diff options
author | Alec Berryman <alec@thened.net> | 2006-05-22 20:52:03 +0000 |
---|---|---|
committer | Alec Berryman <alec@thened.net> | 2006-05-22 20:52:03 +0000 |
commit | e1c2e1e36b4f99b14ddb64a82d003a3be2fe5538 (patch) | |
tree | 06087e15ba54e293d379f59a061d6aed5ef1ef22 /data | |
parent | 6b57371d4b01374b4326232286887e67b0c9c43e (diff) |
NOT-FOR-US
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4050 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/1999.list | 60 | ||||
-rw-r--r-- | data/CVE/2000.list | 30 | ||||
-rw-r--r-- | data/CVE/2001.list | 104 | ||||
-rw-r--r-- | data/CVE/2002.list | 6 |
4 files changed, 100 insertions, 100 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 3828c549e9..c66f500c71 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -257,7 +257,7 @@ CVE-1999-1181 (Vulnerability in On-Line Customer Registration software for IRIX CVE-1999-1177 (Directory traversal vulnerability in nph-publish before 1.2 allows ...) TODO: check CVE-1999-1175 (Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1167 (Cross-site scripting vulnerability in Third Voice Web annotation ...) TODO: check CVE-1999-1163 (Vulnerability in HP Series 800 S/X/V Class servers allows remote ...) @@ -335,7 +335,7 @@ CVE-1999-1103 (dxconsole in DEC OSF/1 3.2C and earlier allows local users to rea CVE-1999-1102 (lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating ...) TODO: check CVE-1999-1100 (Cisco PIX Private Link 4.1.6 and earlier does not properly process ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive information via ...) TODO: check CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...) @@ -399,13 +399,13 @@ CVE-1999-1005 (Groupwise web server GWWEB.EXE allows remote attackers to read .. CVE-1999-1004 (Buffer overflow in the POP server POProxy for the Norton Anti-Virus ...) TODO: check CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a null ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...) NOT-FOR-US: Microsoft CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...) {DSA-377} - wu-ftpd 2.6.2-15 @@ -584,7 +584,7 @@ CVE-1999-0891 (The "download behavior" in Internet Explorer 5 allows r CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...) TODO: check CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0888 (dbsnmp in Oracle Intelligent Agent allows local users to gain ...) TODO: check CVE-1999-0887 (FTGate web interface server allows remote attackers to read files via ...) @@ -748,7 +748,7 @@ CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...) TODO: check CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...) TODO: check CVE-1999-0773 (Buffer overflow in Solaris lpset program allows local users to gain ...) @@ -812,7 +812,7 @@ CVE-1999-0740 (Remote attackers can cause a denial of service on Linux in.telnet CVE-1999-0735 (KDE K-Mail allows local users to gain privileges via a symlink attack ...) TODO: check CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...) TODO: check CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package allows local ...) @@ -1007,7 +1007,7 @@ CVE-1999-0447 (Local users can gain privileges using the debug utility in the MP CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...) TODO: check CVE-1999-0445 (In Cisco routers under some versions of IOS 12.0 running NAT, some ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0442 (Solaris ff.core allows local users to modify files. ...) TODO: check CVE-1999-0441 (Remote attackers can perform a denial of service in WinGate machines ...) @@ -1027,7 +1027,7 @@ CVE-1999-0433 (XFree86 startx command is vulnerable to a symlink attack, allowin CVE-1999-0432 (ftp on HP-UX 11.00 allows local users to gain privileges. ...) TODO: check CVE-1999-0430 (Cisco Catalyst LAN switches running Catalyst 5000 supervisor software ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0429 (The Lotus Notes 4.5 client may send a copy of encrypted mail in the ...) TODO: check CVE-1999-0428 (OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and ...) @@ -1047,9 +1047,9 @@ CVE-1999-0420 (umapfs allows local users to gain root privileges by changing the CVE-1999-0417 (64 bit Solaris 7 procfs allows local users to perform a denial of ...) TODO: check CVE-1999-0416 (Vulnerability in Cisco 7xx series routers allows a remote attacker to ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0415 (The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP ...) TODO: check CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...) @@ -1235,7 +1235,7 @@ CVE-1999-0295 (Solaris sysdef command allows local users to read kernel memory, CVE-1999-0294 (All records in a WINS database can be deleted through SNMP for ...) TODO: check CVE-1999-0293 (AAA authentication on Cisco systems allows attackers to execute ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0292 (Denial of service through Winpopup using large user names. ...) TODO: check CVE-1999-0291 (The WinGate proxy is installed without a password, which allows ...) @@ -1313,7 +1313,7 @@ CVE-1999-0234 (Bash treats any character with a value of 255 as a command separa CVE-1999-0233 (IIS allows users to execute arbitrary commands using .bat or .cmd ...) TODO: check CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...) TODO: check CVE-1999-0227 (Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT ...) @@ -1411,17 +1411,17 @@ CVE-1999-0166 (NFS allows users to use a "cd .." command to access oth CVE-1999-0164 (A race condition in the Solaris ps command allows an attacker to ...) TODO: check CVE-1999-0162 (The "established" keyword in some Cisco IOS software allowed ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0161 (In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0160 (Some classic Cisco IOS devices have a vulnerability in the PPP CHAP ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0159 (Attackers can crash a Cisco IOS router or device, provided they can ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0158 (Cisco PIX firewall manager (PFM) on Windows NT allows attackers to ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0157 (Cisco PIX firewall and CBAC IP fragmentation attack results in a ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0155 (The ghostscript command with the -dSAFER option allows remote ...) TODO: check CVE-1999-0153 (Windows 95/NT out of band (OOB) data denial of service through NETBIOS ...) @@ -1567,7 +1567,7 @@ CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allow CVE-1999-0064 (Buffer overflow in AIX lquerylv program gives root access to local users. ...) TODO: check CVE-1999-0063 (Cisco IOS 12.0 and other versions can be crashed by malicious UDP ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0062 (The chpass command in OpenBSD allows a local user to gain root access ...) TODO: check CVE-1999-0060 (Attackers can cause a denial of service in Ascend MAX and Pipeline ...) @@ -1848,11 +1848,11 @@ CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...) TODO: check CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...) TODO: check CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...) @@ -2070,7 +2070,7 @@ CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...) TODO: check CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...) TODO: check CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...) @@ -2208,7 +2208,7 @@ CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...) TODO: check CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...) TODO: check CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...) @@ -2298,11 +2298,11 @@ CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...) TODO: check CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) NOT-FOR-US: Microsoft CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) TODO: check CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...) @@ -2406,7 +2406,7 @@ CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) NOT-FOR-US: Microsoft CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) TODO: check CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...) @@ -2524,7 +2524,7 @@ CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...) TODO: check CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...) - TODO: check + NOT-FOR-US: Cisco CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...) TODO: check CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...) diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 8e5e4a2d67..d7e55b19b5 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -207,11 +207,11 @@ CVE-2000-1058 (Buffer overflow in OverView5 CGI program in HP OpenView Network N CVE-2000-1057 (Vulnerabilities in database configuration scripts in HP OpenView ...) TODO: check CVE-2000-1056 (CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-1055 (Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-1054 (Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-1051 (Directory traversal vulnerability in Allaire JRun 2.3 server allows ...) TODO: check CVE-2000-1050 (Allaire JRun 3.0 http servlet server allows remote attackers to ...) @@ -243,13 +243,13 @@ CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4. CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain ...) TODO: check CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allows remote attackers to ...) TODO: check CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the ...) TODO: check CVE-2000-1022 (The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-1019 (Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows ...) TODO: check CVE-2000-1018 (shred 1.0 file wiping utility does not properly open a file for ...) @@ -297,7 +297,7 @@ CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a d CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service ...) TODO: check CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...) NOT-FOR-US: Microsoft CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a ...) @@ -689,7 +689,7 @@ CVE-2000-0703 (suidperl (aka sperl) does not properly cleanse the escape sequenc CVE-2000-0702 (The net.init rc script in HP-UX 11.00 (S008net.init) allows local ...) TODO: check CVE-2000-0700 (Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0699 (Format string vulnerability in ftpd in HP-UX 10.20 allows remote ...) TODO: check CVE-2000-0698 (Minicom 1.82.1 and earlier on some Linux systems allows local users to ...) @@ -805,7 +805,7 @@ CVE-2000-0616 (Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain CVE-2000-0615 (LPRng 3.6.x improperly installs lpd as setuid root, which can allow ...) TODO: check CVE-2000-0613 (Cisco Secure PIX Firewall does not properly identify forged TCP Reset ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0611 (The default configuration of NetWin dMailWeb and cwMail trusts all POP ...) TODO: check CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...) @@ -989,7 +989,7 @@ CVE-2000-0489 (FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attackers to ...) TODO: check CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords ...) NOT-FOR-US: Microsoft CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...) @@ -1157,7 +1157,7 @@ CVE-2000-0382 (ColdFusion ClusterCATS appends stale query string arguments to a CVE-2000-0381 (The Gossamer Threads DBMan db.cgi CGI script allows remote attackers ...) TODO: check CVE-2000-0380 (The IOS HTTP service in Cisco routers and switches running IOS 11.1 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0379 (The Netopia R9100 router does not prevent authenticated users from ...) TODO: check CVE-2000-0378 (The pam_console PAM module in Linux systems performs a chown on ...) @@ -1181,7 +1181,7 @@ CVE-2000-0370 (The debug option in Caldera Linux smail allows remote attackers t CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads for ...) TODO: check CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to ...) TODO: check CVE-2000-0366 (dump in Debian Linux 2.1 does not properly restore symlinks, which ...) @@ -1327,9 +1327,9 @@ CVE-2000-0273 (PCAnywhere allows remote attackers to cause a denial of service b CVE-2000-0272 (RealNetworks RealServer allows remote attackers to cause a denial of ...) TODO: check CVE-2000-0268 (Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0267 (Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0265 (Panda Security 3.0 allows users to uninstall the Panda software via ...) TODO: check CVE-2000-0264 (Panda Security 3.0 with registry editing disabled allows users to edit ...) @@ -1885,7 +1885,7 @@ CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...) TODO: check CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...) TODO: check CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...) @@ -2221,7 +2221,7 @@ CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently ran CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...) TODO: check CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...) - TODO: check + NOT-FOR-US: Cisco CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...) TODO: check CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...) diff --git a/data/CVE/2001.list b/data/CVE/2001.list index f566037b1e..545be25784 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -478,7 +478,7 @@ CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of se CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call ...) TODO: check CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1180 (FreeBSD 4.3 does not properly clear shared signal handlers when ...) TODO: check CVE-2001-1177 (ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local ...) @@ -544,7 +544,7 @@ CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange ...) NOT-FOR-US: Norton CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...) TODO: check CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execute ...) @@ -572,7 +572,7 @@ CVE-2001-1074 (Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZ CVE-2001-1072 (Apache with mod_rewrite enabled on most UNIX systems allows remote ...) TODO: check CVE-2001-1071 (Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1069 (libCoolType library as used in Adobe Acrobat (acroread) on Linux ...) TODO: check CVE-2001-1067 (Buffer overflow in AOLserver 3.0 allows remote attackers to cause a ...) @@ -602,9 +602,9 @@ CVE-2001-1046 (Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 CVE-2001-1043 (ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary ...) TODO: check CVE-2001-1038 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1037 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1036 (GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local ...) TODO: check CVE-2001-1035 (Binary decoding feature of slrn 0.9 and earlier allows remote ...) @@ -682,7 +682,7 @@ CVE-2001-0939 (Lotus Domino 5.08 and earlier allows remote attackers to cause a CVE-2001-0936 (Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with ...) TODO: check CVE-2001-0929 (Cisco IOS Firewall Feature set, aka Context Based Access Control ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0921 (Netscape 4.79 and earlier for MacOS allows an attacker with access to ...) TODO: check CVE-2001-0920 (Format string vulnerability in auto nice daemon (AND) 1.0.4 and ...) @@ -714,7 +714,7 @@ CVE-2001-0899 (Network Tools 0.2 for PHP-Nuke allows remote attackers to execute CVE-2001-0896 (Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of ...) TODO: check CVE-2001-0895 (Multiple Cisco networking products allow remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0894 (Vulnerability in Postfix SMTP server before 20010228-pl07, when ...) TODO: check CVE-2001-0891 (Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 ...) @@ -746,19 +746,19 @@ CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly CVE-2001-0869 (Format string vulnerability in the default logging callback function ...) TODO: check CVE-2001-0867 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0866 (Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0865 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0864 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0863 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...) NOT-FOR-US: Microsoft CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets ...) @@ -838,23 +838,23 @@ CVE-2001-0763 (Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may al CVE-2001-0760 (Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path ...) TODO: check CVE-2001-0757 (Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0754 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0752 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to ...) TODO: check CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0745 (Netscape 4.7x allows remote attackers to obtain sensitive information ...) TODO: check CVE-2001-0741 (Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0740 (3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router ...) TODO: check CVE-2001-0739 (Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows ...) @@ -950,7 +950,7 @@ CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local use CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to ...) TODO: check CVE-2001-0650 (Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0648 (Directory traversal vulnerability in PHProjekt 2.1 and earlier allows ...) TODO: check CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker ...) @@ -980,9 +980,9 @@ CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote ... CVE-2001-0625 (ftpdownload in Computer Associates InoculateIT 6.0 allows a local ...) TODO: check CVE-2001-0622 (The web management service on Cisco Content Service series 11000 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0621 (The FTP server on Cisco Content Service 11000 series switches (CSS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0616 (Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a ...) TODO: check CVE-2001-0615 (Directory traversal vulnerability in Faust Informatics Freestyle Chat ...) @@ -1056,7 +1056,7 @@ CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 al CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and ...) NOT-FOR-US: Microsoft CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows ...) TODO: check CVE-2001-0530 (Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker ...) @@ -1142,11 +1142,11 @@ CVE-2001-0457 (man2html before 1.5-22 allows remote attackers to cause a denial CVE-2001-0456 (postinst installation script for Proftpd in Debian 2.2 does not ...) TODO: check CVE-2001-0455 (Cisco Aironet 340 Series wireless bridge before 8.55 does not properly ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0449 (Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary ...) TODO: check CVE-2001-0444 (Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0442 (Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and ...) TODO: check CVE-2001-0440 (Buffer overflow in logging functions of licq before 1.0.3 allows ...) @@ -1158,11 +1158,11 @@ CVE-2001-0434 (The LogDataListToFile ActiveX function used in (1) Knowledge Cent CVE-2001-0430 (Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates ...) TODO: check CVE-2001-0429 (Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0428 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0427 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0423 (Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute ...) TODO: check CVE-2001-0422 (Buffer overflow in Xsun in Solaris 8 and earlier allows local users to ...) @@ -1174,7 +1174,7 @@ CVE-2001-0414 (Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd CVE-2001-0413 (BinTec X4000 Access router, and possibly other versions, allows remote ...) TODO: check CVE-2001-0412 (Cisco Content Services (CSS) switch products 11800 and earlier, aka ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0409 (vim (aka gvim) allows local users to modify files being edited by ...) TODO: check CVE-2001-0408 (vim (aka gvim) processes VIM control codes that are embedded in a ...) @@ -1202,7 +1202,7 @@ CVE-2001-0378 (readline prior to 4.1, in OpenBSD 2.8 and earlier, creates histor CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to create a ...) TODO: check CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and ...) NOT-FOR-US: Microsoft CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and ...) @@ -1282,7 +1282,7 @@ CVE-2001-0290 (Vulnerability in Mailman 2.0.1 and earlier allows list administra CVE-2001-0289 (Joe text editor 2.8 searches the current working directory (CWD) for ...) TODO: check CVE-2001-0288 (Cisco switches and routers running IOS 12.1 and earlier produce ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0287 (VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to ...) TODO: check CVE-2001-0284 (Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and ...) @@ -1506,7 +1506,7 @@ CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4 CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set ...) TODO: check CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0078 (in.mond in Sun Cluster 2.x allows local users to read arbitrary files ...) TODO: check CVE-2001-0077 (The clustmon service in Sun Cluster 2.x does not require ...) @@ -1530,13 +1530,13 @@ CVE-2001-0060 (Format string vulnerability in stunnel 3.8 and earlier allows ... CVE-2001-0059 (patchadd in Solaris allows local users to overwrite arbitrary files ...) TODO: check CVE-2001-0058 (The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0057 (Cisco 600 routers running CBOS 2.4.1 and earlier allow remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0056 (The Cisco Web Management interface in routers running CBOS 2.4.1 and ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0055 (CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0054 (Directory traversal vulnerability in FTP Serv-U before 2.5i allows ...) TODO: check CVE-2001-0053 (One-byte buffer overflow in replydirname function in BSD-based ftpd ...) @@ -1548,7 +1548,7 @@ CVE-2001-0043 (phpGroupWare before 0.9.7 allows remote attackers to execute arbi CVE-2001-0042 (PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read ...) TODO: check CVE-2001-0041 (Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0040 (APC UPS daemon, apcupsd, saves its process ID in a world-writable ...) TODO: check CVE-2001-0039 (IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of ...) @@ -1568,7 +1568,7 @@ CVE-2001-0026 (rp-pppoe PPPoE client allows remote attackers to cause a denial o CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to execute ...) TODO: check CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced ...) NOT-FOR-US: Microsoft CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers ...) @@ -1906,7 +1906,7 @@ CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...) TODO: check CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...) TODO: check CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...) @@ -2042,7 +2042,7 @@ CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...) TODO: check CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...) TODO: check CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...) @@ -2050,7 +2050,7 @@ CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...) TODO: check CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...) TODO: check CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...) @@ -2080,9 +2080,9 @@ CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial o CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...) TODO: check CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...) TODO: check CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...) @@ -2400,7 +2400,7 @@ CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...) TODO: check CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) TODO: check CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) @@ -2439,7 +2439,7 @@ CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ... CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...) TODO: check CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...) TODO: check CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...) @@ -2475,7 +2475,7 @@ CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) NOT-FOR-US: Microsoft CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) NOT-FOR-US: Microsoft CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) @@ -2627,7 +2627,7 @@ CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...) TODO: check CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...) TODO: check CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...) @@ -3035,11 +3035,11 @@ CVE-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) se CVE-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...) TODO: check CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...) TODO: check CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...) TODO: check CVE-2001-0159 @@ -3155,4 +3155,4 @@ CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attac CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...) TODO: check CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...) - TODO: check + NOT-FOR-US: Cisco diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 5ca4dc8b5f..85eaf0e255 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -3692,9 +3692,9 @@ CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows r CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...) TODO: check CVE-2002-0160 (The administration function in Cisco Secure Access Control Server ...) - TODO: check + NOT-FOR-US: Cisco CVE-2002-0159 (Format string vulnerability in the administration function in Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...) TODO: check CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...) @@ -4455,7 +4455,7 @@ CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) TODO: check CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) NOT-FOR-US: Microsoft CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) |