341 +CVE-2000-0340 +CVE-2000-0339 +CVE-2000-0338 +CVE-2000-0337 +CVE-2000-0336 +CVE-2000-0335 +CVE-2000-0334 +CVE-2000-0332 +CVE-2000-0331 +CVE-2000-0330 +CVE-2000-0329 +CVE-2000-0328 +CVE-2000-0327 +CVE-2000-0324 +CVE-2000-0323 +CVE-2000-0322 +CVE-2000-0320 +CVE-2000-0319 +CVE-2000-0318 +CVE-2000-0316 +CVE-2000-0315 +CVE-2000-0314 +CVE-2000-0313 +CVE-2000-0311 +CVE-2000-0310 +CVE-2000-0309 +CVE-2000-0308 +CVE-2000-0307 +CVE-2000-0306 +CVE-2000-0305 +CVE-2000-0304 +CVE-2000-0303 +CVE-2000-0302 +CVE-2000-0301 +CVE-2000-0298 +CVE-2000-0297 +CVE-2000-0296 +CVE-2000-0294 +CVE-2000-0292 +CVE-2000-0290 +CVE-2000-0289 +CVE-2000-0287 +CVE-2000-0285 +CVE-2000-0283 +CVE-2000-0282 +CVE-2000-0279 +CVE-2000-0278 +CVE-2000-0277 +CVE-2000-0276 +CVE-2000-0274 +CVE-2000-0273 +CVE-2000-0272 +CVE-2000-0268 +CVE-2000-0267 +CVE-2000-0265 +CVE-2000-0264 +CVE-2000-0263 +CVE-2000-0262 +CVE-2000-0261 +CVE-2000-0260 +CVE-2000-0258 +CVE-2000-0257 +CVE-2000-0255 +CVE-2000-0254 +CVE-2000-0253 +CVE-2000-0252 +CVE-2000-0251 +CVE-2000-0249 +CVE-2000-0247 +CVE-2000-0246 +CVE-2000-0245 +CVE-2000-0243 +CVE-2000-0240 +CVE-2000-0238 +CVE-2000-0237 +CVE-2000-0236 +CVE-2000-0235 +CVE-2000-0234 +CVE-2000-0233 +CVE-2000-0232 +CVE-2000-0231 +CVE-2000-0230 +CVE-2000-0229 +CVE-2000-0228 +CVE-2000-0226 +CVE-2000-0225 +CVE-2000-0224 +CVE-2000-0223 +CVE-2000-0222 +CVE-2000-0221 +CVE-2000-0218 +CVE-2000-0217 +CVE-2000-0215 +CVE-2000-0212 +CVE-2000-0211 +CVE-2000-0210 +CVE-2000-0209 +CVE-2000-0208 +CVE-2000-0207 +CVE-2000-0206 +CVE-2000-0202 +CVE-2000-0201 +CVE-2000-0200 +CVE-2000-0196 +CVE-2000-0195 +CVE-2000-0194 +CVE-2000-0193 +CVE-2000-0192 +CVE-2000-0191 +CVE-2000-0189 +CVE-2000-0186 +CVE-2000-0185 +CVE-2000-0184 +CVE-2000-0183 +CVE-2000-0182 +CVE-2000-0181 +CVE-2000-0180 +CVE-2000-0179 +CVE-2000-0178 +CVE-2000-0175 +CVE-2000-0174 +CVE-2000-0172 +CVE-2000-0171 +CVE-2000-0170 +CVE-2000-0169 +CVE-2000-0168 +CVE-2000-0166 +CVE-2000-0165 +CVE-2000-0164 +CVE-2000-0162 +CVE-2000-0161 +CVE-2000-0159 +CVE-2000-0157 +CVE-2000-0156 +CVE-2000-0152 +CVE-2000-0150 +CVE-2000-0149 +CVE-2000-0148 +CVE-2000-0146 +CVE-2000-0145 +CVE-2000-0144 +CVE-2000-0141 +CVE-2000-0140 +CVE-2000-0139 +CVE-2000-0131 +CVE-2000-0130 +CVE-2000-0128 +CVE-2000-0127 +CVE-2000-0121 +CVE-2000-0120 +CVE-2000-0117 +CVE-2000-0116 +CVE-2000-0113 +CVE-2000-0112 +CVE-2000-0111 +CVE-2000-0107 +CVE-2000-0100 +CVE-2000-0099 +CVE-2000-0098 +CVE-2000-0097 +CVE-2000-0095 +CVE-2000-0094 +CVE-2000-0092 +CVE-2000-0091 +CVE-2000-0090 +CVE-2000-0089 +CVE-2000-0088 +CVE-2000-0087 +CVE-2000-0083 +CVE-2000-0080 +CVE-2000-0076 +CVE-2000-0075 +CVE-2000-0073 +CVE-2000-0072 +CVE-2000-0070 +CVE-2000-0065 +CVE-2000-0064 +CVE-2000-0063 +CVE-2000-0062 +CVE-2000-0060 +CVE-2000-0057 +CVE-2000-0056 +CVE-2000-0053 +CVE-2000-0052 +CVE-2000-0051 +CVE-2000-0050 +CVE-2000-0048 +CVE-2000-0045 +CVE-2000-0044 +CVE-2000-0043 +CVE-2000-0042 +CVE-2000-0041 +CVE-2000-0040 +CVE-2000-0039 +CVE-2000-0037 +CVE-2000-0036 +CVE-2000-0034 +CVE-2000-0033 +CVE-2000-0032 +CVE-2000-0031 +CVE-2000-0030 +CVE-2000-0029 +CVE-2000-0027 +CVE-2000-0026 +CVE-2000-0025 +CVE-2000-0024 +CVE-2000-0023 +CVE-2000-0022 +CVE-2000-0020 +CVE-2000-0018 +CVE-2000-0015 +CVE-2000-0014 +CVE-2000-0013 +CVE-2000-0012 +CVE-2000-0011 +CVE-2000-0010 +CVE-2000-0009 +CVE-2000-0007 +CVE-2000-0006 +CVE-2000-0004 +CVE-2000-0003 +CVE-2000-0002 +CVE-2000-0001 +CVE-1999-1568 +CVE-1999-1565 +CVE-1999-1556 +CVE-1999-1550 +CVE-1999-1542 +CVE-1999-1537 +CVE-1999-1535 +CVE-1999-1531 +CVE-1999-1530 +CVE-1999-1520 +CVE-1999-1512 +CVE-1999-1507 +CVE-1999-1494 +CVE-1999-1490 +CVE-1999-1488 +CVE-1999-1486 +CVE-1999-1481 +CVE-1999-1478 +CVE-1999-1476 +CVE-1999-1473 +CVE-1999-1472 +CVE-1999-1468 +CVE-1999-1456 +CVE-1999-1455 +CVE-1999-1452 +CVE-1999-1437 +CVE-1999-1433 +CVE-1999-1432 +CVE-1999-1423 +CVE-1999-1419 +CVE-1999-1414 +CVE-1999-1411 +CVE-1999-1409 +CVE-1999-1407 +CVE-1999-1402 +CVE-1999-1397 +CVE-1999-1386 +CVE-1999-1385 +CVE-1999-1384 +CVE-1999-1382 +CVE-1999-1380 +CVE-1999-1379 +CVE-1999-1365 +CVE-1999-1363 +CVE-1999-1362 +CVE-1999-1360 +CVE-1999-1359 +CVE-1999-1358 +CVE-1999-1356 +CVE-1999-1351 +CVE-1999-1341 +CVE-1999-1339 +CVE-1999-1337 +CVE-1999-1336 +CVE-1999-1335 +CVE-1999-1333 +CVE-1999-1332 + {DSA-308} +CVE-1999-1331 +CVE-1999-1330 +CVE-1999-1329 +CVE-1999-1328 +CVE-1999-1327 +CVE-1999-1326 +CVE-1999-1325 +CVE-1999-1324 +CVE-1999-1321 +CVE-1999-1320 +CVE-1999-1318 +CVE-1999-1317 +CVE-1999-1316 +CVE-1999-1309 +CVE-1999-1301 +CVE-1999-1298 +CVE-1999-1297 +CVE-1999-1294 +CVE-1999-1290 +CVE-1999-1288 +CVE-1999-1284 +CVE-1999-1279 +CVE-1999-1276 +CVE-1999-1263 +CVE-1999-1262 +CVE-1999-1259 +CVE-1999-1258 +CVE-1999-1249 +CVE-1999-1246 +CVE-1999-1243 +CVE-1999-1233 +CVE-1999-1226 +CVE-1999-1223 +CVE-1999-1222 +CVE-1999-1217 +CVE-1999-1215 +CVE-1999-1214 +CVE-1999-1209 +CVE-1999-1208 +CVE-1999-1205 +CVE-1999-1204 +CVE-1999-1203 +CVE-1999-1201 +CVE-1999-1199 +CVE-1999-1198 +CVE-1999-1197 +CVE-1999-1194 +CVE-1999-1193 +CVE-1999-1192 +CVE-1999-1191 +CVE-1999-1189 +CVE-1999-1188 +CVE-1999-1181 +CVE-1999-1177 +CVE-1999-1175 +CVE-1999-1167 +CVE-1999-1163 +CVE-1999-1162 +CVE-1999-1161 +CVE-1999-1160 +CVE-1999-1159 +CVE-1999-1157 +CVE-1999-1156 +CVE-1999-1148 +CVE-1999-1147 +CVE-1999-1146 +CVE-1999-1145 +CVE-1999-1144 +CVE-1999-1143 +CVE-1999-1142 +CVE-1999-1140 +CVE-1999-1139 +CVE-1999-1138 +CVE-1999-1137 +CVE-1999-1136 +CVE-1999-1132 +CVE-1999-1131 +CVE-1999-1127 +CVE-1999-1122 +CVE-1999-1121 +CVE-1999-1120 +CVE-1999-1119 +CVE-1999-1118 +CVE-1999-1117 +CVE-1999-1116 +CVE-1999-1115 +CVE-1999-1114 +CVE-1999-1111 +CVE-1999-1109 +CVE-1999-1105 +CVE-1999-1104 +CVE-1999-1103 +CVE-1999-1102 +CVE-1999-1100 +CVE-1999-1099 +CVE-1999-1098 +CVE-1999-1094 +CVE-1999-1093 +CVE-1999-1090 +CVE-1999-1087 +CVE-1999-1085 +CVE-1999-1080 +CVE-1999-1074 +CVE-1999-1059 +CVE-1999-1057 +CVE-1999-1055 +CVE-1999-1048 +CVE-1999-1047 +CVE-1999-1045 +CVE-1999-1044 +CVE-1999-1037 +CVE-1999-1035 +CVE-1999-1034 +CVE-1999-1032 +CVE-1999-1028 +CVE-1999-1027 +CVE-1999-1021 +CVE-1999-1019 +CVE-1999-1014 +CVE-1999-1011 +CVE-1999-1010 +CVE-1999-1008 +CVE-1999-1007 +CVE-1999-1005 +CVE-1999-1004 +CVE-1999-1001 +CVE-1999-1000 +CVE-1999-0999 +CVE-1999-0998 +CVE-1999-0997 + {DSA-377} +CVE-1999-0996 +CVE-1999-0995 +CVE-1999-0994 +CVE-1999-0992 +CVE-1999-0991 +CVE-1999-0989 +CVE-1999-0987 +CVE-1999-0986 +CVE-1999-0982 +CVE-1999-0981 +CVE-1999-0980 +CVE-1999-0979 +CVE-1999-0978 +CVE-1999-0977 +CVE-1999-0976 +CVE-1999-0975 +CVE-1999-0974 +CVE-1999-0973 +CVE-1999-0972 +CVE-1999-0971 +CVE-1999-0969 +CVE-1999-0968 +CVE-1999-0967 +CVE-1999-0966 +CVE-1999-0965 +CVE-1999-0964 +CVE-1999-0963 +CVE-1999-0962 +CVE-1999-0961 +CVE-1999-0960 +CVE-1999-0959 +CVE-1999-0958 +CVE-1999-0957 +CVE-1999-0956 +CVE-1999-0955 +CVE-1999-0954 +CVE-1999-0953 +CVE-1999-0951 +CVE-1999-0950 +CVE-1999-0947 +CVE-1999-0946 +CVE-1999-0945 +CVE-1999-0943 +CVE-1999-0942 +CVE-1999-0940 +CVE-1999-0939 +CVE-1999-0938 +CVE-1999-0937 +CVE-1999-0936 +CVE-1999-0935 +CVE-1999-0934 +CVE-1999-0933 +CVE-1999-0932 +CVE-1999-0931 +CVE-1999-0930 +CVE-1999-0928 +CVE-1999-0927 +CVE-1999-0924 +CVE-1999-0922 +CVE-1999-0921 +CVE-1999-0920 +CVE-1999-0918 +CVE-1999-0917 +CVE-1999-0916 +CVE-1999-0915 +CVE-1999-0914 +CVE-1999-0912 +CVE-1999-0909 +CVE-1999-0908 +CVE-1999-0907 +CVE-1999-0906 +CVE-1999-0905 +CVE-1999-0904 +CVE-1999-0903 +CVE-1999-0902 +CVE-1999-0901 +CVE-1999-0900 +CVE-1999-0899 +CVE-1999-0898 +CVE-1999-0897 +CVE-1999-0896 +CVE-1999-0895 +CVE-1999-0894 +CVE-1999-0893 +CVE-1999-0892 +CVE-1999-0891 +CVE-1999-0890 +CVE-1999-0889 +CVE-1999-0888 +CVE-1999-0887 +CVE-1999-0886 +CVE-1999-0884 +CVE-1999-0883 +CVE-1999-0881 +CVE-1999-0880 +CVE-1999-0879 +CVE-1999-0878 +CVE-1999-0877 +CVE-1999-0876 +CVE-1999-0875 +CVE-1999-0874 +CVE-1999-0873 +CVE-1999-0871 +CVE-1999-0870 +CVE-1999-0869 +CVE-1999-0868 +CVE-1999-0867 +CVE-1999-0866 +CVE-1999-0865 +CVE-1999-0864 +CVE-1999-0861 +CVE-1999-0859 +CVE-1999-0858 +CVE-1999-0856 +CVE-1999-0854 +CVE-1999-0853 +CVE-1999-0851 +CVE-1999-0849 +CVE-1999-0848 +CVE-1999-0847 +CVE-1999-0842 +CVE-1999-0839 +CVE-1999-0838 +CVE-1999-0837 +CVE-1999-0836 +CVE-1999-0835 +CVE-1999-0834 +CVE-1999-0833 +CVE-1999-0832 +CVE-1999-0831 +CVE-1999-0826 +CVE-1999-0824 +CVE-1999-0823 +CVE-1999-0820 +CVE-1999-0819 +CVE-1999-0817 +CVE-1999-0815 +CVE-1999-0814 +CVE-1999-0813 +CVE-1999-0812 +CVE-1999-0811 +CVE-1999-0810 +CVE-1999-0809 +CVE-1999-0807 +CVE-1999-0806 +CVE-1999-0804 +CVE-1999-0803 +CVE-1999-0802 +CVE-1999-0801 +CVE-1999-0800 +CVE-1999-0799 +CVE-1999-0797 +CVE-1999-0796 +CVE-1999-0794 +CVE-1999-0793 +CVE-1999-0791 +CVE-1999-0790 +CVE-1999-0789 +CVE-1999-0788 +CVE-1999-0787 +CVE-1999-0786 +CVE-1999-0785 +CVE-1999-0783 +CVE-1999-0782 +CVE-1999-0781 +CVE-1999-0780 +CVE-1999-0779 +CVE-1999-0778 +CVE-1999-0777 +CVE-1999-0775 +CVE-1999-0774 +CVE-1999-0773 +CVE-1999-0772 +CVE-1999-0771 +CVE-1999-0770 +CVE-1999-0769 +CVE-1999-0768 +CVE-1999-0766 +CVE-1999-0765 +CVE-1999-0764 +CVE-1999-0763 +CVE-1999-0762 +CVE-1999-0761 +CVE-1999-0760 +CVE-1999-0759 +CVE-1999-0758 +CVE-1999-0756 +CVE-1999-0755 +CVE-1999-0754 +CVE-1999-0753 +CVE-1999-0752 +CVE-1999-0751 +CVE-1999-0749 +CVE-1999-0747 +CVE-1999-0746 +CVE-1999-0745 +CVE-1999-0744 +CVE-1999-0743 +CVE-1999-0742 +CVE-1999-0740 +CVE-1999-0735 +CVE-1999-0734 +CVE-1999-0733 +CVE-1999-0732 +CVE-1999-0731 +CVE-1999-0730 +CVE-1999-0729 +CVE-1999-0728 +CVE-1999-0727 +CVE-1999-0726 +CVE-1999-0725 +CVE-1999-0724 +CVE-1999-0723 +CVE-1999-0722 +CVE-1999-0721 +CVE-1999-0720 +CVE-1999-0719 +CVE-1999-0718 +CVE-1999-0717 +CVE-1999-0716 +CVE-1999-0715 +CVE-1999-0714 +CVE-1999-0713 +CVE-1999-0711 +CVE-1999-0710 + {DSA-576-1} diff --git a/data/CVE/2002.list b/data/CVE/2002.list new file mode 100644 index 0000000000..22f3535d91 --- /dev/null +++ b/data/CVE/2002.list @@ -0,0 +1,954 @@ +CVE-2002-1574 + NOTE: fixed after 2.6/2.4.20 kernel +CVE-2002-1560 + NOTE: not-for-us (gbook not in Debian) +CVE-2002-1552 + NOTE: not-for-us (novell) +CVE-2002-1550 + NOTE: not-for-us (AIX) +CVE-2002-1549 + NOTE: not-for-us (lhttpd not in Debian) +CVE-2002-1548 + NOTE: not-for-us (AIX) +CVE-2002-1547 + NOTE: not-for-us (Netscreen) +CVE-2002-1543 + NOTE: not-for-us (NetBSD) +CVE-2002-1541 + NOTE: not-for-us (BadBlue not in Debian) +CVE-2002-1540 + NOTE: not-for-us (norton) +CVE-2002-1538 + NOTE: not-for-us (acusend not in Debian) +CVE-2002-1537 + - phpbb2 2.0.6c-1 + NOTE: according to http://www.securityfocus.com/archive/1/297419 + NOTE: phpBB versions above 2.0.0 are not vulnerable. +CVE-2002-1534 + NOTE: Don't know if macromedia flash player is still vulnerable + NOTE: see: http://www.securityfocus.com/archive/1/294206 + TODO: check +CVE-2002-1532 + NOTE: not-for-us (surfcontrol) +CVE-2002-1531 + NOTE: not-for-us (surfcontrol) +CVE-2002-1530 + NOTE: not-for-us (surfcontrol) +CVE-2002-1529 + NOTE: not-for-us (surfcontrol) +CVE-2002-1528 + NOTE: not-for-us (mondosearch) +CVE-2002-1524 + NOTE: not-for-us (winamp) +CVE-2002-1521 + NOTE: not-for-us (webserver 4D) +CVE-2002-1520 + NOTE: not-for-us (WatchGuard) +CVE-2002-1519 + NOTE: not-for-us (WatchGuard) +CVE-2002-1518 + NOTE: not-for-us (IRIX) +CVE-2002-1517 + NOTE: not-for-us (IRIX) +CVE-2002-1516 + NOTE: not-for-us (IRIX) +CVE-2002-1514 + NOTE: not-for-us (interbase) +CVE-2002-1513 + NOTE: not-for-us (OpenVMS) +CVE-2002-1511 + - vnc 3.3.3r2-21 +CVE-2002-1510 + - xfree86 4.1.0-7 +CVE-2002-1509 + NOTE: not-for-us (redhat and mandrake only) +CVE-2002-1505 + NOTE: not-for-us (WoltLab Burning Board not in Debian) +CVE-2002-1502 + NOTE: not-for-us (xbreaky not in Debian) +CVE-2002-1501 + NOTE: not-for-us (Enterasys) +CVE-2002-1497 + NOTE: not-for-us (Null HTTP Server not in Debian) +CVE-2002-1496 + NOTE: not-for-us (Null HTTP Server not in Debian) +CVE-2002-1494 + NOTE: not-for-us (Aestiva) +CVE-2002-1493 + NOTE: not-for-us (Lycos) +CVE-2002-1491 + NOTE: not-for-us (Cisco VPN 5000 Client for MacOS) +CVE-2002-1490 + NOTE: not-for-us (NetBSD) +CVE-2002-1479 + - cacti 0.6.8-1 +CVE-2002-1478 + {DSA-164} + - cacti 0.6.8a-2 +CVE-2002-1477 + {DSA-164} + - cacti 0.6.8a-2 +CVE-2002-1476 + NOTE: not-for-us (NetBSD) +CVE-2002-1472 + - xfree86 4.2.1-1 + NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/ + NOTE: woody is still vulnerable + NOTE: open bug #280872 +CVE-2002-1471 + - evolution 1.2.0-1 + NOTE: woody seems to be still vulnerable + NOTE: open bug #280883 +CVE-2002-1469 + - scponly 3.8-1 + NOTE: according to http://sublimation.org/scponly/ (scponly home page) + NOTE: only versions of scponly older than scponly-2.4 are affected +CVE-2002-1468 + NOTE: not-for-us (AIX) +CVE-2002-1463 + NOTE: not-for-us (symantec) +CVE-2002-1448 + NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products) +CVE-2002-1447 + NOTE: not-for-us (Cisco vpn client for UNIX) +CVE-2002-1446 + NOTE: not-for-us (nCipher PKCS#11 library) +CVE-2002-1443 + NOTE: not-for-us (Google toolbar) +CVE-2002-1438 + NOTE: not-for-us (Perl on Novell) +CVE-2002-1437 + NOTE: not-for-us (Perl on Novell) +CVE-2002-1436 + NOTE: not-for-us (Perl on Novell) +CVE-2002-1435 + NOTE: not-for-us (Achievo not in Debian) +CVE-2002-1430 + NOTE: not-for-us (Sympoll not in Debian) +CVE-2002-1425 + {DSA-141} + - mpack 1.5-9 +CVE-2002-1424 + - mpack 1.5-9 +CVE-2002-1420 + NOTE: not-for-us (OpenBSD) +CVE-2002-1419 + NOTE: not-for-us (IRIX on Origin) +CVE-2002-1418 + NOTE: not-for-us (Novell NetBasic Scripting Server) +CVE-2002-1417 + NOTE: not-for-us (Novell NetBasic Scripting Server) +CVE-2002-1414 + - qmailadmin 1.0.6-1 +CVE-2002-1413 + NOTE: not-for-us (RCONAG6 for Novell Netware SP2) +CVE-2002-1412 + {DSA-138} + - gallery 1.3-3 +CVE-2002-1407 + NOTE: not-for-us (TinySSL not in Debian) +CVE-2002-1405 + {DSA-210} + - lynx 2.8.4.1b-4 +CVE-2002-1403 + {DSA-219} + - dhcpd 1.3.22pl2-2 +CVE-2002-1396 + - php4 4:4.3.2+rc3-1 + NOTE: according to http://www.securityfocus.com/bid/6488 + NOTE: woody is not vulnerable +CVE-2002-1394 + {DSA-225} + - tomcat4 4.1.9-1 +CVE-2002-1392 + - mgetty 1.1.30-1 + NOTE: woody version seems to be vulnerable see bug #199351 +CVE-2002-1391 + - mgetty 1.1.30-1 + NOTE: woody version seems to be vulnerable see bug #199351 +CVE-2002-1390 + {DSA-223} + - geneweb 4.09-1 +CVE-2002-1389 + {DSA-217} + - typespeed 0.4.2-2 +CVE-2002-1388 + {DSA-221} + - mhonarc 2.5.14-1 +CVE-2002-1385 + - openwebmail 1.90-1 +CVE-2002-1384 + {DSA-232 DSA-226 DSA-222} + - xpdf 2.01-2 +CVE-2002-1382 + - flashplugin-nonfree 6.0.69-1 +CVE-2002-1381 + - exim4 4.11-0.0.1 + - exim 3.36-14 +CVE-2002-1380 + {DSA-336} + - kernel-source-2.2.25 +CVE-2002-1377 + - vim 6.1.263-1 + NOTE: woody seems to be still vulnerable + NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003 + NOTE: but no advisory (nor fixed package) have been published yet. + NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this. + NOTE: No response from maintainer, I have mailed security team. + NOTE: Martin Schulze don't consider this as an issue for updating woody. +CVE-2002-1375 + {DSA-212} + - mysql-dfsg 4.0.7.gamma-1 +CVE-2002-1374 + {DSA-212} + - mysql-dfsg 4.0.7.gamma-1 +CVE-2002-1373 + {DSA-212} + - mysql-dfsg 4.0.7.gamma-1 +CVE-2002-1372 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1371 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1369 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1367 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1366 + {DSA-232} + - cupsys 1.1.18-1 +CVE-2002-1365 + {DSA-216} + - fetchmail 6.2.0-1 +CVE-2002-1364 + {DSA-254} + - traceroute-nanog 6.3.0-1 +CVE-2002-1363 + {DSA-213} + - libpng 1.0.12-7 + - libpng3 1.2.5-8 +CVE-2002-1362 + {DSA-211} + - micq 0.4.9.4-1 + NOTE: micq not in sarge +CVE-2002-1361 + NOTE: not-for-us (sun) +CVE-2002-1350 + {DSA-206} + - tcpdump 3.7.1-1.2 +CVE-2002-1349 + NOTE: not-for-us (PC-cillin) +CVE-2002-1348 + {DSA-251 DSA-250 DSA-249} + - w3mmee 0.3.p24.17-3 +CVE-2002-1337 + {DSA-257} + - sendmail 8.13.0.PreAlpha4-0 + NOTE: sendmail-wide not in testing/unstable +CVE-2002-1336 + - tightvnc 1.2.6-1 +CVE-2002-1327 + NOTE: not-for-us (windows) +CVE-2002-1325 + NOTE: not-for-us (windows) +CVE-2002-1323 + {DSA-208} + - perl 5.8.0-14 +CVE-2002-1320 + NOTE: not-for-us (pine not in Debian) +CVE-2002-1319 + NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable) +CVE-2002-1318 + {DSA-200} + - samba 2.99.cvs.20020713-1 +CVE-2002-1317 + NOTE: not-for-us (solaris) +CVE-2002-1313 + {DSA-198} + - nullmailer 1.00RC5-17 +CVE-2002-1311 + {DSA-197} + - courier 0.40.0-1 +CVE-2002-1308 + - mozilla 2:1.2-1 + NOTE: woody is vulnerable see #237422 +CVE-2002-1307 + {DSA-199} + - mhonarc 2.5.13-1 +CVE-2002-1296 + NOTE: not-for-us (Solaris) +CVE-2002-1284 + - kdeutils 4:3.2.1-1 +CVE-2002-1278 + NOTE: Linuxconf not in testing/unstable +CVE-2002-1277 + {DSA-190} + - wmaker 0.80.1-1 +CVE-2002-1272 + NOTE: not-for-us (Alcatel) +CVE-2002-1271 + {DSA-386} + - libmailtools-perl 1.51 +CVE-2002-1270 + NOTE: not-for-us (Mac OS X) +CVE-2002-1268 + NOTE: not-for-us (Mac OS X) +CVE-2002-1267 + NOTE: not-for-us (Mac OS X) +CVE-2002-1266 + NOTE: not-for-us (Mac OS X) +CVE-2002-1265 + NOTE: don't know which version of glibc fix this + NOTE: I've mailed maintainers. + TODO: check +CVE-2002-1264 + NOTE: not-for-us (oracle) +CVE-2002-1260 + NOTE: not-for-us (Microsoft JVM) +CVE-2002-1257 + NOTE: not-for-us (Microsoft JVM) +CVE-2002-1256 + NOTE: not-for-us (Microsoft Windows) +CVE-2002-1255 + NOTE: not-for-us (Microsoft Outlook) +CVE-2002-1253 + NOTE: not-for-us (Abuse 2.00 not in Debian) +CVE-2002-1252 + NOTE: not-for-us (PeopleSoft) +CVE-2002-1251 + {DSA-186} + - log2mail 0.2.6-1 +CVE-2002-1250 + NOTE: not-for-us (Abuse 2.00 not in Debian) +CVE-2002-1248 + NOTE: not-for-us (Xeneo Web Server) +CVE-2002-1245 + {DSA-189} + - luxman 0.41-19 +CVE-2002-1244 + NOTE: not-for-us (Pablo FTP Server) +CVE-2002-1242 + NOTE: not-for-us (PHP-Nuke not in Debian) +CVE-2002-1239 + NOTE: not-for-us (QNX) +CVE-2002-1236 + NOTE: not-for-us (Linksys) +CVE-2002-1232 + {DSA-180} + - nis 3.9-6.2 +CVE-2002-1231 + NOTE: not-for-us (SCO) +CVE-2002-1230 + NOTE: not-for-us (Windows NT) +CVE-2002-1227 + {DSA-177} + - pam 0.76-6 +CVE-2002-1224 + - kdenetwork 4:3.1.0-1 +CVE-2002-1223 + - kdegraphics 4:3.1.0-1 +CVE-2002-1222 + NOTE: not-for-us (CISCO) +CVE-2002-1221 + {DSA-196} + - bind 8.3.3-3 +CVE-2002-1220 + {DSA-196} + - bind 8.3.3-3 +CVE-2002-1219 + {DSA-196} + - bind 8.3.3-3 +CVE-2002-1214 + NOTE: not-for-us (Microsoft) +CVE-2002-1211 + NOTE: not-for-us (Prometheus not in Debian) +CVE-2002-1200 + {DSA-175} + - syslog-ng 1.5.21-1 +CVE-2002-1199 + NOTE: not-for-us (ypxfrd not in Debian) +CVE-2002-1198 + bugzilla 2.16.1-1 + NOTE: woody seems to be vulnerable, bug #282500 +CVE-2002-1197 + bugzilla 2.16.1-1 + NOTE: woody seems to be vulnerable, bug #282501 +CVE-2002-1196 + {DSA-173} + - bugzilla 2.16.0-2.1 +CVE-2002-1195 + {DSA-169} + - php3 3.0.18-23.2 + - php4 4.2.3-3 +CVE-2002-1193 + {DSA-172} + NOTE: tkmail not in testing/unstable +CVE-2002-1189 + NOTE: not-for-us (CISCO) +CVE-2002-1188 + NOTE: not-for-us (Microsoft) +CVE-2002-1187 + NOTE: not-for-us (Microsoft) +CVE-2002-1186 + NOTE: not-for-us (Microsoft) +CVE-2002-1185 + NOTE: not-for-us (Microsoft) +CVE-2002-1184 + NOTE: not-for-us (Microsoft) +CVE-2002-1183 + NOTE: not-for-us (Microsoft) +CVE-2002-1182 + NOTE: not-for-us (Microsoft) +CVE-2002-1180 + NOTE: not-for-us (Microsoft) +CVE-2002-1179 + NOTE: not-for-us (Microsoft) +CVE-2002-1178 + - jetty 4.1.0 +CVE-2002-1170 + - net-snmp 5.0.6 +CVE-2002-1169 + NOTE: not-for-us (IBM Web Traffic Express Caching Proxy Server) +CVE-2002-1160 + NOTE: not-for-us (pam_xauth) +CVE-2002-1159 + {DSA-224} +CVE-2002-1158 + {DSA-224} +CVE-2002-1157 + {DSA-181} +CVE-2002-1156 + - apache2 2.0.43 +CVE-2002-1154 + - analog 2:5.23 +CVE-2002-1153 + NOTE: not-for-us (IBM Websphere) +CVE-2002-1152 + - konqeror 3.03 +CVE-2002-1151 + {DSA-167} +CVE-2002-1148 + {DSA-170} +CVE-2002-1147 + NOTE: not-for-us (HP Procurve 4000M Switch firmware) +CVE-2002-1146 + NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc) + NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind) + - libc6 2.3 + - bind 1:8.3.3 +CVE-2002-1142 + NOTE: not-for-us (Microsoft) +CVE-2002-1141 + NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP) +CVE-2002-1140 + NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP) +CVE-2002-1139 + NOTE: not-for-us (Microsoft) +CVE-2002-1138 + NOTE: not-for-us (Microsoft) +CVE-2002-1137 + NOTE: not-for-us (Microsoft) +CVE-2002-1135 + NOTE: not-for-us (phpWebSite) +CVE-2002-1132 + {DSA-191} +CVE-2002-1126 + - mozilla 1.2 +CVE-2002-1123 + NOTE: not-for-us (Microsoft) +CVE-2002-1122 + NOTE: not-for-us (Microsoft) +CVE-2002-1119 + {DSA-159} +CVE-2002-1118 + NOTE: not-for-us (Oracle) +CVE-2002-1117 + NOTE: not-for-us (Veritas Backup Exec) +CVE-2002-1116 + {DSA-161} +CVE-2002-1113 + {DSA-153} +CVE-2002-1112 + {DSA-153} +CVE-2002-1111 + {DSA-153} +CVE-2002-1109 + NOTE: old amavis shell script +CVE-2002-1108 + NOTE: not-for-us (Cisco) +CVE-2002-1107 + NOTE: not-for-us (Cisco) +CVE-2002-1106 + NOTE: not-for-us (Cisco) +CVE-2002-1105 + NOTE: not-for-us (Cisco) +CVE-2002-1104 + NOTE: not-for-us (Cisco) +CVE-2002-1102 + NOTE: not-for-us (Cisco) +CVE-2002-1099 + NOTE: not-for-us (Cisco) +CVE-2002-1098 + NOTE: not-for-us (Cisco) +CVE-2002-1097 + NOTE: not-for-us (Cisco) +CVE-2002-1096 + NOTE: not-for-us (Cisco) +CVE-2002-1095 + NOTE: not-for-us (Cisco) +CVE-2002-1093 + NOTE: not-for-us (Cisco) +CVE-2002-1092 + NOTE: not-for-us (Cisco) +CVE-2002-1091 + - mozilla 1.0.2 +CVE-2002-1088 + NOTE: not-for-us (Novell GroupWise) +CVE-2002-1081 + NOTE: not-for-us (Abyss Web Server) +CVE-2002-1079 + NOTE: not-for-us (Abyss Web Server) +CVE-2002-1076 + NOTE: not-for-us (Ipswitch IMail) +CVE-2002-1060 + NOTE: not-for-us (CacheFlow CacheOS) +CVE-2002-1059 + NOTE: not-for-us (Van Dyke SecureCRT SSH client) +CVE-2002-1057 + NOTE: not-for-us (SmartMax MailMax POP3 daemon) +CVE-2002-1056 + NOTE: not-for-us (Microsoft) +CVE-2002-1054 + NOTE: not-for-us (Pablo FTP server) +CVE-2002-1053 + NOTE: not-for-us (W3C Jigsaw Proxy Server) +CVE-2002-1051 + {DSA-254} +CVE-2002-1050 + {DSA-148} +CVE-2002-1049 + {DSA-148} +CVE-2002-1046 + NOTE: not-for-us (Watchguard Firebox firmware) +CVE-2002-1039 + - dcl 20020706 +CVE-2002-1035 + NOTE: not-for-us (Omnicron OmniHTTPd) +CVE-2002-1031 + NOTE: not-for-us (KeyFocus (KF) web server) +CVE-2002-1030 + NOTE: not-for-us (BEA WebLogic Server and Express) +CVE-2002-1025 + NOTE: not-for-us (JRun) +CVE-2002-1024 + NOTE: not-for-us (Cisco) +CVE-2002-1015 + NOTE: not-for-us (Real) +CVE-2002-1014 + NOTE: not-for-us (Real) +CVE-2002-1013 + NOTE: not-for-us (Inktomi) +CVE-2002-1006 + NOTE: not-for-us (Betsie) +CVE-2002-1004 + NOTE: not-for-us (ArGoSoft Mail Server) +CVE-2002-1002 + NOTE: not-for-us (Novell) +CVE-2002-1000 + NOTE: not-for-us (AnalogX SimpleServer:Shout) +CVE-2002-0995 + NOTE: not-for-us (PHPAuction) +CVE-2002-0990 + NOTE: not-for-us (Symantec) +CVE-2002-0989 + {DSA-158} +CVE-2002-0988 + NOTE: not-for-us (Xsco) +CVE-2002-0987 + NOTE: not-for-us (Xsco) +CVE-2002-0986 + {DSA-168} +CVE-2002-0985 + {DSA-168} +CVE-2002-0984 + {DSA-156} +CVE-2002-0981 + NOTE: not-for-us (ndcfg) +CVE-2002-0974 + NOTE: not-for-us (Help and Support Center for Windows XP) +CVE-2002-0970 + {DSA-155} +CVE-2002-0969 + NOTE: mysql problem only affects Windows +CVE-2002-0968 + NOTE: not-for-us (AnalogX SimpleServer:WWW) +CVE-2002-0967 + NOTE: not-for-us (eDonkey) +CVE-2002-0965 + NOTE: not-for-us (Oracle) +CVE-2002-0964 + NOTE: not-for-us (Half Life) +CVE-2002-0958 + NOTE: not-for-us PHP(Reactor)) +CVE-2002-0953 + NOTE: not-for-us (PHP Address) +CVE-2002-0952 + NOTE: not-for-us (Cisco) +CVE-2002-0947 + NOTE: not-for-us (Oracle) +CVE-2002-0946 + NOTE: not-for-us (SeaNox Devwex) +CVE-2002-0945 + NOTE: not-for-us (SeaNox Devwex) +CVE-2002-0941 + NOTE: not-for-us (Java on Windows) +CVE-2002-0938 + NOTE: not-for-us (Cisco) +CVE-2002-0935 + - tomcat4 4.1.9-1 +CVE-2002-0916 + - squid 2.4.7 +CVE-2002-0914 + - courier-mta 0.46 +CVE-2002-0911 + NOTE: not-for-us (Caldera Volution Manager) +CVE-2002-0906 + - sendmail 8.12.5 +CVE-2002-0904 + - kismet 2.2.2-1 +CVE-2002-0900 + NOTE: not-for-u (pks) +CVE-2002-0898 + NOTE: not-for-us (Opera) +CVE-2002-0897 + NOTE: not-for-us (LocalWEB2000) +CVE-2002-0895 + NOTE: not-for-us (MatuFtpServer) +CVE-2002-0892 + NOTE: not-fr-us (NewAtlanta ServletExec ISAPI) +CVE-2002-0891 + NOTE: not-for-us (NetScreen ScreenOS) +CVE-2002-0889 + - qpopper 4.0.5-1 +CVE-2002-0887 + NOTE: not-for-us (scoadmin) +CVE-2002-0875 + {DSA-154} +CVE-2002-0873 + {DSA-152} +CVE-2002-0872 + {DSA-152} +CVE-2002-0871 + {DSA-151} +CVE-2002-0867 + NOTE: not-for-us (Microsoft) +CVE-2002-0866 + NOTE: not-for-us (Microsoft) +CVE-2002-0865 + NOTE: not-for-us (Microsoft) +CVE-2002-0864 + NOTE: not-for-us (Microsoft) +CVE-2002-0860 + NOTE: not-for-us (Microsoft) +CVE-2002-0859 + NOTE: not-for-us (Microsoft) +CVE-2002-0856 + NOTE: not-for-us (Oracle) +CVE-2002-0853 + NOTE: not-for-us (Cisco) +CVE-2002-0851 + - isdnutils 3.2 +CVE-2002-0850 + NOTE: not-for-us (PGP corporate desktop) +CVE-2002-0848 + NOTE: not-for-us (Cisco) +CVE-2002-0847 + {DSA-145} +CVE-2002-0846 + - flashplugin-nonfree 6.0.47 +CVE-2002-0845 + NOTE: not-for-us (Sun ONE) +CVE-2002-0844 + - cvs 1:1.11.2 +CVE-2002-0842 + NOTE: mod_dav for apache not vulnerable according to + NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html +CVE-2002-0840 + {DSA-195 DSA-188 DSA-187} +CVE-2002-0836 + {DSA-207} +CVE-2002-0835 + NOTE: not-for-us (RedHat/Intel PXE daemon) + NOTE: this is not the one in Debian +CVE-2002-0831 + NOTE: not-for-us (FreeBSD) +CVE-2002-0830 + NOTE: not-for-us (BSD/NFS) +CVE-2002-0829 + NOTE: not-for-us (FreeBSD) +CVE-2002-0826 + NOTE: not-for-us (WS FTP server) +CVE-2002-0824 + NOTE: not-for-us (BSD/pppd) +CVE-2002-0823 + NOTE: not-for-us (Windows) +CVE-2002-0818 + {DSA-144} +CVE-2002-0817 + {DSA-139} +CVE-2002-0816 + NOTE: not-for-us (HP Tru64) +CVE-2002-0814 + NOTE: not-for-us (VMware) +CVE-2002-0813 + NOTE: not-for-us (Cisco) +CVE-2002-0810 + - bugzilla 2.16.0 +CVE-2002-0809 + - bugzilla 2.16.0 +CVE-2002-0808 + - bugzilla 2.16.0 +CVE-2002-0806 + - bugzilla 2.16.0 +CVE-2002-0805 + - bugzilla 2.16.0 +CVE-2002-0804 + - bugzilla 2.16.0 +CVE-2002-0802 + - postgresql 7.2 +CVE-2002-0801 + NOTE: not-for-us (Macromedia / Windows) +CVE-2002-0795 + NOTE: not-for-us (FreeBSD) +CVE-2002-0794 + NOTE: not-for-us (FreeBSD) +CVE-2002-0790 + NOTE: not-for-us (AIX) +CVE-2002-0789 + - mnogosearch 3.1.19-3 +CVE-2002-0788 + NOTE: not-for-us (windows) +CVE-2002-0785 + NOTE: not-for-us (AOL AIM) +CVE-2002-0778 + NOTE: not-for-us (CISCO) +CVE-2002-0777 + NOTE: not-for-us (Ipswitch not in Debian) +CVE-2002-0776 + NOTE: not-for-us (Hosting Controller 2002) +CVE-2002-0768 + - lukemftp 1.5-7 +CVE-2002-0766 + NOTE: not-for-us (OpenBSD) +CVE-2002-0765 + - openssh 1:3.3p1-0.0woody1 +CVE-2002-0762 + NOTE: not-for-us (SUSE specific) +CVE-2002-0761 + NOTE: not-for-us (FreeBSD and OpenLinux) +CVE-2002-0760 + NOTE: not-for-us (FreeBSD and OpenLinux) +CVE-2002-0759 + NOTE: not-for-us (FreeBSD and OpenLinux) +CVE-2002-0758 + NOTE: not-for-us (SUSE specific) +CVE-2002-0755 + NOTE: not-for-us (FreeBSD) +CVE-2002-0754 + NOTE: not-for-us (FreeBSD) +CVE-2002-0748 + NOTE: not-for-us (Labview) +CVE-2002-0741 + NOTE: not-for-us (psyBNC) +CVE-2002-0738 + {DSA-163} +CVE-2002-0737 + NOTE: not-for-us (Sambar web server) +CVE-2002-0736 + NOTE: not-for-us (Microsoft) +CVE-2002-0734 + NOTE: not-for-us (B2) +CVE-2002-0733 + - thttpd 2.21 +CVE-2002-0729 + NOTE: not-for-us (Microsoft) +CVE-2002-0727 + NOTE: not-for-us (Microsoft) +CVE-2002-0726 + NOTE: not-for-us (Microsoft) +CVE-2002-0722 + NOTE: not-for-us (Microsoft) +CVE-2002-0720 + NOTE: not-for-us (Microsoft) +CVE-2002-0719 + NOTE: not-for-us (Microsoft) +CVE-2002-0718 + NOTE: not-for-us (Microsoft) +CVE-2002-0716 + NOTE: not-for-us (SCO OpenServer) +CVE-2002-0714 + - squid 2.4.6 +CVE-2002-0710 + NOTE: not-for-us (sendform.cgi) +CVE-2002-0704 + NOTE: kernel netfilter bug, not in user space + NOTE: this is fixed in kernel 2.4.20 + TODO: check +CVE-2002-0703 + - perl 5.8.0-7 + NOTE: woody seems to be vulnerable, bug #282527 +CVE-2002-0701 + NOTE: not-for-us (BSD) +CVE-2002-0700 + NOTE: not-for-us (Microsoft) +CVE-2002-0698 + NOTE: not-for-us (Microsoft) +CVE-2002-0697 + NOTE: not-for-us (Microsoft) +CVE-2002-0696 + NOTE: not-for-us (Microsoft) +CVE-2002-0695 + NOTE: not-for-us (Microsoft) +CVE-2002-0694 + NOTE: not-for-us (Microsoft) +CVE-2002-0692 + NOTE: not-for-us (Microsoft) +CVE-2002-0691 + NOTE: not-for-us (Microsoft) +CVE-2002-0688 + {DSA-490} +CVE-2002-0687 + - zope 2.5.1b2 +CVE-2002-0685 + NOTE: not-for-us (PGP Outlook Encryption Plug-In) +CVE-2002-0682 + - tomcat 4.0.4 +CVE-2002-0679 + NOTE: not-for-us (CDE) +CVE-2002-0678 + NOTE: not-for-us (CDE ToolTalk) +CVE-2002-0676 + NOTE: not-for-us (MacOS) +CVE-2002-0674 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0673 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0672 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0671 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0668 + NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone) +CVE-2002-0665 + NOTE: not-for-us (Microsoft) +CVE-2002-0663 + NOTE: not-for-us (Norton) +CVE-2002-0662 + {DSA-160} +CVE-2002-0658 + {DSA-137} +CVE-2002-0653 + TODO: check +STOP: This is apporixmatly where woody was released. +CVE-2002-0651 +CVE-2002-0650 +CVE-2002-0648 +CVE-2002-0647 +CVE-2002-0642 +CVE-2002-0640 +CVE-2002-0639 +CVE-2002-0638 +CVE-2002-0631 +CVE-2002-0630 +CVE-2002-0627 +CVE-2002-0623 +CVE-2002-0622 +CVE-2002-0621 +CVE-2002-0619 +CVE-2002-0618 +CVE-2002-0617 +CVE-2002-0616 +CVE-2002-0615 +CVE-2002-0613 +CVE-2002-0605 +CVE-2002-0601 +CVE-2002-0599 +CVE-2002-0598 +CVE-2002-0597 +CVE-2002-0594 +CVE-2002-0576 +CVE-2002-0575 +CVE-2002-0574 +CVE-2002-0573 +CVE-2002-0571 +CVE-2002-0569 +CVE-2002-0567 +CVE-2002-0553 +CVE-2002-0546 +CVE-2002-0545 +CVE-2002-0543 +CVE-2002-0542 +CVE-2002-0539 +CVE-2002-0538 +CVE-2002-0536 +CVE-2002-0532 +CVE-2002-0531 +CVE-2002-0516 +CVE-2002-0513 +CVE-2002-0512 +CVE-2002-0511 +CVE-2002-0506 +CVE-2002-0505 +CVE-2002-0501 +CVE-2002-0497 +CVE-2002-0495 +CVE-2002-0494 +CVE-2002-0493 +CVE-2002-0490 +CVE-2002-0488 +CVE-2002-0484 +CVE-2002-0473 +CVE-2002-0464 +CVE-2002-0463 +CVE-2002-0462 +CVE-2002-0454 +CVE-2002-0451 +CVE-2002-0445 +CVE-2002-0444 +CVE-2002-0443 +CVE-2002-0442 +CVE-2002-0441 +CVE-2002-0437 +CVE-2002-0435 +CVE-2002-0431 +CVE-2002-0429 + {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} +CVE-2002-0425 +CVE-2002-0424 +CVE-2002-0423 +CVE-2002-0414 +CVE-2002-0412 +CVE-2002-0406 +CVE-2002-0404 +CVE-2002-0403 +CVE-2002-0402 +CVE-2002-0401 +CVE-2002-0400 +CVE-2002-0398 +CVE-2002-0397 +CVE-2002-0396 +CVE-2002-0395 +CVE-2002-0394 +CVE-2002-0392 +CVE-2002-0391 + {DSA-333 DSA-149 DSA-146 DSA-143 DSA-142} +CVE-2002-0389 +CVE-2002-0387 +CVE-2002-0384 +CVE-2002-0382 +CVE-2002-0381 +CVE-2002-0380 + {DSA-255} diff --git a/data/CVE/2003.list b/data/CVE/2003.list new file mode 100644 index 0000000000..9454583c5f --- /dev/null +++ b/data/CVE/2003.list @@ -0,0 +1,199 @@ +CVE-2003-1328 + NOTE: not-for-us (windows) +CVE-2003-1326 + NOTE: not-for-us (windows) +CVE-2003-1022 + {DSA-416} + - fsp 2.81.b18-1 +CVE-2003-0994 + NOTE: not-for-us (norton) +CVE-2003-0993 + - apache 1.3.29.0.2-4 +CVE-2003-0991 + {DSA-436} + - mailman 2.1-1 + NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this. + NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable +CVE-2003-0988 + - kdepim 3.1.5-1 +CVE-2003-0985 + {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} + NOTE: fixed in 2.4.24-rc1 +CVE-2003-0969 + {DSA-411} + - mpg321 0.2.10.3 +CVE-2003-0966 + NOTE: not-for-us (elm) +CVE-2003-0924 + {DSA-426} + - netpbm-free 2:9.25-9 +CVE-2003-0905 + NOTE: not-for-us (microsoft) +CVE-2003-0903 + NOTE: not-for-us (microsoft) +CVE-2003-0825 + NOTE: not-for-us (microsoft) +CVE-2003-0145 + {DSA-261} + - tcpdump 3.7.2-1 +CVE-2003-0143 + {DSA-259} + - qpopper 4.0.4-9 +CVE-2003-0125 + NOTE: not-for-us (SOHO Routefinder) +CVE-2003-0124 + NOTE: not-for-us (man before 1.51) +CVE-2003-0123 + NOTE: not-for-us (lotus notes) +CVE-2003-0122 + NOTE: not-for-us (lotus notes) +CVE-2003-0120 + {DSA-256} + - mhc 0.25+20030224-1 +CVE-2003-0108 + {DSA-255} + - tcpdump 3.7.1-1.2 +CVE-2003-0107 + - zlib 1.1.4-10 +CVE-2003-0104 + NOTE: not-for-us (peopletools) +CVE-2003-0103 + NOTE: not-for-us (nokia handset) +CVE-2003-0102 + {DSA-260} + - file 3.40-1.1 +CVE-2003-0100 + NOTE: not-for-us (cisco) +CVE-2003-0097 + - php4 4.3.2+rc3-1 +CVE-2003-0095 + NOTE: not-for-us (oracle) +CVE-2003-0094 + NOTE: not-for-us (mandrake specific) +CVE-2003-0093 + {DSA-261} + - tcpdump 3.7.1-1 +CVE-2003-0088 + NOTE: not-for-us (macosX) +CVE-2003-0087 + NOTE: not-for-us (AIX) +CVE-2003-0081 + {DSA-258} + - ethereal 0.9.9-2 +CVE-2003-0079 + NOTE: not-for-us (hanterm before 2.0.5) +CVE-2003-0078 + {DSA-253} + - openssl 0.9.7a-1 +CVE-2003-0077 + NOTE: not-for-us (hanterm before 2.0.5) +CVE-2003-0075 + NOTE: not-for-us (blade encoder not in Debian) +CVE-2003-0073 + {DSA-303} + - mysql 4.0.12-2 +CVE-2003-0071 + {DSA-380} + - xfree86 4.2.1-11 +CVE-2003-0070 + - vte 0.11.10-1 +CVE-2003-0069 + - putty 0.54-1 +CVE-2003-0068 + {DSA-496} + - eterm 0.9.2-6 +CVE-2003-0067 + NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. + NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was + NOTE: never vulnerable to the problem described. + NOTE: this CVE is bogus. +CVE-2003-0066 + - rxvt 2.6.4-6.1 + NOTE: woody version are still vulnerable (bug #244810). +CVE-2003-0065 + NOTE: not-for-us (uxterm not in Debian) +CVE-2003-0064 + NOTE: not-for-us (dtterm not in Debian) +CVE-2003-0063 + {DSA-380} + - xfree86 4.2.1-11 +CVE-2003-0062 + NOTE: not-for-us (NOD32 not in Debian) +CVE-2003-0059 + - krb5 1.2.5-1 +CVE-2003-0058 + - krb5 1.2.5-1 +CVE-2003-0055 + NOTE: not-for-us (apple) +CVE-2003-0054 + NOTE: not-for-us (apple) +CVE-2003-0053 + NOTE: not-for-us (apple) +CVE-2003-0052 + NOTE: not-for-us (apple) +CVE-2003-0051 + NOTE: not-for-us (apple) +CVE-2003-0050 + NOTE: not-for-us (apple) +CVE-2003-0045 + NOTE: not-for-us (windows) +CVE-2003-0043 + {DSA-246} + - tomcat 3.3.1a-1 +CVE-2003-0040 + {DSA-247} + - courier-ssl 0.40.2-3 +CVE-2003-0039 + {DSA-245} + - dhcp3 1.1.2-1 +CVE-2003-0033 + {DSA-297} + - snort 2.0.0-1 +CVE-2003-0032 + {DSA-228} + - libmcrypt 2.5.5-1 +CVE-2003-0027 + NOTE: not-for-us (sun) +CVE-2003-0024 + NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. + NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was + NOTE: never vulnerable to the problem described. + NOTE: this CVE is bogus. +CVE-2003-0023 + - rxvt 2.6.4-6.1 +CVE-2003-0022 + - rxvt 2.6.4-6.1 +CVE-2003-0021 + - eterm 0.9.2-1 + NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 + NOTE: this is fixed in eterm 0.9.2 +CVE-2003-0020 + - apache 1.3.29.0.2-4 +CVE-2003-0019 + NOTE: not-for-us (redhat 8.0 only) +CVE-2003-0018 + {DSA-423 DSA-358} + NOTE: fixed after 2.6/2.4.21 kernel +CVE-2003-0017 + NOTE: not-for-us (apache on windows) +CVE-2003-0016 + NOTE: not-for-us (apache on windows) +CVE-2003-0015 + {DSA-233} + - cvs 1.11.2-5.1 +CVE-2003-0013 + {DSA-230} + - bugzilla 2.16.2-1 +CVE-2003-0012 + {DSA-230} + - bugzilla 2.16.2-1 +CVE-2003-0009 + NOTE: not-for-us (windows) +CVE-2003-0007 + NOTE: not-for-us (windows) +CVE-2003-0004 + NOTE: not-for-us (windows) +CVE-2003-0003 + NOTE: not-for-us (windows) +CVE-2003-0002 + NOTE: not-for-us (windows) diff --git a/data/CVE/2004.list b/data/CVE/2004.list new file mode 100644 index 0000000000..65236c1804 --- /dev/null +++ b/data/CVE/2004.list @@ -0,0 +1,160 @@ +CVE-2004-0356 + NOTE: not-for-us (windows mta) +CVE-2004-0347 + NOTE: not-for-us (juniper router) +CVE-2004-0336 + NOTE: not-for-us (windows mta) +CVE-2004-0320 + NOTE: not-for-us (ncipher hardware) +CVE-2004-0309 + NOTE: not-for-us (windows firewall) +CVE-2004-0307 + NOTE: not-for-us (cisco) +CVE-2004-0306 + NOTE: not-for-us (cisco) +CVE-2004-0297 + NOTE: not-for-us (windows mta) +CVE-2004-0276 + NOTE: not-for-us (monkeyd, not in debian) +CVE-2004-0274 + - eggdrop 1.6.17 +CVE-2004-0273 + NOTE: not-for-us (realone player) +CVE-2004-0270 + - libclamav1 0.80 +CVE-2004-0263 + - libapache-mod-php4 4.3.9 +CVE-2004-0261 + NOTE: not-for-us (openjournal, not in debian) +CVE-2004-0257 + NOTE: not-for-us (open/netbsd) +CVE-2004-0256 + - libtool 1.5.6 +CVE-2004-0194 + NOTE: not-for-us (acroread) +CVE-2004-0193 + NOTE: not-for-us (realsecure/blackice) +CVE-2004-0191 + - mozilla-browser 1.7.3 + TODO: test +CVE-2004-0190 + NOTE: not-for-us (symantec) +CVE-2004-0189 + {DSA-474} +CVE-2004-0188 + {DSA-461} +CVE-2004-0186 + {DSA-463} +CVE-2004-0185 + {DSA-457} + - wu-ftpd 2.6.2-17.2 +CVE-2004-0173 + NOTE: not-for-us (apache/cygwin) +CVE-2004-0171 + NOTE: not-for-us (freebsd/os x) +CVE-2004-0169 + NOTE: not-for-us (os x) +CVE-2004-0167 + NOTE: not-for-us (os x) +CVE-2004-0165 + NOTE: not-for-us (os x) +CVE-2004-0160 + {DSA-446} +CVE-2004-0159 + {DSA-447} +CVE-2004-0150 + {DSA-458-2 DSA-458} +CVE-2004-0148 + {DSA-457} + - wu-ftpd 2.6.2-17.2 +CVE-2004-0131 + NOTE: not-for-us (gnu radiusd, not in debian) +CVE-2004-0129 + - phpmyadmin 2.6.0-pl2 +CVE-2004-0128 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0126 + NOTE: not-for-us (freebsd) +CVE-2004-0122 + NOTE: not-for-us (microsoft) +CVE-2004-0121 + NOTE: not-for-us (microsoft) +CVE-2004-0115 + NOTE: not-for-us (microsoft) +CVE-2004-0114 + NOTE: not-for-us (bsd) +CVE-2004-0113 + - apache2 2.0.52 +CVE-2004-0111 + {DSA-464} +CVE-2004-0108 + {DSA-460} +CVE-2004-0099 + NOTE: not-for-us (freebsd) +CVE-2004-0096 + - libapache-mod-python 2:2.7.10 +CVE-2004-0095 + NOTE: not-for-us (mcafee) +CVE-2004-0094 + {DSA-443} +CVE-2004-0093 + {DSA-443} +CVE-2004-0089 + NOTE: not-for-us (os x) +CVE-2004-0082 + - samba 3.0.7 + TODO: test +CVE-2004-0080 + NOTE: not-for-us (debian uses different login) +CVE-2004-0078 + - mutt 1.5.6-20040722+1 + TODO: test +CVE-2004-0077 + {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438} +CVE-2004-0075 + - kernel-source-2.4.24 2.4.24-3 + TODO: test +CVE-2004-0070 + NOTE: not-for-us (ezcontents, commercial) +CVE-2004-0068 + NOTE: not-for-us (phpdig, not in debian) +CVE-2004-0063 + NOTE: not-for-us (ncipher hsm) +CVE-2004-0049 + NOTE: not-for-us (real helix) +CVE-2004-0045 + - inn2 2.4.1+20040820 + TODO: test +CVE-2004-0044 + NOTE: not-for-us (cisco) +CVE-2004-0040 + NOTE: not-for-us (checkpoint) +CVE-2004-0036 + NOTE: not-for-us (vbulletin, commercial) +CVE-2004-0035 + NOTE: not-for-us (phorum, not in debian) +CVE-2004-0033 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0032 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0031 + NOTE: not-for-us (phpgedview, not in debian) +CVE-2004-0028 + {DSA-420} +CVE-2004-0016 + {DSA-419} +CVE-2004-0015 + {DSA-418} +CVE-2004-0013 + {DSA-414} +CVE-2004-0011 + {DSA-416} +CVE-2004-0009 + - apache-ssl 1.3.31 + TODO: test +CVE-2004-0004 + NOTE: not-for-us (openca, not in debian) +CVE-2004-0001 + kernel-image-2.6.8-9-amd64-generic + HELP: what version? + TODO: test? diff --git a/data/CVE/Makefile b/data/CVE/Makefile new file mode 100644 index 0000000000..a31360f038 --- /dev/null +++ b/data/CVE/Makefile @@ -0,0 +1,5 @@ +update: + rm -f full-cve.html + wget --quiet http://www.cve.mitre.org/cve/downloads/full-cve.html + ../updatelist full-cve.html ../DSA/list list > list.new + mv -f list.new list diff --git a/data/DSA/list b/data/DSA/list new file mode 100644 index 0000000000..45fd8af8e2 --- /dev/null +++ b/data/DSA/list @@ -0,0 +1,2037 @@ +[03 Jun 2005] DSA-732-1 mailutils - several + {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523} + - mailutils 0.6.1-4 + NOTE: fixed in testing in time of DSA +[02 Jun 2005] DSA-731-1 krb4 - buffer overflows + {CAN-2005-0468 CAN-2005-0468} + - krb4 1.2.2-11.2 + NOTE: fixed in testing in time of DSA +[27 May 2005] DSA-730-1 bzip2 - race condition + {CAN-2005-0953} + - bzip2 1.0.2-6 + NOTE: fixed in testing in time of DSA +[26 May 2005] DSA-729-1 php4 - missing input sanitising + {CAN-2005-0525} + - php4 4.3.10-10 + NOTE: fixed in testing in time of DSA +[25 May 2005] DSA-728-1 qpopper - missing privilege release + {CAN-2005-1151 CAN-2005-1152} + - qpopper 4.0.5-4sarge1 + NOTE: fixed in testing in time of DSA by security team +[20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow + {CAN-2005-1349} + - libconvert-uulib-perl 1.0.5.1-1 + NOTE: fixed in testing in time of DSA +[20 May 2005] DSA-726-1 oops - format string vulnerability + {CAN-2005-1121} + - oops (unfixed; bug #307360) + NOTE: not in testing in time of DSA +[19 May 2005] DSA-725-1 ppxp - missing privilege release + {CAN-2005-0392} + - ppxp 0.2001080415-11 + NOTE: not fixed in testing in time of DSA +[18 May 2005] DSA-724-1 phpsysinfo - design flaw + {CAN-2005-0870} + - phpsysinfo 2.3-3 + NOTE: fixed in testing in time of DSA +[09 May 2005] DSA-723-1 xfree86 - buffer overflow + {CAN-2005-0605} + - xfree86 4.3.0.dfsg.1-13 + NOTE: not fixed in testing in time of DSA +[09 May 2005] DSA-722-1 smail - buffer overflow + {CAN-2005-0892} + NOTE: Package not in testing at time of DSA +[06 May 2005] DSA-721-1 squid - design flaw + {CAN-2005-1345} + - squid 2.5.9-7 + NOTE: not fixed in testing in time of DSA +[03 May 2005] DSA-720-1 smartlist - wrong input processing + {CAN-2005-0157} + - smartlist 3.15-18 + NOTE: fixed in testing in time of DSA +[28 Apr 2005] DSA-719-1 prozilla - format string problems + {CAN-2005-0523} + - prozilla 1:1.3.7.4-1 + NOTE: fixed in testing in time of DSA +[28 Apr 2005] DSA-718-1 ethereal - buffer overflow + {CAN-2005-0739} + - ethereal 0.10.10-1 + NOTE: fixed in testing in time of DSA +[27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo + {CAN-2003-0826 CAN-2005-0814} + - lsh-utils 2.0.1-2 + NOTE: fixed in testing in time of DSA +[27 Apr 2005] DSA-716-1 gaim - denial of service + {CAN-2005-0472} + - gaim 1.1.3-1 + NOTE: fixed in testing in time of DSA +[27 Apr 2005] DSA-715-1 cvs - several + {CAN-2004-1342 CAN-2004-1343} + - cvs 1.12.9-12 + NOTE: not fixed in testing in time of DSA +[26 Apr 2005] DSA-714-1 kdelibs - several + {CAN-2005-1046} + - kdelibs 4:3.3.2-5 + NOTE: not fixed in testing at time of DSA +[21 Apr 2005] DSA-701-2 samba - integer overflows + NOTE: only a bug in the backported fix to stable, testing is ok +[21 Apr 2005] DSA-713-1 junkbuster - several + {CAN-2005-1108 CAN-2005-1109} + NOTE: package not in testing/unstable +[19 Apr 2005] DSA-712-1 geneweb - insecure file operations + {CAN-2005-0391} + - geneweb 4.10-7 + NOTE: fixed in testing at time of DSA +[19 Apr 2005] DSA-711-1 info2www - missing input sanitising + {CAN-2004-1341} + - info2www 1.2.2.9-23 + NOTE: fixed in testing in time of DSA +[18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference + {CAN-2003-0541} + - gtkhtml 1.0.4-6.2 + NOTE: fixed in testing at time of DSA +[15 Apr 2005] DSA-709-1 libexif - buffer overflow + {CAN-2005-0664} + - libexif 0.6.9-5 +[15 Apr 2005] DSA-708-1 php3 - missing input sanitising + {CAN-2005-0525} + - php3 3.0.18-31 +[13 Apr 2005] DSA-707-1 mysql - several + {CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711} + - mysql-dfsg 4.0.24-5 + - mysql-dfsg-4.1 4.1.10a-6 + NOTE: not fixed in testing at time of DSA +[13 Apr 2005] DSA-706-1 axel - buffer overflow + {CAN-2005-0390} + - axel 1.0b-1 + NOTE: fixed in testing in time of DSA +[04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising + {CAN-2005-0256 CAN-2003-0854} + - wu-ftpd 2.6.2-19 +[04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising + {CAN-2005-0387 CAN-2005-0388} + - remstats 1.0.13a-5 + NOTE: not fixed in testing at time of DSA +[01 Apr 2005] DSA-703-1 krb5 - buffer overflows + {CAN-2005-0468 CAN-2005-0469} + - krb5 1.3.6-1 +[01 Apr 2005] DSA-702-1 imagemagick - several + {CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762} + - imagemagick 6.0.6.2-2.2 +[31 Mar 2005] DSA-701-1 samba - integer overflows + {CAN-2004-1154} + - samba 3.0.10-1 +[30 Mar 2005] DSA-700-1 mailreader - missing input sanitising + {CAN-2005-0386} + - mailreader 2.3.29-11 + NOTE: not fixed in testing at time of DSA +[29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow + {CAN-2005-0469} + - netkit-telnet-ssl 0.17.24+0.1-7.1 + NOTE: not fixed in testing at time of DSA +[29 Mar 2005] DSA-698-1 mc - buffer overflow + {CAN-2005-0763} + NOTE: Not clear which unstable/testing version fixed this, + NOTE: but advisory says it's fixed. +[29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow + {CAN-2005-0469} + - netkit-telnet 0.17-28 + NOTE: not fixed in testing at time of DSA +[22 Mar 2005] DSA-696-1 perl - design flaw + {CAN-2005-0448} + - perl 5.8.4-8 + NOTE: fixed in testing at time of DSA +[21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow + {CAN-2001-0775 CAN-2005-0638 CAN-2005-0639} + - xli 1.17.0-18 + NOTE: not fixed in testing at time of DSA +[21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow + {CAN-2005-0638 CAN-2005-0639} + - xloadimage 4.1-14.2 + NOTE: not fixed in testing at time of DSA +[14 Mar 2005] DSA-693-1 luxman - buffer overflow + {CAN-2005-0385} + NOTE: not fixed in testing at time of DSA + NOTE: not in unstable at time of DSA though DSA claimed it was + - luxman 0.41-20 +[14 Mar 2005] DSA-662-2 squirrelmail - several + NOTE: only an update to a prior DSA, did not affct sid/sarge. +[08 Mar 2005] DSA-692-1 kppp - design flaw + {CAN-2005-0205} + - kppp 4:3.1.6 + NOTE: fixed in testing at time of DSA +[07 Mar 2005] DSA-691-1 abuse - several + {CAN-2005-0098 CAN-2005-0099} + NOTE: not in unstable/testing +[25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising + {CAN-2005-0107} + - bsmtpd 2.3pl8b-16 + NOTE: not fixed in testing at time of DSA +[23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising + {CAN-2005-0088} + - libapache-mod-python 2.7.10-4 + NOTE: fixed in testing at time of DSA + - libapache2-mod-python 3.1.3-3 + NOTE: fixed in testing at time of DSA +[23 Feb 2005] DSA-688-1 squid - mising input sanitising + {CAN-2005-0446} + - squid 2.5.8-3 + NOTE: fixed in testing at time of DSA +[21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal + NOTE: only fixed bug in DSA +[18 Feb 2005] DSA-687-1 bidwatcher - format string + {CAN-2005-0158} + - bidwatcher 1.3.17-1 + NOTE: not fixed in testing at time of DSA +[17 Feb 2005] DSA-686-1 gftp - missing input sanitising + {CAN-2005-0372} + - gftp 2.0.18-1 + NOTE: not fixed in testing at time of DSA +[17 Feb 2005] DSA-685-1 emacs21 - format string + {CAN-2005-0100} + - emacs21 21.3+1-9 + NOTE: not fixed in testing at time of DSA +[16 Feb 2005] DSA-684-1 typespeed - format string + {CAN-2005-0105} + - typespeed 0.4.4-8 + NOTE: not fixed in testing at time of DSA +[15 Feb 2005] DSA-683-1 postgresql - buffer overflows + {CAN-2005-0245 CAN-2005-0247} + - postgresql 7.4.7-2 + NOTE: fixed in testing at time of DSA +[15 Feb 2005] DSA-682-1 awstats - missing input sanitising + {CAN-2005-0363} + - awstats 6.2-1.2 + NOTE: not fixed in testing at time of DSA +[14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation + {CAN-2005-0070} + NOTE: does not apply for sarge, program is not setuid anymore +[14 Feb 2005] DSA-680-1 htdig - unsanitised input + {CAN-2005-0085} + - htdig 3.1.6-11 + NOTE: fixed in testing at time of DSA +[14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files + {CAN-2005-0159} + - toolchain-source 3.4-5 + NOTE: not fixed in testing at time of DSA +[11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation + {CAN-2004-1180} + - netkit-rwho 0.17-8 + NOTE: not fixed in testing at time of DSA +[11 Feb 2005] DSA-677-1 sympa - buffer overflow + {CAN-2005-0073} + - sympa 4.1.2-2.1 + NOTE: not fixed in testing at time of DSA +[11 Feb 2005] DSA-676-1 xpcd - buffer overflow + {CAN-2005-0074} + - xpcd 2.08-11.1 + NOTE: not fixed in testing at time of DSA +[11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal + NOTE: only fixed bug in DSA +[10 Feb 2005] DSA-675-1 hztty - privilege escalation + {CAN-2005-0019} + - hztty 2.0-6.1 + NOTE: not fixed in testing at time of DSA +[10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal + {CAN-2004-1177} + - mailman 2.1.5-5 + NOTE: fixed in testing at time of DSA + {CAN-2005-0202} + - mailman 2.1.5-6 + NOTE: not fixed in testing at time of DSA +[10 Feb 2005] DSA-673-1 evolution - integer overflow + {CAN-2005-0102} + - evolution 2.0.3-1.2 + NOTE: fixed in testing at time of DSA +[09 Feb 2005] DSA-672-1 xview - buffer overflows + {CAN-2005-0076} + - xview 3.2p1.4-19 + NOTE: not fixed in testing at time of DSA +[08 Feb 2005] DSA-671-1 xemacs21 - format string + {CAN-2005-0100} + NOTE: not fixed in testing at time of DSA + - xemacs21 21.4.16-2 +[08 Feb 2005] DSA-670-1 emacs20 - format string + {CAN-2005-0100} + NOTE: also affects emacs21 in unstable, fixed +[04 Feb 2005] DSA-689-1 php3 - several + {CAN-2004-0594 CAN-2004-0595} + - php3 3.0.18-27 + NOTE: fixed in testing at time of DSA +[04 Feb 2005] DSA-668-1 postgresql - privilege escalation + {CAN-2005-0227} + - postgresql 7.4.7-1 + NOTE: not fixed in testing at time of DSA +[04 Feb 2005] DSA-667-1 squid - several + {CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211} + - squid 2.5.7-7 + NOTE: not fixed in testing at time of DSA +[04 Feb 2005] DSA-666-1 python2.2 - design flaw + {CAN-2005-0089} + - python2.2 2.2.3-14 + - python2.3 2.3.4-20 + - python2.4 2.4-5 + NOTE: not fixed in testing at time of DSA +[04 Feb 2005] DSA-665-1 ncpfs - missing privilege release + {CAN-2005-0013} + - ncpfs 2.2.6-1 + NOTE: not fixed in testing at time of DSA +[02 Feb 2005] DSA-664-1 cpio - broken file permissions + {CAN-1999-1572} + - cpio 2.5-1.2 + NOTE: not fixed in testing at time of DSA +[02 Feb 2005] DSA-663-1 prozilla - buffer overflows + {CAN-2004-1120} + - prozilla 1.3.7.3-1 + NOTE: fixed in testing at time of DSA +[01 Feb 2005] DSA-662-1 squirrelmail - several + {CAN-2005-0104 CAN-2005-0152} + NOTE: CAN-2005-0152 only exists in 1.2.6 version + - squirrelmail 1.4.4 + NOTE: fixed in testing at time of DSA +[20 Apr 2005] DSA-661-2 f2c - insecure temporary files + {CAN-2005-0017 CAN-2005-0018} + - f2c 20020621-3.3 + NOTE: not fixed in testing at time of DSA +[26 Jan 2005] DSA-660-1 kdebase - missing return value check + {CAN-2005-0078} + - kdebase 4:3.0.5 + NOTE: fixed in testing at time of DSA +[26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow + {CAN-2004-1340 CAN-2005-0108} + - libpam-radius-auth 1.3.16-3 + NOTE: 1/2 fixed in testing at time of DSA +[25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file + {CAN-2005-0077} + - libdbi-perl 1.46-6 + NOTE: not fixed in testing at time of DSA +[25 Jan 2005] DSA-657-1 xine-lib - buffer overflow + {CAN-2004-1379} + - xine-lib 1-rc6a-1 + NOTE: fixed in testing at time of DSA +[25 Jan 2005] DSA-656-1 vdr - insecure file access + {CAN-2005-0071} + - vdr 1.2.6-6 + NOTE: not fixed in testing at time of DSA +[25 Jan 2005] DSA-655-1 zhcon - missing privilege release + {CAN-2005-0072} + - zhcon 1:0.2.3-8.1 + NOTE: not fixed in testing at time of DSA +[21 Jan 2005] DSA-654-1 enscript - several + {CAN-2004-1184 CAN-2004-1185 CAN-2004-1186} + - enscript 1.6.4-6 + NOTE: not fixed in testing at time of DSA +[21 Jan 2005] DSA-653-1 ethereal - buffer overflow + {CAN-2005-0084} + - ethereal 0.10.9-1 + NOTE: not fixed in testing at time of DSA +[21 Jan 2005] DSA-652-1 unarj + {CAN-2004-0947 CAN-2004-1027} + NOTE: not-for-us (unarj) +[20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow + {CAN-2005-0094 CAN-2005-0095} + - squid 2.5.7-4 + NOTE: not fixed in testing at time of DSA +[20 Jan 2005] DSA-650-1 sword - missing input sanitising + {CAN-2005-0015} + - sword 1.5.7-7 + NOTE: not fixed in testing at time of DSA +[20 Jan 2005] DSA-649-1 xtrlock - buffer overflow + {CAN-2005-0079} + - xtrlock 2.0-9 + NOTE: fixed in testing at time of DSA +[19 Jan 2005] DSA-648-1 xpdf - buffer overflow + {CAN-2005-0064} + - xpdf 3.00-12 + NOTE: not fixed in testing at time of DSA +[19 Jan 2005] DSA-647-1 mysql - insecure temporary files + {CAN-2005-0004} + - mysql-dfsg 4.0.23-3 + - mysql-dfsg-4.1 4.1.8a-6 + NOTE: not fixed in testing at time of DSA +[19 Jan 2005] DSA-646-1 imagemagick - buffer overflow + {CAN-2005-0005} + - imagemagick 6.0.6.2-2 + NOTE: not fixed in testing at time of DSA +[19 Jan 2005] DSA-645-1 cupsys - buffer overflow + {CAN-2005-0064} + NOTE: cupsys not affected in sarge, though other programs are vulnerable + NOTE: see CAN/list + NOTE: not fixed in testing at time of DSA +[18 Jan 2005] DSA-644-1 chbg - buffer overflow + {CAN-2004-1264} + - chbg 1.5-4 + NOTE: fixed in testing at time of DSA +[18 Jan 2005] DSA-643-1 queue - buffer overflows + {CAN-2004-0555} + - queue 1.30.1-5 + NOTE: not fixed in testing at time of DSA +[17 Jan 2005] DSA-642-1 gallery - several + {CAN-2004-1106} + - gallery 1.4.4-pl4-1 + NOTE: fixed in testing at time of DSA +[17 Jan 2005] DSA-641-1 playmidi - buffer overflow + {CAN-2005-0020} + - playmidi 2.4debian-3 + NOTE: not fixed in testing at time of DSA +[17 Jan 2005] DSA-640-1 gatos - buffer overflow + {CAN-2005-0016} + - gatos 0.0.5-15 + NOTE: not fixed in testing at time of DSA +[14 Jan 2005] DSA-639-1 mc - several + {CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176} + NOTE: unstable not vulnerable according to DSA + NOTE: DSA was wrong.. + - mc 1:4.6.0-4.6.1-pre3-1 + NOTE: not fixed in testing at time of DSA +[13 Jan 2005] DSA-638-1 gopher - several + {CAN-2004-0560 CAN-2004-0561} + NOTE: not in sarge +[13 Jan 2005] DSA-637-1 exim-tls - buffer overflow + {CAN-2005-0021} + NOTE: not in sarge +[12 Jan 2005] DSA-636-1 glibc - insecure temporary files + {CAN-2004-0968} + - glibc 2.3.2.ds1-20 + NOTE: fixed in testing at time of DSA +[12 Jan 2005] DSA-635-1 exim - buffer overflow + {CAN-2005-0021} + - exim4 4.34-10 + NOTE: fixed in testing at time of DSA + - exim 3.36-13 + NOTE: not fixed in testing at time of DSA +[11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation + {CAN-2004-1182} + - hylafax 4.2.1-1 + NOTE: fixed in testing at time of DSA +[11 Jan 2005] DSA-633-1 bmv - insecure temporary file + {CAN-2003-0014} + - bmv 1.2-17 + NOTE: fixed in testing at time of DSA +[10 Jan 2005] DSA-632-1 linpopup - buffer overflow + {CAN-2004-1282} + - linpopup 1.2.0-7 + NOTE: fixed in testing at time of DSA +[10 Jan 2005] DSA-631-1 kdelibs - unsanitised input + {CAN-2004-1165} + - kdelibs 4:3.3.2-1 + NOTE: not fixed in testing at time of DSA +[10 Jan 2005] DSA-630-1 lintian - insecure temporary directory + {CAN-2004-1000} + - lintian 1.23.6 + NOTE: not fixed in testing at time of DSA +[07 Jan 2005] DSA-629-1 krb5 - buffer overflow + {CAN-2004-1189} + - krb5 1.3.6-1 + NOTE: not fixed in testing at time of DSA +[06 Jan 2005] DSA-628-1 imlib2 - integer overflows + {CAN-2004-1026} + - imlib2 1.1.2-2.1 + NOTE: not fixed in testing at time of DSA +[06 Jan 2005] DSA-627-1 namazu2 - unsanitised input + {CAN-2004-1318} + - namazu2 2.0.14-1 + NOTE: not fixed in testing at time of DSA +[06 Jan 2005] DSA-626-1 tiff - unsanitised input + {CAN-2004-1183} + - libtiff4 3.6.1-5 + NOTE: not fixed in testing at time of DSA +[05 Jan 2005] DSA-625-1 pcal - buffer overflows + {CAN-2004-1289} + - pcal 4.8.0-1 + NOTE: not fixed in testing at time of DSA +[05 Jan 2005] DSA-624-1 zip - buffer overflow + {CAN-2004-1010} + - zip 2.30-8 + NOTE: fixed in testing at time of DSA +[04 Jan 2005] DSA-623-1 nasm - buffer overflow + {CAN-2004-1287} + - nasm 0.98.38-1.1 +[03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files + {CAN-2004-1181} + NOTE: not in unstable +[31 Dec 2004] DSA-621-1 cupsys - buffer overflow + {CAN-2004-1125} + - cupsys 1.1.22-2 +[30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories + {CAN-2004-0452 CAN-2004-0976} + - perl 5.8.4-5 +[30 Dev 2004] DSA-619-1 xpdf - buffer overflow + {CAN-2004-1125} + - xpdf 3.00-11 +[24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows + {CAN-2004-1025 CAN-2004-1026} + - imlib 1.9.14-17.1 + - imlib-png2 1.9.14-16.1 +[24 Dec 2004] DSA-617-1 libtiff - insufficient input validation + {CAN-2004-1308} + - libtiff4 3.6.1-4 +[23 Dec 2004] DSA-616-1 telnetd-ssl - format string + {CAN-2004-0998} + - telnetd-ssl 0.17.24+0.1-6 +[22 Dec 2004] DSA-615-1 debmake - insecure temporary file + {CAN-2004-1179} + - debmake 3.7.7 +[21 Dec 2004] DSA-614-1 xzgv - integer overflows + {CAN-2004-0994} + - xzgv 0.8-3 +[21 Dec 2004] DSA-613-1 ethereal - inifinite loop + {CAN-2004-114} + - ethereal 0.10.8-1 +[21 Dec 2004] DSA-614-1 xzgv - integer overflows + {CAN-2004-0994} + - xzgv 0.8-3 +[20 Dec 2004] DSA-612-1 a2ps - unsanitised input + {CAN-2004-1170} + - a2ps 4.13b-4.2 +[20 Dec 2004] DSA-611-1 htget - buffer overflow + {CAN-2004-0852} + NOTE: htget not in sarge or unstable +[17 Dec 2004] DSA-610-1 cscope - insecure temporary file + {CAN-2004-0996} + - cscope 15.5-1 +[14 Dec 2004] DSA-609-1 atari800 - buffer overflows + {CAN-2004-1076} + - atari800 1.3.2-1 +[14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input + {CAN-2004-1095 CAN-2004-0999} + - zgv 5.7-1.3 + NOTE: changelog says he only patched 1095, but diff comparison + NOTE: shows 0999 was also fixed. +[10 Dec 2004] DSA-607-1 xfree86 - several + {CAN-2004-0914} + - xfree86 4.3.0.dfsg.1-9 +[08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler + {CAN-2004-1014} + - nfs-utils 1:1.0.6-3.1 +[06 Dec 2004] DSA-605-1 viewcvs - settings not honored + {CAN-2004-0915} + - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 +[03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising + {CAN-2004-0993} + - hpsockd 0.14 +[01 Dec 2004] DSA-603-1 openssl - insecure temporary file + {CAN-2004-0975} + - openssl 0.9.7e-3 +[29 Nov 2004] DSA-602-1 libgd2 - integer overlow + {CAN-2004-0941 CAN-2004-0990} + NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new + - libgd2 2.0.33-1.1 +[29 Nov 2004] DSA-601-1 libgd1 - integer overflow + {CAN-2004-0941 CAN-2004-0990} + NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new + - libgd 1.8.4-36.1 +[25 Nov 2004] DSA-599-1 tetex-bin - integer overflows + {CAN-2004-0888} + - tetex-bin 2.0.2-23 +[25 Nov 2004] DSA-598-1 yardradius - buffer overflow + {CAN-2004-0987} + - yardradius 1.0.20-15 +[25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow + {CAN-2004-1012 CAN-2004-1013} + - cyrus21-imapd 2.1.17-1 +[24 Nov 2004] DSA-596-2 sudo - missing input sanitising + {CAN-2004-1051} + - sudo 1.6.8p3-1 +[24 Nov 2004] DSA-596-1 sudo - missing input sanitising + {CAN-2004-1051} + - sudo 1.6.8p3-1 +[24 Nov 2004] DSA-595-1 bnc - buffer overflow + {CAN-2004-1052} + NOTE: package not in sarge or sid +[17 Nov 2004] DSA-594-1 apache - buffer overflows + {CAN-2004-0940} + - apache 1.3.33-2 +[16 Nov 2004] DSA-593-1 imagemagick - buffer overflow + {CAN-2004-0981} + - imagemagick 6:6.0.6.2-1.5 +[12 Nov 2004] DSA-592-1 ez-ipupdate - format string + {CAN-2004-0980} + - ez-ipupdate 3.0.11b8-8 +[09 Nov 2004] DSA-591-1 libgd2 - integer overflows + {CAN-2004-0990} + - libgd2 2.0.30-1 +[09 Nov 2004] DSA-590-1 gnats - format string vulnerability + {CAN-2004-0623} + NOTE: DSA got version of fix for unstable wrong + - gnats 4.0-6.1 +[09 Nov 2004] DSA-589-1 libgd - integer overflows + {CAN-2004-0990} + - libgd1 1.8.4-36.1 +[08 Nov 2004] DSA-588-1 gzip - insecure temporary files + {CAN-2004-0970} + NOTE: dsa says sid not affected +[08 Nov 2004] DSA-587-1 freeamp - buffer overflow + {CAN-2004-0964} + NOTE: DSA says zinf not vulnerable in sarge +[08 Nov 2004] DSA-586-1 ruby - infinite loop + {CAN-2004-0983} + - ruby1.6 1.6.8-12 + - ruby1.8 1.8.1+1.8.2pre2-4 +[05 Nov 2004] DSA-585-1 shadow - programming error + {CAN-2004-1001} + - shadow 1:4.0.3-30.3 +[04 Nov 2004] DSA-584-1 dhcp - format string vulnerability + {CAN-2004-1006} + - dhcp 2.0pl5-19.1 +[03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory + {CAN-2004-0972} +[02 Nov 2004] DSA-582-1 libxml - buffer overflow + {CAN-2004-0989} + - libxml 1.8.17-9 + - libxml2 2.6.11-5 +[01 Nov 2004] DSA-581-1 xpdf - integer overflows + {CAN-2004-0888} + - xpdf 3.00-9 +[01 Nov 2004] DSA-580-1 iptables - missing initialisation + {CAN-2004-0986} + - iptables 1.2.11-4 +[01 Nov 2004] DSA-579-1 abiword - buffer overflow + {CAN-2004-0645} + NOTE: according to DSA, sid's abiword is not affected. sarge is same +[01 Nov 2004] DSA-578-1 mpg123 - buffer overflow + {CAN-2004-0982} + - mpg123 0.59r-17 +[29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability + {CAN-2004-0977} + - postgresql 7.4.6-1 +[29 Oct 2004] DSA-576-1 squid - multiple + {CVE-1999-0710 CAN-2004-0918} + - squid 2.5.7-1 +[28 Oct 2004] DSA-575-1 catdoc - insecure temporary file + {CAN-2003-0193} + - catdoc 0.91.5-2 +[28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising + {CAN-2004-0916} + - cabextract 1.1-1 +[21 Oct 2004] DSA-573-1 cupsys - integer overflows + {CAN-2004-0888} + - cupsys 1.1.20final+rc1-10 + {CAN-2004-0889} + - xpdf 3.00-10 + NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference + - kpdf 4:3.3.1-1 + - gpdf 2.8.0-1 + - kfax 4:3.3.1-1 +[21 Oct 2004] DSA-572-1 ecartis - multiple + {CAN-2004-0913} + - ecartis 1.0.0+cvs.20030911-8 +[20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow + {CAN-2004-0955} + - libpng3 1.2.5.0-9 +[20 Oct 2004] DSA-570-1 libpng - integer overflow + {CAN-2004-0955} + - libpng 1.0.15-8 +[18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3) + {CAN-2004-0911} + - netkit-telnet-ssl 0.17.24+0.1-4 +[16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input + {CAN-2004-0884} + NOTE removed from testing + NOTE maintainer reports hole not in cyrus-sasl2-mit +[15 Oct 2004] DSA-567-1 tiff - heap overflows + {CAN-2004-0803 CAN-2004-0804 CAN-2004-0886} + - tiff 3.6.1-2 + - tiff3g 3.6.1-2 +[14 Oct 2004] DSA-566-1 cupsys - unsanitised input + {CAN-2004-0923} + - cupsys 1.1.20final+rc1-9 +[13 Oct 2004] DSA-565-1 sox - buffer overflows + {CAN-2004-0557} + - sox 12.17.4-9 +[13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising + {CAN-2004-0805} + - mpg123 0.59r-16 +[12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input + {CAN-2004-0884} + - cyrus-sasl 1.5.28-6.2 + - cyrus-sasl2 2.1.19-1.3 +[11 Oct 2004] DSA-562-2 mysql - several vulnerabilities + {CAN-2004-0835 CAN-2004-0836 CAN-2004-0837} + - mysql 4.0.21-1 +[11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows + {CAN-2004-0687 CAN-2004-0688} + - xfree86 4.3.0.dfsg.1-8 +[07 Oct 2004] DSA-600-1 samba - arbitrary file access + {CAN-2004-0815} + NOTE: not affected according to DSA +[07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows + {CAN-2004-0687 CAN-2004-0688} + - lesstif1-1 0.93.94-10 +[06 Oct 2004] DSA-559-1 net-acct - insecure temporary file + {CAN-2004-0851} + - net-acct 0.71-7 +[06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference + {CAN-2004-0809} + - libapache-mod-dav 1.0.3-10 + - apache2 2.0.51-1 +[04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping + {CAN-2004-0564} + - pppoe 3.5-4 +[03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3) + {CAN-2004-0911} + - netkit-telnet 0.17-26 +[30 Sep 2004] DSA-555-1 freenet6 - file permissions + {CAN-2004-0563} + - freenet6 1.0-2.2 +[27 Sep 2004] DSA-554-1 sendmail - pre-set password + {CAN-2004-0833} + - sendmail 8.13.1-13 +[27 Sep 2004] DSA-553-1 getmail - symlink vulnerability + {CAN-2004-0880 CAN-2004-0881} + - getmail 3.2.5-1 +[22 Sep 2004] DSA-552-1 imlib2 - unsanitised input + {CAN-2004-0802} + - imlib2 1.1.0-12.4 +[21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling + {CAN-2004-0794} + - lukemftpd 1.1-2.2 +[20 Sep 2004] DSA-550-1 wv - buffer overflow + {CAN-2004-0645} + - wv 1.0.2-0.1 +[17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes + {CAN-2004-0782 CAN-2004-0783 CAN-2004-0788} + - gtk+2.0 2.4.9-2 +[16 Sep 2004] DSA-548-1 imlib - unsanitised input + {CAN-2004-0817} + - imlib 1.9.14-17 + - imlib+png2 1.9.14-16.2 +[16 Sep 2004] DSA-547-1 imagemagic - buffer overflows + {CAN-2004-0827} + - imagemagic 6.0.6.2-1 +[16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes + {CAN-2004-0753 CAN-2004-0782 CAN-2004-0788} + - gdk-pixbuf 0.22.0-7 +[15 Sep 2004] DSA-545-1 cupsys - denial of service + {CAN-2004-0558} + - cupsys 1.1.20final+rc1-6 +[14 Sep 2004] DSA-544-1 webmin - insecure temporary directory + {CAN-2004-0559} + - webmin 1.160-1 + - usermin 1.090-1 +[31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities + {CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772} + - krb5 1.3.4-3 +[31 Aug 2004] DSA-458-2 python2.2 - buffer overflow + {CAN-2004-0150} + NOTE: not affected according to DSA +[30 Aug 2004] DSA-542-1 qt - unsanitised input + {CAN-2004-0691 CAN-2004-0692 CAN-2004-0693} + - qt-x11-free 3.3.3-4 +[25 Aug 2004] DSA-541 icecast-server - cross site scripting + {CAN-2004-0781} + - icecast-server 1.3.12-8 +[18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation + {CAN-2004-0457} + - mysql-dfsg 4.0.20-11 +[18 Aug 2004] DSA-539 kdelibs - denial of service + {CAN-2004-0689} + - kdelibs 4:3.2.3-3.sarge.1 +[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access + - rsync 2.6.2-3 +[16 Aug 2004] DSA-537 ruby - insecure file permissions + {CAN-2004-0755} + - ruby1.8 1.8.1+1.8.2pre1-4 + HELP: is ruby1.6 vulnerable? +[04 Aug 2004] DSA-536 libpng - several vulnerabilities + {CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768} + - libpng 1.0.15-6 + - libpng3 1.2.5.0-7 +[02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities + {CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639} + - squirrelmail 2:1.4.3a-0.1 +[22 Jul 2004] DSA-534 mailreader - directory traversal + {CAN-2002-1581} + - mailreader 2.3.29-9 +[22 Jul 2004] DSA-533 courier - cross-site scripting + {CAN-2004-0591} + - courier 0.45.4-4 +[22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities + {CAN-2004-0488 CAN-2004-0700} + - libapache-mod-ssl 2.8.19-1 +[20 Jul 2004] DSA-531 php4 - several vulnerabilities + {CAN-2004-0594 CAN-2004-0595} + ! php4 4:4.3.8-1 +[17 Jul 2004] DSA-530 l2tpd - buffer overflow + {CAN-2004-0649} + - l2tpd 0.70-pre20031121-2 +[17 Jul 2004] DSA-529 netkit-telnet-ssl - format string + {CAN-2004-0640} + ! netkit-telnet-ssl 0.17.24+0.1-2 +[17 Jul 2004] DSA-528 ethereal - denial of service + {CAN-2004-0635} + - ethereal 0.10.5-1 +[03 Jul 2004] DSA-527 pavuk - buffer overflow + {CAN-2004-0456} + NOTE: DSA is incorrect; pavuk is in sarge and unstable. + ! pavuk 0.9pl28-3 +[03 Jul 2004] DSA-526 webmin - several vulnerabilities + {CAN-2004-0582 CAN-2004-0583} + - webmin 1.150-1 +[24 Jun 2004] DSA-525 apache - buffer overflow + {CAN-2004-0492} + - apache 1.3.31-2 +[19 Jun 2004] DSA-524 rlpr - several vulnerabilities + {CAN-2004-0393 CAN-2004-0454} + - rlpr 2.02-7.1 +[19 Jun 2004] DSA-523 www-sql - buffer overflow + {CAN-2004-0455} + - www-sql 0.5.7-18 +[19 Jun 2004] DSA-522 super - format string vulnerability + {CAN-2004-0579} + - super 3.23.0-1 +[18 Jun 2004] DSA-521 sup - format string vulnerability + {CAN-2004-0451} + - sup 1.8-11 +[16 Jun 2004] DSA-520 krb5 - buffer overflows + {CAN-2004-0523} + - krb5 1.3.3-2 +[15 Jun 2004] DSA-519 cvs - several vulnerabilities + {CAN-2004-0416 CAN-2004-0417 CAN-2004-0418} + - cvs 1:1.12.9-1 +[14 Jun 2004] DSA-518 kdelibs - unsanitised input + {CAN-2004-0411} + - kdelibs 3.2.3 +[10 Jun 2004] DSA-517 cvs - buffer overflow + {CAN-2004-0414] + - cvs 1.12.9-1 +[07 Jun 2004] DSA-516 postgresql - buffer overflow + {CAN-2004-0547} + - postgresql 07.03.0200-3. +[05 Jun 2004] DSA-515 lha - several vulnerabilities + {CAN-2004-0234 CAN-2004-0235} + ! lha 1.14i-8 + NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1 + from the DSA could to updated via t-p-u. +[04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush + {CAN-2004-0077} + - kernel-image-sparc-2.2 9.1 + NOTE: did not check other versions of the kernel +[03 Jun 2004] DSA-513 log2mail - format string + {CAN-2004-0450} + ! log2mail 0.2.8-3 +[02 Jun 2004] DSA-512 gallery - unauthenticated access + {CAN-2004-0522} + - gallery 1.4.3-pl2-1 +[30 May 2004] DSA-511 ethereal - buffer overflows + {CAN-2004-0176} + - ethereal 0.10.3-1 +[29 May 2004] DSA-510 jftpgw - format string + {CAN-2004-0448} + - jftpgw 0.13.4-1 +[29 May 2004] DSA-509 gatos - privilege escalation + {CAN-2004-0395} + - gatos 0.0.5-12 +[22 May 2004] DSA-508 xpcd - buffer overflow + {CAN-2004-0402} + - xpcd 2.08-10 +[19 May 2004] DSA-507 cadaver - buffer overflow + {CAN-2004-0398} + - cadaver 0.22.1-3 +[19 May 2004] DSA-506 neon - buffer overflow + {CAN-2004-0398} + - neon 0.24.6.dfsg-1 +[19 May 2004] DSA-505 cvs - heap overflow + {CAN-2004-0396} + - cvs 1.12.5-6 +[18 May 2004] DSA-504 heimdal - missing input sanitising + {CAN-2004-0434} + - heimdal 0.6.2-1 +[13 May 2004] DSA-503 mah-jong - missing argument check + {CAN-2004-0458} + - mah-jong 1.6.2-1 +[11 May 2004] DSA-502 exim-tls - buffer overflow + {CAN-2004-0399 CAN-2004-0400} + NOTE: exim-tls not in sarge +[07 May 2004] DSA-501 exim - buffer overflow + {CAN-2004-0399 CAN-2004-0400} + - exim 3.36-11 + - exim4 4.33-1 +[01 May 2004] DSA-500 flim - insecure temporary file + {CAN-2004-0422} + - flim 1:1.14.6+0.20040415-1 +[01 May 2004] DSA-499 rsync - directory traversal + {CAN-2004-0426} + - rsync 2.6.1-1 +[30 Apr 2004] DSA-498 libpng - out of bound access + {CAN-2004-0421} + - libpng 1.0.15-5 + - libpng3 1.2.5.0-6 +[29 Apr 2004] DSA-497 mc - several vulnerabilities + {CAN-2004-0226 CAN-2004-0231 CAN-2004-0232} + - mc 1:4.6.0-4.6.1-pre1-2 +[29 Apr 2004] DSA-496 eterm - missing input sanitising + {CAN-2003-0068} + - eterm 0.9.2-6 +[26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities + {CAN-2003-0127 CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.16 not present. Did not check newer kernels. +[21 Apr 2004] DSA-494 ident2 - buffer overflow + {CAN-2004-0408} + - ident2 1.04-2 +[21 Apr 2004] DSA-493 xchat - buffer overflow + {CAN-2004-0409} + - xchat 2.0.8-1 +[18 Apr 2004] DSA-492 iproute - denial of service + {CAN-2003-0856} + - iproute 20010824-13.1 +[17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities + {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.19 not present. Did not check newer kernels. +[17 Apr 2004] DSA-490 zope - arbitrary code execution + {CVE-2002-0688} + - zope 2.6.0-0.1 +[17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities + {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.17 not present. Did not check newer kernels. +[16 Apr 2004] DSA-488 logcheck - insecure temporary directory + {CAN-2004-0404} + - logcheck 1.1.1-13.2 +[16 Apr 2004] DSA-487 neon - format string + {CAN-2004-0179} + - newo 0.24.5-1 +[16 Apr 2004] DSA-486 cvs - several vulnerabilities + {CAN-2004-0180 CAN-2004-0405} + - cvs 1:1.12.5-4 +[14 Apr 2004] DSA-485 ssmtp - format string + {CAN-2004-0156} + - ssmtp 2.60.7 +[14 Apr 2004] DSA-484 xonix - failure to drop privileges + {CAN-2004-0157} + - xonix 1.4-21 +[14 Apr 2004] DSA-483 mysql - insecure temporary file creation + {CAN-2004-0381} + - mysql-dfsg 4.0.18-4 + {CAN-2004-0388} + ! mysql-dfsg 4.0.18-6 +[14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities + {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.17 not present. Did not check newer kernels. +[14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities + {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.17 not present. Did not check newer kernels. +[14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities + {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.17/18 not present. Did not check newer kernels. +[14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities + {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + NOTE: 2.4.18 not present. Did not check newer kernels. +[06 Apr 2004] DSA-478 tcpdump - denial of service + {CAN-2004-0183 CAN-2004-0184} + - tcpdump 3.7.2-4 +[06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation + {CAN-2004-0372} + - xine-ui 0.99.1-1 +[06 Apr 2004] DSA-476 heimdal - cross-realm + {CAN-2004-0371} + - heimdal 0.6.1-1 +[05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities + {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + NOTE: 2.4.18 not present. Did not check newer kernels. +[03 Apr 2004] DSA-474 squid - ACL bypass + {CAN-2004-0189} + - squid 2.5.5-1 +[03 Apr 2004] DSA-473 oftpd - denial of service + {CAN-2004-0376} + - oftpd 20040304-1 +[03 Apr 2004] DSA-472 fte - several vulnerabilities + {CAN-2003-0648} + - fte 0.50.0-1.1 +[02 Apr 2004] DSA-471 interchange - missing input sanitising + {CAN-2004-0374} + - interchange 5.0.1-1 +[01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities + {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + NOTE: 2.4.17 not present. Did not check newer kernels. +[29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising + {CAN-2004-0366} + - pam-pgsql 0.5.2-7.1 +[24 Mar 2004] DSA-468 emil - several vulnerabilities + {CAN-2004-0152 CAN-2004-0153} + - emil 2.1.0-beta9-14 +[23 Mar 2004] DSA-467 ecartis - several vulnerabilities + {CAN-2003-0781 CAN-2003-0782} + - ecartis 1.0.0+cvs.20030911 +[18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush + {CAN-2004-0077} + NOTE: 2.2.10 not present. Did not check newer kernels. +[17 Mar 2004] DSA-465 openssl - several vulnerabilities + {CAN-2004-0079 CAN-2004-0081} + - openssl 0.9.7d-1 + NOTE: CAN-2004-0081 only affects 0.9.6. + NOTE: 0.9.7d also fixes CAN-2004-0112 + - openssl 0.9.6l + - openssl096 0.9.6m-1 +[16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling + {CAN-2004-0111} + - gdk-pixbuf 0.22.0-3 +[12 Mar 2004] DSA-463 samba - privilege escalation + {CAN-2004-0186} + - samba 3.0.2-2 +[12 Mar 2004] DSA-462 xitalk - missing privilege release + {CAN-2004-0151} + - xitalk 1.1.11-11 +[11 Mar 2004] DSA-461 calife - buffer overflow + {CAN-2004-0188} + - calife 2.8.6-1 +[10 Mar 2004] DSA-460 sysstat - insecure temporary file + {CAN-2004-0108} + - sysstat 5.0.2-1 +[10 Mar 2004] DSA-459 kdelibs - cookie path traversal + {CAN-2003-0592} + - kdelibs 4:3.1.3-1 +[09 Mar 2004] DSA-458 python2.2 - buffer overflow + {CAN-2004-0150} + NOTE: not affected according to DSA +[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities + {CAN-2004-0148 CAN-2004-0185} + - wu-ftpd 2.6.2-17.1 +[06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush + {CAN-2004-0077} + NOTE: 2.2.19 not present. Did not check newer kernels. +[03 Mar 2004] DSA-455 libxml - buffer overflows + {CAN-2004-0110} + - libxml 1.8.17-5 + - libxml2 2.6.6-1 +[02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush + {CAN-2004-0077} + NOTE: 2.2.22 not present. Did not check newer kernels. +[02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush + {CAN-2004-0077} + NOTE: 2.2.20 not present. Did not check newer kernels. +[29 Feb 2004] DSA-452 libapache-mod-python - denial of service + {CAN-2003-0973} + - libapache-mod-python 2:2.7.10-1 +[27 Feb 2004] DSA-451 xboing - buffer overflows + {CAN-2004-0149} + - xboing 2.4-26.1 +[27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities + {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + NOTE: 2.4.19 not present. Did not check newer kernels. +[24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs + {CAN-2004-0104 CAN-2004-0105} + - metamail 2.7-45.2 +[22 Feb 2004] DSA-448 pwlib - several vulnerabilities + {CAN-2004-0097} + - pwlib 1.5.2-4 +[22 Feb 2004] DSA-447 hsftp - format string + {CAN-2004-0159} + ! hsftp 1.15-1 +[21 Feb 2004] DSA-446 synaesthesia - insecure file creation + {CAN-2004-0160} + DSA notes not setuid anymore so ok +[21 Feb 2004] DSA-445 lbreakout2 - buffer overflow + {CAN-2004-0158} + - lbreakout2 2.4 +[20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check + {CAN-2004-0077} + NOTE: 2.4.17 not present. Did not check newer kernels. +[19 Feb 2004] DSA-443 xfree86 - several vulnerabilities + {CAN-2003-0690} + - xfree86 4.3.0-0pre1v2 + {CAN-2004-0083 CAN-2004-0084 CAN-2004-0106} + - xfree86 4.3.0-1 + {CAN-2004-0093 CAN-2004-0094} + - xfree86 4.2.1-6 +[19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities + {CAN-2003-0001 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 CVE-2002-0429} + NOTE: 2.4.17 not present. Did not check newer kernels. +[18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check + {CAN-2004-0077} + NOTE: 2.4.17 not present. Did not check newer kernels. +[18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities + {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + NOTE: 2.4.17 not present. Did not check newer kernels. +[18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities + {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + NOTE: 2.4.16 not present. Did not check newer kernels. +[18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check + {CAN-2004-0077} + NOTE: 2.4.17 not present. Did not check newer kernels. +[11 Feb 2004] DSA-437 cgiemail - open mail relay + {CAN-2002-1575} + - cgiemail 1.6-20 +[08 Feb 2004] DSA-436 mailman - several vulnerabilities + {CAN-2003-0991} + NOTE: apparently specific to mailman 2.0, not 2.1 + {CAN-2003-0965} + - mailman 2.1.4-1 + {CAN-2003-0038} + - mailman 2.1.1-1 +[06 Feb 2004] DSA-435 mpg123 - heap overflow + {CAN-2003-0865} + - mpg123 0.59r-15 +[05 Feb 2004] DSA-434 gaim - several vulnerabilities + {CAN-2004-0005 CAN-2004-0006 CAN-2004-0007 CAN-2004-0008} + - gaim 1:0.75-2 +[04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow + {CAN-2003-0961} + NOTE: 2.4.17 not present. Did not check newer kernels. +[03 Feb 2004] DSA-432 crawl - buffer overflow + {CAN-2004-0103} + - crawl 4.0.0beta26-4 +[01 Feb 2004] DSA-431 perl - information leak + {CAN-2003-0618} + - perl 5.8.3-3 +[28 Jan 2004] DSA-430 trr19 - missing privilege release + {CAN-2004-0047} + - trr19 1.0beta5-17.1 +[26 Jan 2004] DSA-429 gnupg - cryptographic weakness + {CAN-2003-0971} + - gnupg 1.2.4-1 +[20 Jan 2004] DSA-428 slocate - buffer overflow + {CAN-2003-0848} + - slocate 2.7-3 +[19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check + {CAN-2003-0985} + NOTE: 2.4.17 not present. Did not check newer kernels. +[18 Jan 2004] DSA-426 netpbm-free - insecure temporary files + {CAN-2003-0924} + - netpbm-free 2:9.25-9 +[16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities + {CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057} + HELP: No idea if this is fixed, we have a new upstream version + HELP: that came out after these advisories, but neither the debian nor + HELP: the upstream changelog seem to mention them. + NOTE: Mailed maintainer. +[16 Jan 2004] DSA-424 mc - buffer overflow + {CAN-2003-1023} + - mc 1:4.6.0-4.6.1-pre1-1 +[15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities + {CAN-2003-0001 CAN-2003-0018 CAN-2003-0127 CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0961 CAN-2003-0985} + NOTE: 2.4.17 not present. Did not check newer kernels. +[13 Jan 2004] DSA-422 cvs - remote vulnerability + - cvs 1.11.11 +[12 Jan 2004] DSA-421 mod-auth-shadow - password expiration + {CAN-2004-0041} + - mod-auth-shadow 1.4-1 +[12 Jan 2004] DSA-420 jitterbug - improperly sanitised input + {CAN-2004-0028} + - jitterbug 1.6.2-4.5 +[09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection + {CAN-2004-0016 CAN-2004-0017} + - phpgroupware 0.9.14.007-4 +[07 Jan 2004] DSA-418 vbox3 - privilege leak + {CAN-2004-0015} + - vbox3 0.1.8 +[07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check + {CAN-2003-0961 CAN-2003-0985} + NOTE: 2.4.18 not present. Did not check newer kernels. +[06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal + {CAN-2003-1022 CAN-2004-0011} + - fsp 2.81.b18-1 +[06 Jan 2004] DSA-415 zebra - denial of service + {CAN-2003-0795 CAN-2003-0858} + - quagga 0.96.4x-4 +[06 Jan 2004] DSA-414 jabber - denial of service + {CAN-2004-0013} + - jabber 1.4.3-1 +[06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check + {CAN-2003-0985} + NOTE: 2.4.18 not present. Did not check newer kernels. +[05 Jan 2004] DSA-412 nd - buffer overflows + {CAN-2004-0014} + - nd 0.8.2-1 +[05 Jan 2004] DSA-411 mpg321 - format string vulnerability + {CAN-2003-0969} + - mpg321 0.2.10.3 +[05 Jan 2004] DSA-410 libnids - buffer overflow + {CAN-2003-0850} + - libnids 1.18-1 +[05 Jan 2004] DSA-409 bind - denial of service + {CAN-2003-0914} + - bind 1:8.4.3-1 +[05 Jan 2004] DSA-408 screen - integer overflow + {CAN-2003-0972} + - screen 4.0.2-0.1 +[05 Jan 2004] DSA-407 ethereal - buffer overflows + {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013 + - ethereal 0.10.0-1 +[05 Jan 2004] DSA-406 lftp - buffer overflow + - lftp 2.6.10-1 +[30 Dec 2003] DSA-405 xsok - missing privilege release + {CAN-2003-0949} + - xsok 1.02-11 +[04 Dec 2003] DSA-404 rsync - heap overflow + {CAN-2003-0962} + - rsync 2.5.6-1.1 +[01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit + {CAN-2003-0961} + NOTE: 2.4.18 not present in sarge, did not check newer kernels. +[17 Nov 2003] DSA-402 minimalist - unsanitised input + {CAN-2003-0902} + - minimalist 2.4-1 +[17 Nov 2003] DSA-401 hylafax - format strings + {CAN-2003-0886} + - hylafax 1:4.1.8-1 +[11 Nov 2003] DSA-400 omega-rpg - buffer overflow + {CAN-2003-0932} + - omega-rpg 0.90-pa9-11 +[10 Nov 2003] DSA-399 epic4 - buffer overflow + {CAN-2003-0328} + - epic4 1:1.1.11.20030409-2 +[10 Nov 2003] DSA-398 conquest - buffer overflow + {CAN-2003-0933} + - conquest 7.2-5 +[07 Nov 2003] DSA-397 postgresql - buffer overflow + {CAN-2003-0901} + - postgresql 7.3.4 +[29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation + {CAN-2002-1562 CAN-2003-0899} + - thttpd 2.23beta1-2.3 +[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling + {CAN-2003-0866} + ! tomcat4 4.1.24-2 + NOTE another RC (unreproducible?) bug and missing deps (#263201) + NOTE are keeping the fix out of testing +[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability + {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545} + - openssl 0.9.7c + - openssl096 0.9.6k +[01 Oct 2003] DSA-393 openssl - denial of service + {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545} + - openssl 0.9.7c + - openssl096 0.9.6k +[29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure + {CAN-2003-0832 CAN-2003-0833} + - webfs 1.20 +[28 Sep 2003] DSA-391 freesweep - buffer overflow + {CAN-2003-0828} + - freesweep 0.88-4.1 +[26 Sep 2003] DSA-390 marbles - buffer overflow + {CAN-2003-0830} + NOTE not present in sid, sarge +[20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules + {CAN-2003-0785} + - ipmasq 3.5.12 +[19 Sep 2003] DSA-388 kdebase - several vulnerabilities + {CAN-2003-0690 CAN-2003-0692} + - kdebase 4:3.2 +[18 Sep 2003] DSA-387 gopher - buffer overflows + {CAN-2003-0805} + - gopher 3.0.6 +[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug + {CAN-2002-1271} + - libmailtools-perl 1.51 +[18 Sep 2003] DSA-385 hztty - buffer overflows + {CAN-2003-0783} + - hztty 2.0-6 +[17 Sep 2003] DSA-384 sendmail - buffer overflows + {CAN-2003-0681 CAN-2003-0694} + - sendmail 8.12.10-1 +[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability + {CAN-2003-0693} + {CAN-2003-0695} + {CAN-2003-0682} + HELP: Screwy changelog does not make sense. Filed bug. +[16 Sep 2003] DSA-382 ssh - possible remote vulnerability + {CAN-2003-0693} + - openssh 1:3.6.1p2-6.0 + {CAN-2003-0695} + - openssh 1:3.7.1 + {CAN-2003-0682} + - openssh 1:3.6.1p2-9 +[13 Sep 2003] DSA-381 mysql - buffer overflow + {CAN-2003-0780} + - mysql-dfsg 4.0.15-1 +[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service + {CAN-2003-0063} + - xfree86 4.2.1-11 + {CAN-2003-0071} + - xfree86 4.2.1-11 + {CAN-2002-0164} + - xfree86 4.2.1-11 + {CAN-2003-0730} + - xfree86 4.2.1-12 +[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities + {CAN-2003-0773 CAN-2003-0774 CAN-2003-0775 CAN-2003-0776 CAN-2003-0777 CAN-2003-0778} + - sane-backends 1.0.11-1 +[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service + {CAN-2003-0705 CAN-2003-0706} + - mah-jong 1.5.6-2 +[04 Sep 2003] DSA-377 wu-ftpd - insecure program execution + {CVE-1999-0997} + - wu-ftpd 2.6.2-15 +[04 Sep 2003] DSA-376 exim - buffer overflow + {CAN-2003-0743} + - exim 3.36-8 +[29 Aug 2003] DSA-375 node - buffer overflow, format string + {CAN-2003-0707 CAN-2003-0708} + - node 0.3.2-1 +[26 Aug 2003] DSA-374 libpam-smb - buffer overflow + {CAN-2003-0686} + NOTE: not in sid/sarge +[16 Aug 2003] DSA-373 autorespond - buffer overflow + {CAN-2003-0654} + - autorespond 2.0.4-1 +[16 Aug 2003] DSA-372 netris - buffer overflow + {CAN-2003-0685} + - netris 0.52-1 +[11 Aug 2003] DSA-371 perl - cross-site scripting + {CAN-2003-0615} + - perl 5.8.0-19 +[08 Aug 2003] DSA-370 pam-pgsql - format string + {CAN-2003-0672} + - pam-pgsql 0.5.2-7 +[08 Aug 2003] DSA-369 zblast - buffer overflow + {CAN-2003-0613} + - zblast 1.2.1-7 +[08 Aug 2003] DSA-368 xpcd - buffer overflow + {CAN-2003-0649} + - xpcd 2.08-9 +[08 Aug 2003] DSA-367 xtokkaetama - buffer overflow + {CAN-2003-0652} + - xtokkaetama 1.0b-9 +[05 Aug 2003] DSA-366 eroaster - insecure temporary file + {CAN-2003-0656} + - eroaster 2.2.0-0.5-1 +[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities + {CAN-2003-0504 CAN-2003-0599 CAN-2003-0657} + - phpgroupware 0.9.14.007-1) +[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution + {CAN-2003-0620 CAN-2003-0645} + - man-db 2.4.1-13 +[03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning + {CAN-2003-0468 CAN-2003-0540} + - postfix 1.1.12 +[02 Aug 2003] DSA-362 mindi - insecure temporary file + {CAN-2003-0617} + - mindi 0.86-1 +[01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities + {CAN-2003-0459 CAN-2003-0370} + - kdelibs 4:3.1.3-1 +[01 Aug 2003] DSA-360 xfstt - several vulnerabilities + {CAN-2003-0581} + - xfstt 1.5-1 + {CAN-2003-0625} + - xfstt 1.5.1-1 +[31 Jul 2003] DSA-359 atari800 - buffer overflows + {CAN-2003-0630} + - atari800 1.3.1-2 +[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities + {CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643} + NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones. +[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit + {CAN-2003-0466} + - wu-ftpd 2.6.2-12 +[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows + {CAN-2003-0611} + - xtokkaetama 1.0b-8 +[30 Jul 2003] DSA-355 gallery - cross-site scripting + {CAN-2003-0614} + - gallery 1.3.4-3 +[29 Jul 2003] DSA-354 xconq - buffer overflows + {CAN-2003-0607} + - xconq 7.4.1-2.1 +[29 Jul 2003] DSA-353 sup - insecure temporary file + {CAN-2003-0606} + - sup 1.8-9 +[22 Jul 2003] DSA-352 fdclone - insecure temporary directory + {CAN-2003-0596} + - fdclone 2.04-1 +[16 Jul 2003] DSA-351 php4 - cross-site scripting + {CAN-2003-0442} + - php4 4:4.3.2+rc3-1 +[15 Jul 2003] DSA-350 falconseye - buffer overflow + {CAN-2003-0358} + NOTE: not in testing, fixed in unstable + - falconseye 1.9.3-9 +[14 Jul 2003] DSA-349 nfs-utils - buffer overflow + {CAN-2003-0252} + - nfs-utils 1:1.0.3-2 +[11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow + {CAN-2003-0453} + - traceroute-nanog 6.1.1-1.3 +[08 Jul 2003] DSA-347 teapop - SQL injection + {CAN-2003-0515} + - teapop 0.3.5-2 +[08 Jul 2003] DSA-346 phpsysinfo - directory traversal + {CAN-2003-0536} + - phpsysinfo 2.1-1 +[08 Jul 2003] DSA-345 xbl - buffer overflow + {CAN-2003-0535} + - xbl 1.0k-6 +[08 Jul 2003] DSA-344 unzip - directory traversal + {CAN-2003-0282} + - unzip 5.50-3 +[08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file + {CAN-2003-0539} + - skk 10.62a-6 + - ddskk 12.1.cvs.20030622-1 +[07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration + {CAN-2003-0538} + NOTE: mozart is not in sarge + - mozart 1.2.5.20030212-2 +[07 Jul 2003] DSA-341 liece - insecure temporary file + {CAN-2003-0537} + - liece 2.0+0.20030527cvs-1 +[06 Jul 2003] DSA-340 x-face-el - insecure temporary file + - x-face-el 1.3.6.23-1 +[06 Jul 2003] DSA-339 semi - insecure temporary file + {CAN-2003-0440} + - semi 1.14.5+20030609-1 +[29 Jun 2003] DSA-338 proftpd - SQL injection + {CAN-2003-0500} + - proftpd 1.2.8-8 +[29 Jun 2003] DSA-337 gtksee - buffer overflow + {CAN-2003-0444} + ! gtksee 0.5.6-1 +[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities + {CAN-2002-1380 CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0364 CAN-2003-0246 CAN-2003-0244 CAN-2003-0247 CAN-2003-0248} + - kernel-source-2.2.25 2.2.25-3 + NOTE: did not check newer kernels +[28 Jun 2003] DSA-335 mantis - incorrect permissions + {CAN-2003-0499} + - mantis 0.17.5-6 +[28 Jun 2003] DSA-334 xgalaga - buffer overflows + {CAN-2003-0454} + - xgalaga 2.0.34-22 +[27 Jun 2003] DSA-333 acm - integer overflow + {CVE-2002-0391} + - acm 5.0-10 +[27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities + {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364} + NOTE: note in the archive, and did not check newer kernels +[27 Jun 2003] DSA-331 imagemagick - insecure temporary file + {CAN-2003-0455} + - imagemagick 4:5.5.7-1 +[23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges + {CAN-2003-0489} + - tcptraceroute 1.4-4 +[20 Jun 2003] DSA-329 osh - buffer overflows + {CAN-2003-0452} + - osh 1.7-12 +[19 Jun 2003] DSA-328 webfs - buffer overflow + {CAN-2003-0445} + - webfs 1.20 +[19 Jun 2003] DSA-327 xbl - buffer overflows + {CAN-2003-0451} + - xbl 1.0k-5 +[19 Jun 2003] DSA-326 orville-write - buffer overflows + {CAN-2003-0441} + - orville-write 2.54-1 +[19 Jun 2003] DSA-325 eldav - insecure temporary file + {CAN-2003-0438} + - eldav 0.7.2-1 +[18 Jun 2003] DSA-324 ethereal - several vulnerabilities + {CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432} + - ethereal 0.9.13-1. +[16 Jun 2003] DSA-323 noweb - insecure temporary files + {CAN-2003-0381} + - noweb 2.10c-2 +[16 Jun 2003] DSA-322 typespeed - buffer overflow + {CAN-2003-0435} + - typespeed 0.4.4 +[13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow + {CAN-2003-0450} + - radiusd-cistron 1.6.6-2 +[13 Jun 2003] DSA-320 mikmod - buffer overflow + {CAN-2003-0427} + - mikmod 3.1.6-6 +[12 Jun 2003] DSA-319 webmin - session ID spoofing + {CAN-2003-0101} + - webmin 1.070-1 +[12 Jun 2003] DSA-318 lyskom-server - denial of service + {CAN-2003-0366} + - lyskom-server 2.0.7-2 +[11 Jun 2003] DSA-317 cupsys - denial of service + {CAN-2003-0195} + - cupsys 1.1.19final-1 +[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions + {CAN-2003-0358 CAN-2003-0359} + - nethack 3.4.1-1 + - slashem 0.0.6E4F8-6 + - jnethack 1.1.5-15 + NOTE: DSA contains some strange non-nethack version numbers +[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service + {CAN-2003-0433} + HELP: no mention of any security fixes in debian changelog, + HELP: upstream changelog. Mailed maintainer. +[11 Jun 2003] DSA-314 atftp - buffer overflow + {CAN-2003-0380} + - atftp 0.6.2 +[11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows + {CAN-2003-0356 CAN-2003-0357} + - ethereal 0.9.12-1 +[09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities + {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248} + NOTE: not in unstable/testing. Did not check other versions. +[08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities + {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364} + NOTE: not in unstable/testing. Did not check other versions. +[08 Jun 2003] DSA-310 xaos - improper setuid-root execution + {CAN-2003-0385} + - xaos 3.1r-4 +[06 Jun 2003] DSA-309 eterm - buffer overflow + {CAN-2003-0382} + - eterm 0.9.2-1 +[06 Jun 2003] DSA-308 gzip - insecure temporary files + {CVE-1999-1332 CAN-2003-0367} + - gzip 1.3.5-6 +[27 May 2003] DSA-307 gps - multiple vulnerabilities + {CAN-2003-0361 CAN-2003-0360 CAN-2003-0362} + - gps 1.1.0-1 +[19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow + {CAN-2003-0321 CAN-2003-0322 CAN-2003-0328} + - ircii-pana 1:1.0-0c19-8 +[15 May 2003] DSA-305 sendmail - insecure temporary files + {CAN-2003-0308} + - sendmail 8.12.9-2 +[15 May 2003] DSA-304 lv - privilege escalation + {CAN-2003-0188} + - lv 4.49.5-2 +[15 May 2003] DSA-303 mysql - privilege escalation + {CAN-2003-0073} + - mysql-dfsg 4.0.12-2 + {CAN-2003-0150} + HELP: not sure if this is fixed +[07 May 2003] DSA-302 fuzz - privilege escalation + {CAN-2003-0261} + - fuzz 0.6-7.1 +[07 May 2003] DSA-301 libgtop - buffer overflow + {CAN-2001-0928} + - libgtop 1.0.13-4 +[06 May 2003] DSA-300 balsa - buffer overflow + {CAN-2003-0167} + - balse 2.0.10 +[06 May 2003] DSA-299 leksbot - improper setuid-root execution + {CAN-2003-0262} + - lexbot 1.2-5 +[02 May 2003] DSA-298 epic4 - buffer overflows + {CAN-2003-0323} + - epic4 1:1.1.11.20030409-1 +[01 May 2003] DSA-297 snort - integer overflow, buffer overflow + {CAN-2003-0033 CAN-2003-0209} + - snort 2.0.0-1 +[30 Apr 2003] DSA-296 kdebase - insecure execution + {CAN-2003-0204} + - kdebase 4:3.1.0-1 +[30 Apr 2003] DSA-295 pptpd - buffer overflow + {CAN-2003-0213} + - pptpd 1.1.4-0.b3.2 +[23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser + {CAN-2003-0205 CAN-2003-0206} + NOTE: not in unstable/testing +[23 Apr 2003] DSA-293 kdelibs - insecure execution + {CAN-2003-0204} + - kdebase 4:3.1.0-1 +[22 Apr 2003] DSA-292 mime-support - insecure temporary file creation + {CAN-2003-0214} + - mime-support 3.23-1 +[22 Apr 2003] DSA-291 ircii - buffer overflows + {CAN-2003-0323} + - ircii 20030315-1 +[17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion + {CAN-2003-0161} + - sendmail-wide 8.12.9+3.5Wbeta-1 +[17 Apr 2003] DSA-289 rinetd - incorrect memory resizing + {CAN-2003-0212} + - rinetd 0.61-2 +[17 Apr 2003] DSA-288 openssl - several vulnerabilities + {CAN-2003-0147 CAN-2003-0131} + - openssl 0.9.7b-1 + - openssl096 0.9.6j-1 +[15 Apr 2003] DSA-287 epic - buffer overflows + {CAN-2003-0324} + - epic4 1:1.1.11.20030409-1 +[14 Apr 2003] DSA-286 gs-common - insecure temporary file + {CAN-2003-0207} + - gs-common 0.3.3.1 +[14 Apr 2003] DSA-285 lprng - insecure temporary file + {CAN-2003-0136} + - lprng 3.8.20-4. +[12 Apr 2003] DSA-284 kdegraphics - insecure execution + {CAN-2003-0204} + - kdegraphics 4:3.1.0-1 +[11 Apr 2003] DSA-283 xfsdump - insecure file creation + {CAN-2003-0173} + - xfsdump 2.2.8-1 +[09 Apr 2003] DSA-282 glibc - integer overflow + {CAN-2003-0028} + - glibc 2.3.1-16 +[08 Apr 2003] DSA-281 moxftp - buffer overflow + {CAN-2003-0203} + - moxftp 2.2-18.20 +[07 Apr 2003] DSA-280 samba - buffer overflow + {CAN-2003-0201 CAN-2003-0196} + - samba 3.0 +[07 Apr 2003] DSA-279 metrics - insecure temporary file creation + {CAN-2003-0202} + NOTE: note in unstable/testing +[04 Apr 2003] DSA-278 sendmail - char-to-int conversion + {CAN-2003-0161} + - sendmail 8.12.9-1 +[03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string + {CAN-2003-0098 CAN-2003-0099} + - apcupsd 3.8.5-1.2 +[03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation + {CAN-2003-0127} + NOTE: this version is not in sarge, did not check others +[02 Apr 2003] DSA-275 lpr-ppd - buffer overflow + {CAN-2003-0144} + - lpr-ppd 1:0.72-3 +[28 Mar 2003] DSA-274 mutt - buffer overflow + {CAN-2003-0167} + - mutt 1.4.0 +[28 Mar 2003] DSA-273 krb4 - Cryptographic weakness + {CAN-2003-0138 CAN-2003-0139} + - krb4 1.2.2-1 +[28 Mar 2003] DSA-272 dietlibc - integer overflow + {CAN-2003-0028} + - dietlibc 0.22-2 +[27 Mar 2003] DSA-271 ecartis - unauthorized password change + {CAN-2003-0162} + - ecartis 1.0.0+cvs.20030321-1 +[27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation + {CAN-2003-0127} + NOTE: not in unstable/testing, did not check other versions +[26 Mar 2003] DSA-269 heimdal - Cryptographic weakness + {CAN-2003-0138} + - heimdal 0.5.2-1 +[25 Mar 2003] DSA-268 mutt - buffer overflow + {CAN-2003-0140} + - mutt 1.5.4-1 +[24 Mar 2003] DSA-267 lpr - buffer overflow + {CAN-2003-0144} + - lpr 1:2000.05.07-4.20 +[24 Mar 2003] DSA-266 krb5 - several vulnerabilities + {CAN-2003-0028} + - krb5 1.3.3-2 + NOTE: changelog does not mention this one, verified patch from + NOTE: Tom Yu was applied to this version. + {CAN-2003-0072} + - krb5 1.2.7-3 + NOTE: changelog does not mention this one, verified patch from + NOTE: upstream was applied to this version. + {CAN-2003-0082} + - krb5 1.3.3-2 + {CAN-2003-0138 VU#623217} + - krb5 1.2.7-3 + {CAN-2003-0139 VU#442569} + - krb5 1.2.7-3 +[21 Mar 2003] DSA-265 bonsai - several vulnerabilities + {CAN-2003-0152 CAN-2003-0153 CAN-2003-0154 CAN-2003-0155} + - bonsai 1.3+cvs20030317-1 +[19 Mar 2003] DSA-264 lxr - missing filename sanitizing + {CAN-2003-0156} + - lxr 0.3-4 +[17 Mar 2003] DSA-263 netpbm-free - math overflow errors + {CAN-2003-0146} + - netpbm-free 2:9.20-9 +[15 Mar 2003] DSA-262 samba - remote exploit + {CAN-2003-0085 CAN-2003-0086} + - samba 2.2.8 +[14 Mar 2003] DSA-261 tcpdump - infinite loop + {CAN-2003-0093 CAN-2003-0145} + NOTE: DSA reports sid was not affected, sarge has sid version +[13 Mar 2003] DSA-260 file - buffer overflow + {CAN-2003-0102} + - file 3.40-1.1 +[12 Mar 2003] DSA-259 qpopper - mail user privilege escalation + {CAN-2003-0143} + - qpopper 4.0.4-9 +[10 Mar 2003] DSA-258 ethereal - format string vulnerability + {CAN-2003-0081} + - ethereal 0.9.9-2 +[04 Mar 2003] DSA-257 sendmail - remote exploit + {CAN-2002-1337} + - sendmail 8.12.8 +[28 Feb 2003] DSA-256 mhc - insecure temporary file + {CAN-2003-0120} + - mhc 0.25+20030224-1 +[27 Feb 2003] DSA-255 tcpdump - infinite loop + {CAN-2003-0108 CAN-2002-0380} + - tcpdump 3.7.1-1.2 +[27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow + {CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387} + - traceroute-nanog 6.3.0-1 +[24 Feb 2003] DSA-253 openssl - information leak + {CAN-2003-0078} + - openssl 0.9.7a-1 +[21 Feb 2003] DSA-252 slocate - buffer overflow + {CAN-2003-0056} + - slocate 2.7-1 +[14 Feb 2003] DSA-251 w3m - missing HTML quoting + {CAN-2002-1335 CAN-2002-1348} + - w3m 0.3.2.2-1 +[12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting + {CAN-2002-1335 CAN-2002-1348} + NOTE: not in sid/sarge +[11 Feb 2003] DSA-249 w3mmee - missing HTML quoting + {CAN-2002-1335 CAN-2002-1348} + - w3mmee 0.3.p24.17-3 +[31 Jan 2003] DSA-248 hypermail - buffer overflows + {CAN-2003-0057} + - hypermail 2.1.6-1 +[30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing + {CAN-2003-0040} + - courier 0.40.2-3 +[29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting + {CAN-2003-0042 CAN-2003-0043 CAN-2003-0044} + NOTE: tomcat not in sid/sarge + NOTE: tomcat4 not affected +[28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary + {CAN-2003-0039} + - dhcp3 1.1.2-1 +[27 Jan 2003] DSA-244 noffle - buffer overflows + {CAN-2003-0037} + - noffle 1.1.2-1 +[24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities + {CAN-2002-1393} + - kdemultimedia 4:3.1 +[24 Jan 2003] DSA-242 kdebase - several vulnerabilities + {CAN-2002-1393} + - kdebase 4:3.1 +[24 Jan 2003] DSA-241 kdeutils - several vulnerabilities + {CAN-2002-1393} + - kdeutils 4:3.1 +[23 Jan 2003] DSA-240 kdegames - several vulnerabilities + {CAN-2002-1393} + - kdegames 4:3.1 +[23 Jan 2003] DSA-239 kdesdk - several vulnerabilities + {CAN-2002-1393} + - kdesdk 4:3.1 +[23 Jan 2003] DSA-238 kdepim - several vulnerabilities + {CAN-2002-1393} + - kdepim 4:3.1 +[22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities + {CAN-2002-1393} + - kdenetwork 4:3.1 +[22 Jan 2003] DSA-236 kdelibs - several vulnerabilities + {CAN-2002-1393} + - kdelibs 4:3.1 +[22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities + {CAN-2002-1393} + - kdegraphics 4:3.1 +[22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities + {CAN-2002-1393} + - kdeadmin 4:3.1 +[21 Jan 2003] DSA-233 cvs - doubly freed memory + {CAN-2003-0015} + - cvs 1.11.2-5.1 +[20 Jan 2003] DSA-232 cupsys - several vulnerabilities + {CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384} + - cupsys 1.1.18-1 +[17 Jan 2003] DSA-231 dhcp3 - stack overflows + {CAN-2003-0026} + - dhcp3 3.0+3.0.1rc11-1 +[16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files + NOTE: not in testing due to 3 newer security holes + {CAN-2003-0012} + - bugzilla 2.16.2 + {CAN-2003-0013} + - bugzilla 2.16.2 +[15 Jan 2003] DSA-229 imp - SQL injection + {CAN-2003-0025} + NOTE: I think imp3 is ok. +[14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak + {CAN-2003-0031 CAN-2003-0032} + - libmcrypt 2.5.5-1 +[13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs + {CAN-2002-1378 CAN-2002-1379 CAN-2002-1508} + - openldap2 2.0.27-3 +[10 Jan 2003] DSA-226 xpdf-i - integer overflow + {CAN-2002-1384} + - xpdf 2.01-2 +[09 Jan 2003] DSA-225 tomcat4 - source disclosure + {CAN-2002-1394} + ! tomcat4 4.1.16-1 + NOTE another RC (unreproducible?) bug and missing deps (#263201) + NOTE are keeping the fix out of testing + NOTE this is the second unfixed security hole in tomcat4 in testing.. +[08 Jan 2003] DSA-224 canna - buffer overflow and more + {CAN-2002-1158 CAN-2002-1159} + - canna 3.6p1-1 +[07 Jan 2003] DSA-223 geneweb - information exposure + {CAN-2002-1390} + - geneweb 4.09-1 +[06 Jan 2003] DSA-222 xpdf - integer overflow + {CAN-2002-1384} + - xpdf 2.01-2 +[03 Jan 2003] DSA-221 mhonarc - cross site scripting + {CAN-2002-1388} + - mhonarc 2.5.14-1 +[02 Jan 2003] DSA-220 squirrelmail - cross site scripting + {CAN-2002-1341} + - squirrelmail 1:1.3.2-2 + +------- These processed by Djoumé SALVETTI <salvetti@crans.org> ----- + +[31 Dec 2002] DSA-219 dhcpcd - remote command execution + {CAN-2002-1403} + - dhcpcd 1.3.22pl2-2 +[30 Dec 2002] DSA-218 bugzilla - cross site scripting + NOTE: not in testing, fixed in unstable (bugzilla 2.16.2-1). +[27 Dec 2002] DSA-217 typespeed - buffer overflow + {CAN-2002-1389} + - typespeed 0.4.2-2 +[24 Dec 2002] DSA-216 fetchmail - buffer overflow + {CAN-2002-1365} + - fetchmail 6.2.0-1 +[23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow + {CAN-2002-1580} + - cyrus-imapd 1.5.19-9.10 +[20 Dec 2002] DSA-214 kdnetwork - buffer overflows + {CAN-2002-1306} + - kdenetwork 2.2.2-14.20 + NOTE: there is a typo in the DSA, the name of the package is kdenetwork. +[19 Dec 2002] DSA-213 libpng - buffer overflow + {CAN-2002-1363} + - libpng 1.0.12-7 + - libpng3 1.2.5-8 +[17 Dec 2002] DSA-212 mysql - multiple problems + {CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376} + - mysql-dfsg 4.0.7.gamma-1 +[13 Dec 2002] DSA-211 micq - denial of service + {CAN-2002-1362} + NOTE: not in testing nor unstable (was fixed in 0.4.9.4-1) +[13 Dec 2002] DSA-210 lynx - CRLF injection + {CAN-2002-1405} + - lynx 2.8.4.1b-4 + NOTE: lynx-ssl not in testing nor unstable. +[12 Dec 2002] DSA-209 wget - directory traversal + {CAN-2002-1344} + - wget 1.8.2-8 +[12 Dec 2002] DSA-208 perl - broken safe compartment + {CAN-2002-1323} + - perl 5.8.0-14 +[11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution + {CAN-2002-0836} + - tetex-bin 1.0.7+20021025-4 +[10 Dec 2002] DSA-206 tcpdump - denial of service + {CAN-2002-1350} + - tcpdump 3.7.2-1 +[10 Dec 2002] DSA-205 gtetrinet - buffer overflow + - gtetrinet 0.4.4-1 + NOTE: no CAN not CVE for this one +[05 Dec 2002] DSA-204 kdelibs - arbitrary program execution + {CAN-2002-1281 CAN-2002-1282} + - kdelibs 4:3.1.0-1 +[04 Dec 2002] DSA-203 smb2www - arbitrary command execution + {CAN-2002-1342} + - smb2www 980804-17 +[03 Dec 2002] DSA-202 im - insecure temporary files + {CAN-2002-1395} + - im 141-20 +[02 Dec 2002] DSA-201 freeswan - denial of service + {CAN-2002-0666 VU#459371} + - freeswan 1.99-1 +[22 Nov 2002] DSA-200 samba - remote exploit + {CAN-2002-1318} + - samba 2.99.cvs.20020713-1 +[19 Nov 2002] DSA-199 mhonarc - cross site scripting + {CAN-2002-1307} + - mhonarc 2.5.13-1 +[18 Nov 2002] DSA-198 nullmailer - denial of service + {CAN-2002-1313} + - nullmailer 1.00RC5-17 +[15 Nov 2002] DSA-197 courier - buffer overflow + {CAN-2002-1311} + - courier 0.40.0-1 +[14 Nov 2002] DSA-196 bind - several vulnerabilities + {CAN-2002-0029 CAN-2002-1219 CAN-2002-1220 CAN-2002-1221} + - bind 8.3.3-3 +[13 Nov 2002] DSA-195 apache-perl - several vulnerabilities + {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843 CAN-2001-0131 CAN-2002-1233} + - apache-perl 1.3.26-1.1-1.27-3-1 +[12 Nov 2002] DSA-194 masqmail - buffer overflows + {CAN-2002-1279} + - masqmail 0.2.15-1 +[11 Nov 2002] DSA-193 kdenetwork - buffer overflow + {CAN-2002-1247} + - kdenetwok 2.2.2-14.3 +[08 Nov 2002] DSA-192 html2ps - arbitrary code execution + {CAN-2002-1275} + - html2ps 1.0b3-2 +[07 Nov 2002] DSA-191 squirrelmail - cross site scripting + {CAN-2002-1131 CAN-2002-1132 CAN-2002-1276} + - squirrelmail 1.2.8-1.1 +[07 Nov 2002] DSA-190 wmaker - buffer overflow + {CAN-2002-1277} + - wmaker 0.80.1-4 +[06 Nov 2002] DSA-189 luxman - local root exploit + {CAN-2002-1245} + - luxman 0.41-19 +[05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities + {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843} + - apache 1.3.27-0.1 + {CAN-2001-0131 CAN-2002-1233} + - apache 1.3.27-1 + HELP: note sure about this + NOTE: I have mailed maintainers + {NO-CAN Several buffer overflows in ApacheBench} + HELP: I don't know about this + NOTE: I have mailed maintainers +[04 Nov 2002] DSA-187 apache - several vulnerabilities + {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843} + - apache 1.3.27-0.1 + {CAN-2001-0131 CAN-2002-1233} + - apache 1.3.27-1 + HELP: note sure about this + NOTE: I have mailed maintainers + {NO-CAN Several buffer overflows in ApacheBench} + HELP: I don't know about this + NOTE: I have mailed maintainers +[01 Nov 2002] DSA-186 log2mail - buffer overflow + {CAN-2002-1251} + - log2mail 0.2.6-1 +[31 Oct 2002] DSA-185 heimdal - buffer overflow + {CAN-2002-1235} + - heimdal 0.4e-22 +[30 Oct 2002] DSA-184 krb4 - buffer overflow + {CAN-2002-1235} + - krb4 1.1-11-8 +[29 Oct 2002] DSA-183 krb5 - buffer overflow + {CAN-2002-1235} + - krb5 1.2.6-2 +[28 Oct 2002] DSA-182 kdegraphics - buffer overflow + {CAN-2002-0838} + - kdegraphics 2.2.2-6.9 +[22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting + {CAN-2002-1157} + - libapache-mod-ssl 2.8.9-2.3 +[21 Oct 2002] DSA-180 nis - information leak + {CAN-2002-1232} + - nis 3.9-6.2 +[18 Oct 2002] DSA-179 gnome-gv - buffer overflow + {CAN-2002-0838} + - gnome-gv 1.99.7-9 +[17 Oct 2002] DSA-178 heimdal - remote command execution + {CAN-2002-1225 CAN-2002-1226} + - heimdal 0.4e-21 +[17 Oct 2002] DSA-177 pam - serious security violation + {CAN-2002-1227} + - pam 0.76-6 +[16 Oct 2002] DSA-176 gv - buffer overflow + {CAN-2002-0838} + - gv 3.5.8-27 +[15 Oct 2002] DSA-175 syslog-ng - buffer overflow + {CAN-2002-1200} + - syslog-ng 1.5.21-1 +[14 Oct 2002] DSA-174 heartbeat - buffer overflow + {CAN-2002-1215} + - heartbeat 0.4.9.2-1 +[09 Oct 2002] DSA-173 bugzilla - privilege escalation + {CAN-2002-1196} + NOTE: not in testing, fixed in unstable (bugzilla 2.16.0-2.1) +[08 Oct 2002] DSA-172 tkmail - insecure temporary files + {CAN-2002-1193} + NOTE: not in testing nor unstable (was fixed in 4.0beta9-9) +[07 Oct 2002] DSA-171 fetchmail - buffer overflows + {CAN-2002-1175 CAN-2002-1174} + - fetchmail 6.1.0-1 + NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1) +[04 Oct 2002] DSA-170 tomcat4 - source code disclosure + {CAN-2002-1148} + ! tomcat4 4.1.12-1 + NOTE: only 4.0.4-4 in testing (which seems to be vulnerable) +[25 Sep 2002] DSA-169 htcheck - cross site scripting + {CAN-2002-1195} + - htcheck 1.1-1.2 +[18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection + {CAN-2002-0985 CAN-2002-0986} + - php3 3.0.18-23.2 + - php4 4.2.3-3 + NOTE: php3 is not in testing, it seems to be wait for tiff and gcc transition + NOTE: and is out of date on alpha and arm +[16 Sep 2002] DSA-167 kdelibs - cross site scripting + {CAN-2002-1151} + - kdelibs 2.2.2-14 + NOTE: there is a typo in the DSA that mentionned Konquerer instead of kdelibs +[13 Sep 2002] DSA-166 purity - buffer overflows + {CAN-2002-1124} + - purity 1-16 +[12 Sep 2002] DSA-165 postgresql - buffer overflows + {CAN-2002-0972 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CVE-2002-1402} + - postgresql 7.2.2-2 +[10 Sep 2002] DSA-164 cacti - arbitrary code execution + {CAN-2002-1477 CAN-2002-1478} + - cacti 0.6.8a-2 +[09 Sep 2002] DSA-163 mhonarc - cross site scripting + {CVE-2002-0738} + - mhonarc 2.5.11-1 +[06 Sep 2002] DSA-162 ethereal - buffer overflow + {CAN-2002-0834} + - ethereal 0.9.6-1 +[04 Sep 2002] DSA-161 mantis - privilege escalation + {CAN-2002-1115 CAN-2002-1116} + - mantis 0.17.5-2 +[03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation + {CAN-2002-0662} + - scrollkeeper 0.3.11-2 +[28 Aug 2002] DSA-159 python - insecure temporary files + {CAN-2002-1119} + - python2.1 2.1.3-6a + - python2.2 2.2.1-8 + NOTE: python1.5 not in testing nor unstable (was fixed in 1.5.2-24) + NOTE: python2.3 is not vulnerable +[27 Aug 2002] DSA-158 gaim - arbitrary program execution + {CVE-2002-0989} + - gaim 0.59.1-2 +[23 Aug 2002] DSA-157 irssi-text - denial of service + {CAN-2002-0983} + - irssi-text 0.8.5-2 +[22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution + {CVE-2002-0984} + - epic4-script-light 2.7.30p5-2 +[17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror + {CAN-2002-0970} + - kdelibs 4:2.2.2-14 +[15 Aug 2002] DSA-154 fam - privilege escalation + {CVE-2002-0875} + - fam 2.6.8-1 +[14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation + {CAN-2002-1114 CAN-2002-1113 CAN-2002-1112 CAN-2002-1111 CAN-2002-1110} + - mantis 0.17.4a-2 +[13 Aug 2002] DSA-152 l2tpd - missing random seed + {CVE-2002-0872 CVE-2002-0873} + NOTE: not in testing (was fixed in unstable 0.68-1) +[13 Aug 2002] DSA-151 xinetd - pipe exposure + {CVE-2002-0871} + - xinetd 2.3.7-1 +[13 Aug 2002] DSA-150 interchange - illegal file exposition + {CAN-2002-0874} + - interchange 4.8.6-1 +[13 Aug 2002] DSA-149 glibc - integer overflow + {CVE-2002-0391} + - glibc 2.2.5-13 +[12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities + {CVE-2002-1049 CVE-2002-1050 CAN-2001-1034} + - hylafax 4.1.2-2.1 +[08 Aug 2002] DSA-147 mailman - cross-site scripting + {CAN-2002-0388 CAN-2002-0855} + - mailman 2.0.12-1 +[08 Aug 2002] DSA-146 dietlibc - integer overflow + {CVE-2002-0391} + - dietlibc 0.20-0cvs20020808 +[07 Aug 2002] DSA-145 tinyproxy - doubly freed memory + {CVE-2002-0847} + - tinyproxy 1.4.3-3 +[06 Aug 2002] DSA-144 wwwoffle - improper input handling + {CVE-2002-0818} + - wwwoffle 2.7d-1 +[05 Aug 2002] DSA-143 krb5 - integer overflow + {CVE-2002-0391} + - krb5 1.2.5-2 +[05 Aug 2002] DSA-142 openafs - integer overflow + {CVE-2002-0391} + - openafs 1.2.6-1 +[01 Aug 2002] DSA-141 mpack - buffer overflow + {CAN-2002-1425} + - mpack 1.5-9 +[05 Aug 2002] DSA-140 libpng - buffer overflow + {CAN-2002-0660 CAN-2002-0728} + - libpng 1.0.12-4 + - libpng3 1.2.1-2 +[01 Aug 2002] DSA-139 super - format string vulnerability + {CVE-2002-0817} + - super 3.18.0-3 +[01 Aug 2002] DSA-138 gallery - remote exploit + {CAN-2002-1412} + - gallery 1.3-3 +[30 Jul 2002] DSA-137 mm - insecure temporary files + {CVE-2002-0658} + - mm 1.1.3-7 +[30 Jul 2002] DSA-136 openssl - multiple remote exploits + {CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659} + - openssl 0.9.6e-1 diff --git a/data/Makefile b/data/Makefile new file mode 100644 index 0000000000..e8a404e82b --- /dev/null +++ b/data/Makefile @@ -0,0 +1,3 @@ +update: + $(MAKE) -C CVE update + $(MAKE) -C CAN update diff --git a/data/README b/data/README new file mode 100644 index 0000000000..2b983fe5a6 --- /dev/null +++ b/data/README @@ -0,0 +1,42 @@ +The checklist program can be run on a system with madison available to +check vulnerability info from the list files against what packages are in +testing. Also the updatelist is used by the Makefile to update the lists +with new info from Mitre. So the various list files need a common, machine +parsable format. That format is: + +begin claimed by foo + +[date] id description + {id id id} + UPCASE: test + - package version + +end claimed by foo + + +Without writing a format grammar, because this is really rather ad-hoc and +probably will be replaced with something better: + +[date] + The date of the advisory in the form dd Mmm YYYY (01 Nov 2004). + Optional, only given for DSAs at the moment. +id + DSA-nnn-n, CAN-YYY-nnnn, CVE-YYY-nnnn, etc +description + Pretty much freeform description of the problem. Short and optional. + By convention, if it's taken from upstream data source + automatically, it will be in parens. +{id id id} + This is used to link to other ids that describe the same hole. + Generally used to link DSAs to CAN's and CVEs and back. +UPCASE + Any word in upper case, typically NOTE, HELP, TODO. + May be repeated for each entry. +- package version + Indicates that the problem is fixed in the given version of the + package. May repeat for other packages. + +begin claimed by foo +end claimed by foo + Marks a set of items that are being checked by someone. + Used to avoid duplicate work. diff --git a/data/announce b/data/announce new file mode 100644 index 0000000000..e9168207de --- /dev/null +++ b/data/announce @@ -0,0 +1,133 @@ +Subject: forming a security team for testing + +I've been talking to people about the idea of forming a security team for +the testing distribution for several months, and there seems to be enough +interest in improving testing's security to make such a team a reality. +Most of the people in the CC list have indicated interest in the existence +of a testing security team; we're interested in testing's security for +diverse reasons including: use of testing at work, shipping products based +on testing, hoping to base derived Deban distributions on testing rather +than stable, wanting testing to be a viable choice for Debian users, and +so on. + +The team will consist of Debian developers and possibly others. Unless a +member of the Debian security team joins the Debian testing security team, +none of us will have any privileged information about future security +announcements. Anyone with interest and experience with security issues is +welcome to join the team. + +To talk about how I think this team would work on testing's security, I +need to talk about two distinct stages, before the sarge release, and +after. + +Right now we're at a point in the sarge release cycle where most of the +focus of a testing security team needs to be on identifying and fixing +sarge's security problems and getting it ready for release. This means +checking to make sure that security problems that have already been fixed +in unstable and stable do not continue to affect testing, as well as +dealing with new holes. I don't think Debian has really invested much +effort into this in past releases, but if we want sarge to be a secure +release from the beginning, it's important to do it. + +If we do that work now, then after sarge is released, we will only need to +worry about keeping track of new security holes and releasing security +advisories. + +Work before sarge's release: +--------------------------- + +Some work on checking sarge for old security issues has already been done. +With help from some of the people in the CC list, I coordinated a scan of +every DSA since woody's release and we checked all 450 DSAs to see if fixes +for those security holes had reached testing. Suprisingly, we found some +security holes that had not gotten fixed in testing in a year or more, +though those were the exceptions. + +I've continued to do this checking as each new DSA is released, as well as +filing bugs, working with the security team and Release Managers, and doing +a few NMUs to get the fixes in. The current list of unfixed DSAs sarge is: + + joeyh@newraff:~/sarge-checks>./checklist.pl DSA/list + kpdf (unfixed; bug #278173) for DSA-573-1 + gpdf 2.8.0-1 needed, have 2.8.0-0.1 for DSA-573-1 + libpng3 1.2.5.0-9 needed, have 1.2.5.0-8 for DSA-571-1 + kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for DSA-539 + +But checking DSAs is not a complete check of known security issues that +might still be lurking in sarge. To do a really complete scan means looking +through old non-DSA advisories as far back as is reasonable or doable. I +think doing this scan and the following up on it to fix things would be a +good first step for the team, and a way to begin figuring out how the team +will work together. + +Mitre has a fairly comprehensive list of security problems in their list of +CAN numbers[1]. There have been about 1000 CANs allocated this year, some +of them are not released yet, some were covered by the DSAs and I've +checked a few hundred, so there are about 400 left. I think 4 or 5 people +could check these in a reasonable time period, and maybe do 2003 as well. +So if you're interested in checking some of the CANs to see if they are +fixed in sarge, here's what to do: + + - Sign up for an alioth account if you don't have one. + - Send me your userid to be added to the secure-testing project on alioth. + - svn co svn+ssh://svn.debian.org/svn/secure-testing/sarge-checks + - Edit the CAN/list file and claim a range of CANs to check. Note that + CANs that have already been checked as part of the DSA checks are so + marked. Commit the file. + - Go through your claimed CANs and check changelogs, advisories, do + testing, whatever is needed to satisfy yourself whether sarge is + vulnerable or not, and record your findings in the CANs file. + - If it's also not fixed in sid, then be sure to file a RC bug; if it's + fixed in sid but not in sarge, be sure to record it as a critical issue + on the Release Managers' sarge issue tracker here: + http://www.wolffelaar.nl/~sarge/ + Do other followup as appropriate to get the fix into sarge. + +Along with looking for old unfixed holes in sarge and working on getting +them fixed, we should also keep up-to-date with tracking new holes as +they're announced. + +Work after sarge's release: +-------------------------- + +By the time sarge releases, I hope to already have a team that has worked +together on getting sarge secure, and we'll have a testing distribution +with no old security holes in it. This would be a great time to start +regular security updates for testing. I've been considering some acheivable +goals for the testing security team, and come up with this list: + + - Provide timely security updates for testing, with fixes being made + available no more than four days after a DSA is released. + - Work with maintainers to include security fixes from unstable + that do not have DSAs. + - Maintain a public database and statistics about the current state of + security in testing. + +Exactly how we would handle doing security updates for testing will have to +be decided by the team. We will probably want to release gpg signed DTSA +(Debian Testing Security Advisories) to a mailing list and web site. It +seems likely that we could use the testing-proposed-updates queue to build +updates, if it gets set up for all arches and continues to work after the +sarge release. For tracking issues, we may need to come up with our own +system, or we may be able to use the BTS, it if gets the promised version +tracking support added to it. We might want to set up our own security +repository separate from testing, or not. + +I think it's important that the team not rely on others in Debian to do the +work for infrastructure we need; if it's available then great, but if not +we should be prepared to work around it ourselves. + +While it's again up to the eventual team to decide for sure, I suggest that +we build security updates against the packages in testing. I also suggest +that unlike security updates to package in stable, we should most often not +backport fixes to the versions of packages in testing. More often we will +simply take the fixed package from unstable, recompile it if necessary, and +qualify it for the testing distribution. This may involve upgrading to new +upstream releases, and so there's a chance our updates will introduce new +bugs. Still, that's not as bad as unfixed security holes, and for a small +team with limited manpower, this is a useful shortcut. We can make sure +that our users realise that using our security updates can expose them to +upgrade bugs. + +[1] http://cve.mitre.org/cve/candidates/downloads/full-can.html + diff --git a/data/checklist b/data/checklist new file mode 100755 index 0000000000..acd262ca37 --- /dev/null +++ b/data/checklist @@ -0,0 +1,201 @@ +#!/usr/bin/perl +# Must run on a machine with madison. +# +# To check for un-updated binary kernel packages, also needs grep-dctrl +# and a Sources file for the distribution. Set the location of the Sources +# file in SOURCES_FILE in the environment. +# +use URI::Escape; + +my $html=0; +if ($ARGV[0] eq 'html') { + shift; + $html=1; +} + +if (! @ARGV) { + die "usage: $0 [html] list\n"; +} + + +my %data; +my %needkernel=qw/2.4.27 0 2.6.8 0/; +my $list_unknown=1; #set to 1 to display kernel images with unknown source version +my $sources=$ENV{SOURCES_FILE}; +my $need_rebuild=0; + +my $unprop = my $unprop_all = my $unfixed = my $todos = 0; + +sub record { + my ($package, $condition, $item)=@_; + + if ($html) { + $condition=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g; + $condition=~s{unfixed}{<b>unfixed</b>}g; + $item=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g; + } + + push @{$data{$package}{$condition}}, $item; +} + +foreach my $list (@ARGV) { + if (-d $list) { + $list="$list/list"; + } + + open (IN, $list) || die "open $list: $!"; + while (<IN>) { + chomp; + if (/^\[/) { + ($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /; + } + elsif (/^((?:DSA|CAN|CVE)-[^\s]+)/) { + $id=$1; + } + elsif (/^\s+[!-]\s+(\S+)\s+(.*?)\s*$/) { + my $package=$1; + my $version=$2; + + if ($package=~/kernel-source-([0-9.]+)/) { + my $kernversion=$1; + if (exists $needkernel{$kernversion} && + $version!~/\(/ ) { + $needkernel{$kernversion}=$version if !system("dpkg --compare-versions $needkernel{$kernversion} lt $version"); + } + } + + my @maddy; + for (1..5) { + @maddy=`madison -s testing '$package'`; + if ($? & 127 || ($? >> 8 != 0 && $? >> 8 != 1)) { + # good old unrelaible newraff, + # home of our archive.. + next; + } + last; + } + if ($? & 127) { + record($package, "<em>[madison segfaulted 5 times in a row.. Medic!]</em>", $id); + } + elsif ($? >> 8 != 0 && $? >> 8 != 1) { + record($package, "<em>[madison exited with ".($? >> 8)."]</em>", $id); + } + if (! @maddy) { + next; + } + + if ($version=~/unfixed/ || $version=~/pending/) { + record($package, $version, $id); + $unfixed++; + } + else { + foreach my $maddy (@maddy) { + my @fields = split(/\s*\|\s*/, $maddy); + my $havver=$fields[1]; + my $arches=$fields[3]; + $version=~s/\s+//; # strip whitespace + $arches=~s/\s+$//; + my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'"); + if ($cmp != 0) { + if ($html) { + $havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.uri_escape($package).'">'.$havver.'</a>'; + } + record($package, "$version needed, have $havver".(@maddy > 1 ? " [$arches]" : ""), $id); + $unprop++; + $unprop_all++ unless @maddy > 1; + } + } + } + } + elsif (/\s+TODO/) { + $todos++; + } + } +} + + +if ($html) { + print "<html><title>testing security issues</title>\n"; + print "<ul>\n"; +} + +foreach my $package (sort keys %data) { + foreach my $condition (sort keys %{$data{$package}}) { + print "<li>" if $html; + print "$package $condition for "; + my $items=0; + foreach my $item (sort @{$data{$package}{$condition}}) { + print ", " if $items > 0; + print $item; + $items++; + } + print "\n"; + } +} + +foreach my $version (sort keys %needkernel) { + my %images; + + if ($needkern{$version} eq "0") { + next; + } + + my @dctrl; + if (defined $sources && length $sources) { + my $cat=($sources=~/\.gz/) ? "zcat" : "cat"; + @dctrl=`$cat $sources | grep-dctrl -F Binary kernel-image-$version -s Package,Build-Depends -`; + } + + my $package=""; + my $haveversion; + + foreach my $line (@dctrl) { + chomp; + if ($line=~/Package:\s*(\S+)/) { + $package=$1; + $haveversion="0"; + } elsif ($line=~/Build-Depends/) { + if ($line=~/kernel-tree-$version-([^,\s]+)/) { + $haveversion="$version-$1"; + } elsif ($line=~/kernel-source-$version\s+\(>?=\s*([^\s\)]+)\)/) { + $haveversion="$1"; + } + } else { + if ($package=~/linux-kernel-di/ || $package eq "") { + next; + } + $images{$package}=$haveversion; + $package=""; + } + } + + foreach $package (sort keys %images) { + if ($images{$package} eq "0") { + print "<li>" if ($html && $list_unknown); + print "$package built from kernel-source-$version $needkernel{$version} needed, current version unknown\n" if $list_unknown; + } elsif (!system("dpkg --compare-versions $needkernel{$version} gt $images{$package}")) { + print "<li>" if $html; + print "$package built from kernel-source-$version $needkernel{$version} needed, have $images{$package}\n"; + $need_rebuild++; + } + } + + +} + + +if ($html) { + print "</ul>\n"; + print "<hr>\n"; + print "Total holes unfixed: $unfixed<br>\n"; + print "Total holes fixed in unstable but not testing: $unprop_all"; + if ($unprop_all != $unprop) { + print " (+".($unprop - $unprop_all)." on some arches)"; + } + print "<br>\n"; + print "Total number of kernel image packages not up to date: $need_rebuild<br>\n"; + print "Number of TODO lines in <a href=\"http://svn.debian.org/wsvn/secure-testing/data/?rev=0&sc=0\">records</a>: $todos<br>\n"; + print "Maintained by the <a href=\"http://secure-testing.alioth.debian.org/\">testing security team</a><br>\n"; + print "Last update: ".`date`."<br>\n"; + print "</html>\n"; +} diff --git a/data/elf-vuln b/data/elf-vuln new file mode 100644 index 0000000000..33a5760961 --- /dev/null +++ b/data/elf-vuln @@ -0,0 +1,35 @@ +binutils (fixed) +elfutils (not in debian) +gdb (fixed) +ht (fixed) +prelink (not affected, as not using elfutils library) +elfsign +rpm (not affected, only newer than in debian contains elfutils) +acl2 (affected according to maintainer, full exploit potential unclear, rebuilds complicated) +alleyoop (moritz checking) +axiom (affected according to maintainer, full exploit potential unclear, rebuilds complicated) +crash (micah is talking with upstream) +fenris (not in sarge, moritz checking) +gccchecker +gcl (affected according to maintainer, full exploit potential unclear, rebuilds complicated) +gclcvs (affected according to maintainer, full exploit potential unclear, rebuilds complicated) +ggcov +insight +kdebindings +kdesdk +kmd (fixed) +ksymoops +lcrash (fixed) +ltrace (not vuln) +lush +maxima +memprof +mol +mpatrol +nitpic +nmap +oprofile +oprofile-source +kernel-patch-kdb +chpax (not vuln) +paxctl (not vuln) diff --git a/data/resources b/data/resources new file mode 100644 index 0000000000..8023f49d7b --- /dev/null +++ b/data/resources @@ -0,0 +1,9 @@ +Full CAN and CVE lists: +http://cve.mitre.org/cve/candidates/downloads/full-can.html +http://cve.mitre.org/cve/downloads/full-cve.html + +CANs that do not affect sarge (maintained by regular security team): +http://www.debian.org/security/nonvulns-sarge + +Ultra Monkey kernel security database: +http://www.ultramonkey.org/bugs/cve/ diff --git a/data/testing-security b/data/testing-security new file mode 100644 index 0000000000..aa718f5b49 --- /dev/null +++ b/data/testing-security @@ -0,0 +1,93 @@ +Providing security updates for Debian's "testing" distribution. + + +Goals + +The initial goals of the Debian testing security team will be to: + + - Provide timely security updates for testing, with fixes being made + available no more than four days after a DSA is released. + - Work with maintainers to include security fixes from unstable + that do not have DSAs. + - Maintain a public database and statistics about the current state of + security in testing. + + +Existing infrastructure + +The main infrastructure we have that could be useful in preparing testing +secrity updates is the testing-proposed-updates queue. Thanks to the recent +work on the sarge release, t-p-u is functional for all (or almost all) +arches. + +There is also all the work of the security team, with DSAs, relationships +with upstream security sources, etc. + +There is the Debian BTS, which contains some but not all details about +security holes in Debian. Some security holes are not made public until a +DSA is released, and some are silently fixed in a new upstream release +uploaded to unstable. The BTS has some isues with keeping track of which +bugs apply to testing, though its developers have been working on solving +this problem for a while. + +We plan to take advantage of as much of the existing infrastructure as we +can, but we recognise that using some of it would require work from others +(ftp admins, security team, BTS admins), that we cannot require be done. We +plan to be able to function without needing these project resources, though +they could probably make the job easier. + + +Proposed infrastructure and processes + + + +This is how things will work for the first phase of the team's activity. +Once the team is proven to work and there is demand, things can be better +integrated back into Debian. We hope that eventually our updates will be +available on security.debian.org the same as stable security updates. + +There will be an apt repository for testing security updates, similar to +security.debian.org. Uploads to this repository will be made only by +members of the testing security team, will be GPG signed in the usual way, +and will be accomponied a DTSA (Debian Testing Security Advisory), posted +to our web site, and to a mailing list. + +In the very early stages, this will only include security updates for the +i386 architecture. Security updates for other architectures will be added +after we work out an autobuilder system (hopefully by using Debian's +existing t-p-u autobuilders). + +There will be an issue tracking system, which will be integrated with the +Debian BTS, so we can flag bugs as security issues for testing, and keep +track of when they are fixed in unstable, and in testing. + +All security updates will be built against the packages in testing, and +will be versioned to be an upgrade from the version of the package in +testing, and also as an upgrade from any unfixed version in unstable. Once +the security hole is fixed in unstable and reaches testing using normal +channels, the package can be removed from secure-testing.debian.net. + +Unlike security updates to package in stable, we will most often not +backport fixes to the versions of packages in testing. More often we will +simply take the fixed package from unstable, recompile it if necessary, and +qualify it for the testing distribution. This may involve upgrading to new +upstream releases, and so there's a chance our updates will introduce new +bugs. We feel this is not as bad as unfixed security holes, and as a small +team with limited manpower, this is a useful shortcut. We will make sure +that out users realise that using our security updates can expose them to +upgrade bugs. + + +Team organisation + +The team will consist entirely of Debian developers. Unless a member of the +Debian security team joins the Debian testing security team, none of us +will have any privileged information about future security announcements. +So we will not be able to fix problems instantaneously, but we hope to get +all issues fixed within four days of the DSA, and most issues fixed +somewhat faster. Any Debian developer who has experience with security +issues is welcome to join the team. + +The current team members: + Joey Hess + <er, someone else please add your name here> diff --git a/data/updatelist b/data/updatelist new file mode 100755 index 0000000000..c7603017b8 --- /dev/null +++ b/data/updatelist @@ -0,0 +1,142 @@ +#!/usr/bin/perl +my $full_can_html=shift; +my $dsa_list=shift; +my $our_list=shift; + +my %cans; + +open (DSA, "<$dsa_list") || die "$dsa_list: $!\n"; +my $dsa; +while (<DSA>) { + if (/^\[/) { + ($dsa)=m/(DSA-.*?) /; + } + if (/\{(CAN|CVE)/) { + my ($canlist)=m/\{(.*)\}/; + foreach my $can (split ' ', $canlist) { + $can=~s/CVE-/CAN-/g; + next unless $can=~/^CAN-\d+/; + $cans{$can}{can}=$can; + push @{$cans{$can}{dsa}}, $dsa; + $can=~s/CAN-/CVE-/g; + $cans{$can}{can}=$can; + push @{$cans{$can}{dsa}}, $dsa; + } + } +} +close DSA; + +my %listedcans; + +open (FULL_CAN, "<$full_can_html") || die "$full_can_html: $!\n"; +my $can; +while (<FULL_CAN>) { + if (m!<b>(CAN-\d+-\d+)</b>!) { + $can=$1; + $cans{$can}{can}=$can; + $listedcans{$can}=1; + } + elsif (m!<b>(CVE-\d+-\d+)</b>!) { + $can=$1; + $cans{$can}{can}=$can; + $listedcans{$can}=1; + } + if (m!\*\*\s+RESERVED\s+\*\*!) { + $cans{$can}{reserved}=1; + + } + if (m!\*\*\s+REJECT\s+\*\*!) { + $cans{$can}{rejected}=1; + } + if (m!Description:\s*</b><br>\s*(.*)! && + ! m!\*\*\s+RESERVED\s+\*\*! && ! m!\*\*\s+REJECT\s+\*\*!) { + $cans{$can}{description}="($1 ...)"; + } +} +close FULL_CAN; + +my $stopped=0; +my @out; + +sub docan { + my $can=shift; + + push @out, "$can".(length $cans{$can}{description} ? " ".$cans{$can}{description} : "")."\n"; + if ($cans{$can}{reserved}) { + push @out, "\tNOTE: reserved\n"; + } + if ($cans{$can}{rejected}) { + push @out, "\tNOTE: rejected\n"; + } + if ($cans{$can}{dsa}) { + push @out, "\t{".join(" ", @{$cans{$can}{dsa}})."}\n"; + } + if ($cans{$can}{notes}) { + foreach (@{$cans{$can}{notes}}) { + push @out, "\t$_\n"; + } + } + if (! $cans{$can}{reserved} && ! $cans{$can}{rejected} && + ! $cans{$can}{dsa} && ! $cans{$can}{notes} && + ! $stopped) { + push @out, "\tTODO: check\n"; + } + + delete $cans{$can}; +} + +open (IN, "<$our_list") || die "$our_list: $!\n"; +my $can; +while (<IN>) { + chomp; + if (/^((?:CAN|CVE)-(?:[0-9]+|[A-Z]+)-(?:[0-9]+|[A-Z]+))\s*(.*)/) { + my $desc=$2; + docan($can) if $can; + $can=$1; + $cans{$can}{description}=$desc if length $desc && $desc !~ /^\(.*\)$/; + } + elsif (/^\s+NOTE:\s*(reserved|rejected)\s*$/) { + # skip it + } + elsif (/^\s+NOTE: covered by DSA.*/) { + # skip it (old form) + } + elsif (/^\s+{DSA.*/) { + # skip + } + elsif (/^\s+(.*)/ && $can) { + push @{$cans{$can}{notes}}, $1; + } + elsif (/^STOP/) { + docan($can) if $can; + push @out, "$_\n"; + $stopped=1; + $can=''; + } + else { + docan($can) if $can; + push @out, "$_\n" if length $_; + $can=''; + } +} +close IN; +docan($can) if $can; + +foreach my $can (reverse sort { $cans{$a}{can} cmp $cans{$b}{can} } keys %cans) { + next unless $listedcans{$can}; + print $can.(length $cans{$can}{description} ? " ".$cans{$can}{description} : "")."\n"; + if ($cans{$can}{reserved}) { + print "\tNOTE: reserved\n"; + } + if ($cans{$can}{rejected}) { + print "\tNOTE: rejected\n"; + } + if ($cans{$can}{dsa}) { + print "\t{".join(" ", @{$cans{$can}{dsa}})."}\n"; + } + if (!$cans{$can}{reserved} || $cans{$can}{rejected} || $cans{$can}{dsa}) { + print "\tTODO: check\n"; + } +} + +print @out; |